Implementing-cryptography-using-python
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
240 Chapter 8 ■ Cryptographic Applications and PKI
The most important takeaway for this section is that you understand that
ECC produces encryption keys based on using points on a curve to define the
public and private keys. An ECC key is very helpful for the current generation
as more people are moving to the smartphone. As the utilization of smartphones
continues to grow, there is an emerging need for a more flexible encryption for
business to meet with increasing security requirements.
The elliptic curve cryptography certificates allow key size to remain small
while providing a higher level of security. The ECC certificate key creation
method is entirely different from previous algorithms, while relying on the
use of a public key for encryption and a private key for decryption. By starting
small and with a slow growth potential, ECC has a longer potential life span.
Elliptic curves are likely to be the next generation of cryptographic algorithms,
and we are seeing the beginning of their use now.
When you compare ECC with other algorithms like RSA, you will find the
ECC key is significantly smaller yet offers the same level of security. One notable
instance is that a 3,072-bit RSA key takes 768 bytes, whereas the equally strong
NIST P-256 private key only takes 32 bytes (that is, 256 bits). PyCryptodome
offers us an ECC module that provides mechanisms for generating new ECC
keys, exporting and importing them using widely supported formats like PEM
or DER. To install PyCryptodome, execute the following pip command:
pip install pycryptodome
If you’re worried about ensuring the highest level of security while maintaining
performance, it makes sense to adopt ECC.
Generating ECC Keys
ECC private keys are integers that represent the curve’s field size; the typical
size is 256 bits. A 256-bit private key would look like the following:
0x51897b64e85c3f714bba707e867914295a1377a7463a9dae8ea6a8b914246319
Generating an ECC key requires generating a random integer within a specified
range.
The public keys in the ECC are EC points—pairs of integer coordinates
{x, y}, lying on the curve. Due to their special properties, EC points can be
compressed to just one coordinate + 1 bit (odd or even). Thus the compressed
public key, corresponding to a 256-bit ECC private key, is a 257-bit integer.
An example of an ECC public key (corresponding to the preceding private
key, encoded in the Ethereum format, as hex with prefix 02 or 03) is 0x02f5
4ba86dc1ccb5bed0224d23f01ed87e4a443c47fc690d7797a13d41d2340e1. In this
format, the public key takes 33 bytes (66 hex digits), which can be optimized
to exactly 257 bits.