def encrypt_with_ecc(public_ecc_key, message, nonce=None):
"""Takes elliptic curve isntance (public_ecc_key) and a byte string
(message), and outputs a ciphertext
"""
assert isinstance(public_ecc_key, ECC.EccKey),\
"public_ecc_key should be ECC key. Got {}".format(type(public_ecc_key))
random_ecc_key = ECC.generate(curve=public_ecc_key.curve)
new_point = public_ecc_key.pointQ * random_ecc_key.d
h = SHA256.new(str(new_point.x))
h.update('XXX' + str(new_point.y)) # 'XXX' is a delimiter
key = h.digest()
if not nonce:
nonce = os.urandom(16)
aes_engine = AES.new(key=key, mode=AES.MODE_EAX, nonce=nonce)
ctx, tag = aes_engine.encrypt_and_digest(message)
# Return: <ephemeral_pub_key>, <nonce>, <ciphertext>, <tag>
return (random_ecc_key.public_key().export_key(format='OpenSSH'),
aes_engine.nonce, ctx, tag)
评论列表
文章目录
