Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for ECC keys #22

Open
Tsuribori opened this issue Mar 28, 2021 · 2 comments
Open

Support for ECC keys #22

Tsuribori opened this issue Mar 28, 2021 · 2 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@Tsuribori
Copy link

It would be great if ECC keys would also be supported instead of just RSA.
@jerson
Copy link
Owner

jerson commented Mar 29, 2021

Hi @Tsuribori thanks for report the issue, im not an expert with ECC but im gonna research about that, main repo is a go project
https://github.com/jerson/openpgp-mobile
right now im working migrating from protobuf to flatbuffers, after that binaries will be like 3mb less , but if you have some info about that would be great

@jerson jerson added the enhancement New feature or request label May 20, 2021
@jerson jerson added the help wanted Extra attention is needed label Sep 22, 2021
@tallinn1960
Copy link

tallinn1960 commented Aug 2, 2022
edited
Loading

One would be able to implement that in plain dart using pointycastle without the need to go that deep into an understanding how ECC works, however, the architecture of your package is quite different. As you seem to do all cryptography in go mileage may vary: is there a potent crypto library like there is for java (bouncycastle) or dart (pointycastle) or C (openssl)?

Basically ECC encryption support for pgp requires the implementation of two algorithms which are in pointycastle already: ECDH Basic Key Agreement and ConcatKDF key generation function. The Basic Key Agreement provides a shared secret computable by any intended receiver using his private key and the senders public key and ConcatKDF derives a message dependent symmetric encryption key from that shared secret (so the message is encrypted with an individual key) which as well can be computed by the receiver of the message.

ECC signature support requires the implementation of ECDSA which is as well in pointycastle.

ECC cryptography has the advantage to provide equivalent security to RSA but with considerably smaller keysizes and thus computes considerably faster (e.g. a 256-Bit ECC key provides the same security as 3096-Bit RSA). That is why crypto smartcards nowadays do not use RSA anymore (or deprecate its use in favor of ECC). Their processors are slow so they need every advantage they may get.

Note that when dealing with e-mail, the time-consuming step (given that every operation is run by the same CPU) is the symmetric encryption or decryption or hashing of the message parts. This is where performance really matters on Smartphones and PCs. Compared to that the asymmetric operations do not matter. So there is really no need to implement asymmetric operations in anything faster than Dart.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jerson @tallinn1960 @Tsuribori