kryptos - v1.4.0

kryptos/ec

Elliptic Curve Cryptography key generation and management.

Key pair generation and management for elliptic curve cryptography, supporting standard NIST curves and secp256k1. EC keys can be used for both ECDSA signatures and ECDH key agreement.

Key Generation

import kryptos/ec

let #(private_key, public_key) = ec.generate_key_pair(ec.P256)

Import/Export

import kryptos/ec

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let assert Ok(pem) = ec.to_pem(private_key)
let assert Ok(#(imported_private, _)) = ec.from_pem(pem)

Types

Curve

</>

Supported elliptic curves for key generation.

pub type Curve {
  P256
  P384
  P521
  Secp256k1
}

Constructors 

  • P256

    NIST P-256 curve (secp256r1, prime256v1). 256-bit key size.

  • P384

    NIST P-384 curve (secp384r1). 384-bit key size.

  • P521

    NIST P-521 curve (secp521r1). 521-bit key size.

  • Secp256k1

    Koblitz curve used by Bitcoin and Ethereum. 256-bit key size.

PrivateKey

</>

An elliptic curve private key.

pub type PrivateKey

PublicKey

</>

An elliptic curve public key.

pub type PublicKey

Values

coordinate_size

</> 
pub fn coordinate_size(curve: Curve) -> Int

Returns the coordinate size in bytes for the given curve.

This is the size of each coordinate (x or y) in an EC point.

curve

</> 
pub fn curve(key: PrivateKey) -> Curve

Returns the curve for an EC private key.

from_bytes

</> 
pub fn from_bytes(
  curve: Curve,
  private_bytes: BitArray,
) -> Result(#(PrivateKey, PublicKey), Nil)

Imports an EC private key from raw scalar bytes.

The scalar should be in big-endian format with size matching the curve’s coordinate size (32 bytes for P256/Secp256k1, 48 for P384, 66 for P521).

Example

import kryptos/ec

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let scalar = ec.to_bytes(private_key)
let assert Ok(#(imported, _pub)) = ec.from_bytes(ec.P256, scalar)

from_der

</> 
pub fn from_der(
  der: BitArray,
) -> Result(#(PrivateKey, PublicKey), Nil)

Imports an EC private key from DER-encoded data.

The key must be in PKCS#8 format.

from_pem

</> 
pub fn from_pem(
  pem: String,
) -> Result(#(PrivateKey, PublicKey), Nil)

Imports an EC private key from PEM-encoded data.

The key must be in PKCS#8 format.

generate_key_pair

</> 
pub fn generate_key_pair(
  curve: Curve,
) -> #(PrivateKey, PublicKey)

Generates a new elliptic curve key pair.

public_key_curve

</> 
pub fn public_key_curve(key: PublicKey) -> Curve

Returns the curve for an EC public key.

public_key_from_der

</> 
pub fn public_key_from_der(
  der: BitArray,
) -> Result(PublicKey, Nil)

Imports an EC public key from DER-encoded data.

The key must be in SPKI format.

public_key_from_pem

</> 
pub fn public_key_from_pem(pem: String) -> Result(PublicKey, Nil)

Imports an EC public key from PEM-encoded data.

The key must be in SPKI format.

public_key_from_private_key

</> 
pub fn public_key_from_private_key(key: PrivateKey) -> PublicKey

Derives the public key from an EC private key.

public_key_from_raw_point

</> 
pub fn public_key_from_raw_point(
  curve: Curve,
  point: BitArray,
) -> Result(PublicKey, Nil)

Imports an EC public key from an uncompressed SEC1 point.

The point must be in uncompressed format: 0x04 || x || y where x and y are the coordinates padded to the curve’s coordinate size.

Example

import kryptos/ec

let #(_private_key, public_key) = ec.generate_key_pair(ec.P256)
let point = ec.public_key_to_raw_point(public_key)
let assert Ok(imported) = ec.public_key_from_raw_point(ec.P256, point)

public_key_to_der

</> 
pub fn public_key_to_der(key: PublicKey) -> Result(BitArray, Nil)

Exports an EC public key to DER format.

The key is exported in SPKI format.

public_key_to_pem

</> 
pub fn public_key_to_pem(key: PublicKey) -> Result(String, Nil)

Exports an EC public key to PEM format.

The key is exported in SPKI format.

public_key_to_raw_point

</> 
pub fn public_key_to_raw_point(key: PublicKey) -> BitArray

Exports a public key to uncompressed SEC1 point format.

Returns a BitArray in the format: 0x04 || X || Y where X and Y are the coordinates of the public key point, each padded to the curve’s coordinate size.

If the key was imported with a compressed point format, it will be automatically decompressed.

This is the inverse of public_key_from_raw_point.

to_bytes

</> 
pub fn to_bytes(key: PrivateKey) -> BitArray

Exports an EC private key to raw scalar bytes.

Returns the private scalar (the “d” value in JWK terminology) as big-endian bytes. The size matches the curve’s coordinate size.

Example

import kryptos/ec

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let scalar = ec.to_bytes(private_key)

to_der

</> 
pub fn to_der(key: PrivateKey) -> Result(BitArray, Nil)

Exports an EC private key to DER format.

The key is exported in PKCS#8 format.

to_pem

</> 
pub fn to_pem(key: PrivateKey) -> Result(String, Nil)

Exports an EC private key to PEM format.

The key is exported in PKCS#8 format.

Search Document