kryptos - v1.3.0

kryptos/ec

Elliptic Curve Cryptography key generation and management.

This module provides key pair generation for elliptic curve cryptography, supporting standard NIST curves and secp256k1. EC keys can be used for both ECDSA signatures and ECDH key agreement.

Key Generation

import kryptos/ec

let #(private_key, public_key) = ec.generate_key_pair(ec.P256)

Import/Export

import kryptos/ec

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let assert Ok(pem) = ec.to_pem(private_key)
let assert Ok(#(imported_private, _)) = ec.from_pem(pem)

Types

Curve

</>

Supported elliptic curves for key generation.

pub type Curve {
  P256
  P384
  P521
  Secp256k1
}

Constructors 

  • P256

    NIST P-256 curve (secp256r1, prime256v1). 256-bit key size.

  • P384

    NIST P-384 curve (secp384r1). 384-bit key size.

  • P521

    NIST P-521 curve (secp521r1). 521-bit key size.

  • Secp256k1

    Koblitz curve used by Bitcoin and Ethereum. 256-bit key size.

PrivateKey

</>

An elliptic curve private key.

pub type PrivateKey

PublicKey

</>

An elliptic curve public key.

pub type PublicKey

Values

coordinate_size

</> 
pub fn coordinate_size(curve: Curve) -> Int

Returns the coordinate size in bytes for the given curve.

This is the size of each coordinate (x or y) in an EC point.

Parameters

  • curve: The elliptic curve

Returns

The coordinate size in bytes (32 for P256/Secp256k1, 48 for P384, 66 for P521).

curve

</> 
pub fn curve(key: PrivateKey) -> Curve

Returns the curve for an EC private key.

Parameters

  • key: The private key

Returns

The curve used by this key.

from_bytes

</> 
pub fn from_bytes(
  curve: Curve,
  private_bytes: BitArray,
) -> Result(#(PrivateKey, PublicKey), Nil)

Imports an EC private key from raw scalar bytes.

The scalar should be in big-endian format with size matching the curve’s coordinate size (32 bytes for P256/Secp256k1, 48 for P384, 66 for P521).

Parameters

  • curve: The elliptic curve
  • private_bytes: The raw private scalar bytes

Returns

Ok(#(private_key, public_key)) on success, Error(Nil) if invalid.

Example

import kryptos/ec

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let scalar = ec.to_bytes(private_key)
let assert Ok(#(imported, _pub)) = ec.from_bytes(ec.P256, scalar)

from_der

</> 
pub fn from_der(
  der: BitArray,
) -> Result(#(PrivateKey, PublicKey), Nil)

Imports an EC private key from DER-encoded data.

The key must be in PKCS#8 format.

Parameters

  • der: DER-encoded key data

Returns

Ok(#(private_key, public_key)) on success, Error(Nil) on failure.

from_pem

</> 
pub fn from_pem(
  pem: String,
) -> Result(#(PrivateKey, PublicKey), Nil)

Imports an EC private key from PEM-encoded data.

The key must be in PKCS#8 format.

Parameters

  • pem: PEM-encoded key string

Returns

Ok(#(private_key, public_key)) on success, Error(Nil) on failure.

generate_key_pair

</> 
pub fn generate_key_pair(
  curve: Curve,
) -> #(PrivateKey, PublicKey)

Generates a new elliptic curve key pair.

The private key should be kept secret and used for signing or ECDH key agreement. The public key can be shared and is used for signature verification or ECDH key agreement.

Parameters

  • curve: The elliptic curve to use for key generation

Returns

A tuple of #(private_key, public_key).

public_key_curve

</> 
pub fn public_key_curve(key: PublicKey) -> Curve

Returns the curve for an EC public key.

Parameters

  • key: The public key

Returns

The curve used by this key.

public_key_from_der

</> 
pub fn public_key_from_der(
  der: BitArray,
) -> Result(PublicKey, Nil)

Imports an EC public key from DER-encoded data.

The key must be in SPKI format.

Parameters

  • der: DER-encoded key data

Returns

Ok(public_key) on success, Error(Nil) on failure.

public_key_from_pem

</> 
pub fn public_key_from_pem(pem: String) -> Result(PublicKey, Nil)

Imports an EC public key from PEM-encoded data.

The key must be in SPKI format.

Parameters

  • pem: PEM-encoded key string

Returns

Ok(public_key) on success, Error(Nil) on failure.

public_key_from_private_key

</> 
pub fn public_key_from_private_key(key: PrivateKey) -> PublicKey

Derives the public key from an EC private key.

Parameters

  • key: The private key

Returns

The corresponding public key.

public_key_from_raw_point

</> 
pub fn public_key_from_raw_point(
  curve: Curve,
  point: BitArray,
) -> Result(PublicKey, Nil)

Imports an EC public key from an uncompressed SEC1 point.

The point must be in uncompressed format: 0x04 || x || y where x and y are the coordinates padded to the curve’s coordinate size.

Parameters

  • curve: The elliptic curve (P256, P384, P521, or Secp256k1)
  • point: The uncompressed point bytes (1 + 2 * coordinate_size bytes)

Returns

Ok(public_key) on success, Error(Nil) if the format is invalid or the point is not on the curve.

Example

import kryptos/ec

let #(_private_key, public_key) = ec.generate_key_pair(ec.P256)
let point = ec.public_key_to_raw_point(public_key)
let assert Ok(imported) = ec.public_key_from_raw_point(ec.P256, point)

public_key_to_der

</> 
pub fn public_key_to_der(key: PublicKey) -> Result(BitArray, Nil)

Exports an EC public key to DER format.

The key is exported in SPKI format.

Parameters

  • key: The public key to export

Returns

Ok(der_data) on success, Error(Nil) on failure.

public_key_to_pem

</> 
pub fn public_key_to_pem(key: PublicKey) -> Result(String, Nil)

Exports an EC public key to PEM format.

The key is exported in SPKI format.

Parameters

  • key: The public key to export

Returns

Ok(pem_string) on success, Error(Nil) on failure.

public_key_to_raw_point

</> 
pub fn public_key_to_raw_point(key: PublicKey) -> BitArray

Exports a public key to uncompressed SEC1 point format.

Returns a BitArray in the format: 0x04 || X || Y where X and Y are the coordinates of the public key point, each padded to the curve’s coordinate size.

If the key was imported with a compressed point format, it will be automatically decompressed.

This is the inverse of public_key_from_raw_point.

to_bytes

</> 
pub fn to_bytes(key: PrivateKey) -> BitArray

Exports an EC private key to raw scalar bytes.

Returns the private scalar (the “d” value in JWK terminology) as big-endian bytes. The size matches the curve’s coordinate size.

Parameters

  • key: The private key to export

Returns

The raw private scalar bytes.

Example

import kryptos/ec

let #(private_key, _public_key) = ec.generate_key_pair(ec.P256)
let scalar = ec.to_bytes(private_key)

to_der

</> 
pub fn to_der(key: PrivateKey) -> Result(BitArray, Nil)

Exports an EC private key to DER format.

The key is exported in PKCS#8 format.

Parameters

  • key: The private key to export

Returns

Ok(der_data) on success, Error(Nil) on failure.

to_pem

</> 
pub fn to_pem(key: PrivateKey) -> Result(String, Nil)

Exports an EC private key to PEM format.

The key is exported in PKCS#8 format.

Parameters

  • key: The private key to export

Returns

Ok(pem_string) on success, Error(Nil) on failure.

Search Document