Skip to content
  • Pico HSM
Portada » Blog » Encryption and Decryption with ECDH

Encryption and Decryption with ECDH

Pico HSM supports in place decryption of arbitrary data with a symmetric ECDH key. It supports the following algorithms:





Encrypt and decrypt is a fundamental operation in cryptography. Usually, the data is encrypted with the public key and is decrypted with the private key. Therefore, anyone can encrypt data and send it securely to the recipient, which is the only allowed to decrypt it, as it is the only in possession of the private key used for decryption.

RSA is the traditional way to encrypt and decrypt data and it has three variants. The PKCS is the raw version, which takes the data and performs the RSA encryption. The raw data is recovered by performing the inverse step. The RSA-X-509 is a prepended version of the raw variant, with an ASN.1 structure that contains all relevant parameters. Finally, RSA-PKCS-OAEP is the most recent variant for RSA encryption and it is considered the most secure and robust.

On the contrary, elliptic curves do not accept to encrypt/decrypt data. Instead, if an encryption method with an elliptic curve is needed, an intermediate step is performed to derive a symmetric key. Whilst RSA is a pure asymmetric cryptographic operation, this derivation step from an elliptic curve is a symmetric step that uses a secret key for both transmitter and receiver, named ECDH derivation. Based on a foreign public key (an elliptic point) and a private key (an elliptic number), it is possible to derive a secret key, shared by the two peers that will be used to encrypt and decrypt the data.


Before going to the encryption, we prepare the data. In the file data we put some arbitrary data:

$ echo "This is a test string. Be safe, be secure." > data

To create the signatures, we use the OpenSSL tool. This tool requires the use public keys in the form of DER and PEM, which will be used for verification. In our example, we employ the ECC located at key id 2:

$ pkcs11-tool --read-object --pin 648219 --id 2 --type pubkey > 2.der
$ openssl ec -inform DER -outform PEM -in 2.der -pubin >

The --id parameter identifies the internal private key with id number 2. The first line retrieves the public key associated to the private key with id number 2 and stores the public key into the file 2.der.

The second line converts the public key from DER format to PEM.

To use the sc-tool, first install the sc-hsm-embedded driver. Follow instructions in its page for building and installing. Then, create the following alias:

$ alias sc-tool=pkcs11-tool --module /path/to/


ECC keys do not allow ciphering operations. Instead, the ECDH scheme provides a mechanism to exchange a shared symmetric key without transmitting it to the remote part. The shared key is composed by multiplying the local private key and the remote public key.

First, we create the remote part, Bob, by generating an ECC keypair and getting the public key:

$ openssl ecparam -genkey -name prime192v1 > bob.pem
$ openssl ec -in bob.pem -pubout -outform DER > bob.der

We derive the shared key by giving the Bob’s public key to the Pico HSM:

$ pkcs11-tool --pin 648219 --id 2 --derive -i bob.der -o mine-bob.der

We compute the other shared key, with Bob’s private key and our public key:

$ openssl pkeyutl -derive -out bob-mine.der -inkey bob.pem -peerkey

Finally, we compare both shared keys:

$ cmp bob-mine.der mine-bob.der

No output is displayed if both are equal.

You can also view the contents of both keys:

$ xxd -p bob-mine.der
$ xxd -p mine-bob.der