Generates a new ECC private key on a named curve and returns it as PEM.
Supported curve names: "secp224r1", "secp256r1" (default),
"prime256v1", "secp384r1", "secp521r1", and "secp256k1".
@eryx/crypto/hazmat/ecc Module
JSON
Elliptic-curve cryptography using interoperable named curves.
Provides named-curve key generation, PEM/DER conversion, ECDSA signing/verification, and ECDH shared-secret derivation.
The initial curve set focuses on standard interoperable curves:
secp224r1, secp256r1, secp384r1, secp521r1, and secp256k1.
local ecc = require("@eryx/crypto/hazmat/ecc")
local alicePriv = ecc.generateKey("secp256r1")
local alicePub = ecc.getPublicPem(alicePriv)
local bobPriv = ecc.generateKey("secp256r1")
local bobPub = ecc.getPublicPem(bobPriv)
local sig = ecc.sign(alicePriv, buffer.fromstring("hello"))
assert(ecc.verify(alicePub, buffer.fromstring("hello"), sig))
local aliceSecret = ecc.derive(alicePriv, bobPub)
local bobSecret = ecc.derive(bobPriv, alicePub)
assert(buffer.tostring(aliceSecret) == buffer.tostring(bobSecret))
Summary
Functions
API Reference
Functions
ecc.generateKey
Parameters
Curve name. Defaults to "secp256r1".
Returns
PEM-encoded ECC private key.
ecc.getPublicPem
Derives the public key from a PEM-encoded ECC private key.
Parameters
PEM-encoded ECC private key.
Returns
PEM-encoded ECC public key.
ecc.sign
Signs data using ECDSA on the private key's curve.
Supported hash values: "sha256" (default), "sha1", "sha384",
and "sha512".
Parameters
PEM-encoded ECC private key.
data: buffer
Message to sign.
Hash algorithm.
Returns
buffer
ASN.1 DER-encoded ECDSA signature.
ecc.verify
Verifies an ECDSA signature.
Parameters
PEM-encoded ECC public key.
data: buffer
Original message.
signature: buffer
ASN.1 DER-encoded signature.
Hash algorithm.
Returns
true if the signature is valid.
ecc.derive
Derives a shared secret using ECDH.
Both keys must be on the same curve.
Parameters
Your PEM-encoded ECC private key.
Peer's PEM-encoded ECC public key.
Returns
buffer
Raw shared secret bytes.
ecc.privateToDer
Encodes a PEM private key as raw DER bytes.
Parameters
PEM-encoded ECC private key.
Returns
buffer
Raw DER-encoded private key.
ecc.publicToDer
Encodes a PEM public key as raw DER bytes.
Parameters
PEM-encoded ECC public key.
Returns
buffer
Raw DER-encoded public key.
ecc.privateFromDer
Parses a DER-encoded ECC private key and returns it as PEM.
Parameters
der: buffer
Raw DER-encoded ECC private key.
Returns
PEM-encoded ECC private key.
ecc.publicFromDer
Parses a DER-encoded ECC public key and returns it as PEM.
Parameters
der: buffer
Raw DER-encoded ECC public key.
Returns
PEM-encoded ECC public key.
ecc.getKeyBits
Returns the key size in bits for a PEM-encoded ECC key.
Parameters
PEM-encoded ECC private or public key.
Returns
Curve size in bits.
ecc.getCurve
Returns the canonical curve name for a PEM-encoded ECC key.
Known return values currently include "secp224r1", "secp256r1",
"secp384r1", "secp521r1", "secp256k1", and "unknown" if the
curve is not one of the canonical names recognised by this wrapper.
Parameters
PEM-encoded ECC private or public key.
Returns
Canonical curve name.