An Erlang native library implementing the ECIES (Elliptic Curve Integrated Encryption Scheme) publickey cryptography, providing elliptic curve encryption as an alternative to the deprecated crypto
public_encrypt
, private_decrypt
functions.
The Erlang OTP team decided to deprecate several crypto
module functions in OTP 27 (See functions deprecated in OTP 27).
Notably, no alternatives were provided for two of them crypto:public_encrypt/4
and crypto:private_decrypt/4
.
Some information about potential background of these deprecations can be found here.
It is worth mentioning that the above mentioned functions are RSA specific and cannot be used with Elliptic Curve cryptography anyway. In our projects we mainly use Elliptic Curve cryptography and we decided to share this small library for ECIES with the Erlang developers community.
We will be happy if you find it useful and use in your project. If you find any ideas for improvements or notice any missing functionality, please open an issue here; even better propose a Pull Request.
The API of library is simple:

ecies:generate_key/0
 can be used to generate public/private key pair 
ecies:public_encrypt/2
 for encrypting binary message with given public key 
ecies:private_decrypt/2
 for decrypting data using private key corresponding to public key used inpublic_encrypt
Example:
% Bob generates keys, and publish his public key
{BobPublicKey, BobPrivateKey} = ecies:generate_key(),
% Alice knowing Bob's public key encrypts a message for him
Data = ecies:public_encrypt(BobPublicKey, <<"top secret message">>),
% Bob is able to decrypt the message using his private key
<<"top secret message">> = ecies:private_decrypt(BobPrivateKey, Data).
In the above example the default params are used (as returned by ecies:default_params/0
):
#{
curve => secp256k1,
cipher => aes_256_cbc,
kdf => {kdf, sha256}, % ANSIX9.63 key derivation
mac => {hmac, sha256, 256} % HMAC SHA256 with 256 bits (32 bytes) output
}.
You can read or write keys in PEM format using function from ecies_pem
module:

ecies_pem:decode_public/1
 decodes a public key from the given "PUBLIC KEY" or "EC PRIVATE KEY" PEM format. 
ecies_pem:decode_private/1
 decodes a private key from the given "EC PRIVATE KEY" PEM format. 
ecies_pem:decode_keypair/1
 decodes both keys from the given "EC PRIVATE KEY" PEM format. 
ecies_pem:encode_public/1
 encodes a public key into "PUBLIC KEY" PEM format. 
ecies_pem:encode_private/1
 encodes a private key into "EC PRIVATE KEY" PEM format. 
ecies_pem:encode_keypair/1
 encodes both keys into "EC PRIVATE KEY" PEM format.
Example:
openssl ecparam noout genkey conv_form compressed name secp256k1  tee private.pem
{ok, Pem} = file:read_file("private.pem"),
{Pub, Priv} = ecies_pem:decode_keypair(Pem),
Pub = ecies_pem:decode_public(Pem),
Priv = ecies_pem:decode_private(Pem),
file:write_file("public.pem", ecies_pem:encode_public(Pub)).
openssl ec pubin in public.pem noout text
Using ecies:generate_key/1
, ecies:public_encrypt/3
, ecies:private_decrypt/3
functions which accepts extra Params
argument you can customize elliptic curve and algorithms used in all steps of encryption/decryption process.
There are a few library API functions that helps with customisation:

ecies:default_params/0
 returns default set of params 
ecies:supports/1
 which can be used to inspect lists of all supported curves, ciphers, hashs (digest types)
We also provide default params compatible with existing ECIES variants used in some other libraries.

ecies_bitcore:default_params/0
 compatible with bitcore ECIES implementation 
ecies_geth:default_params/0
,ecies_geth:params_from_curve/1
 compatible with ethereum's geth ECIES implementation 
ecies_electrum:default_params/0
 compatible with Electrum, Electron Cash and ElectrumSV ECIES implementation (see also here)
Example 1:
% Alice and Bob agrees on the following params
Params = #{
curve => x25519, % Edwards curve 25519
kdf => {hkdf, sha256}, % HMACbased ExtractandExpand KDF with SHA256 hash
cipher => aes_256_ctr,
mac => {hmac, sha256, 96} % HMAC with SHA256 and 96 bits output
},
% Bob generates keys
{BobPublicKey, BobPrivateKey} = ecies:generate_key(Params),
% Alice knowing Bob's public key encrypts a message for him
Data = ecies:public_encrypt(BobPublicKey, <<"top secret message">>, Params),
% Bob is able to decrypt the message using his private key
<<"top secret message">> = ecies:private_decrypt(BobPrivateKey, Data, Params).
Example 2:
% Decrypting electrum compatible message
Params = ecies_electrum:default_params(),
PrivateKey = binary:decode_hex(<<"ee3231b5deea48b619814d72a6e1aa04a9f521df281afad5ada89f5393941b1c">>),
MessageBase64 = <<"QklFMQJdmY+9Ys1WjqANreLwXaau62N01r9lebJ9Rp7Az+XRMdNAVgg3J8EEVhni5gn2v+WOD59uDMDp0zY/xPT3IElReQo6XUCSMmgRgRtYl+TUEw==">>,
<<"hello world">> = ecies:private_decrypt(PrivateKey, MessageBase64, Params).
The list of all supported elliptic curves (curve
param), ciphers (cipher
param) and hash functions used by KDF and MAC
algorithms can be obtained using ecies:supports/1
function:
spec supports(hashs) > [digest_type()];
(curves) > [named_curve()];
(ciphers) > [cipher()];
(cmac_ciphers) > [cmac_cipher()];
(aead_ciphers) > [aead_cipher()].
Note
For Edwards Curves 25519 and 448 use x25519
, x448
, and not ed25519
, ed448
For key derivation (kdf
param) you can use:
type kdf_type() :: {hkdf, digest_type()}  % HMACbased ExtractandExpand Key Derivation Function (HKDF)
{kdf, digest_type()}  % ANSIX9.63 KDF
{concat_kdf, digest_type()}  % NIST SP 80056 Concatenation Key Derivation Function (see section 5.8.1).
kdf_fun().
% Custom KDF function
type kdf_fun() :: fun((SharedKey :: binary(), Info :: binary(), Length :: pos_integer()) > Result :: binary()).
For message authentication (mac
param):
type mac_type() :: {hmac, digest_type(), mac_bits()}  % HMAC for given digest function with specified output bits
{cmac, cmac_cipher(), mac_bits()}  % CMAC with AES*CBC cipher and given output bits
{aead, mac_bits()}. % Special case when AES CCM/GCM ciphers are used to just specify tag output bits
type mac_bits() :: pos_integer()  default. % default atom means output size equal to given mac key length
ecies
library is MITlicensed, as per LICENSE.md.