How does Elliptic Curve encryption work?

Elliptic Curve encryption works by: 1) Both parties generate EC key pairs (private + public key), 2) They exchange public keys over any channel, 3) Each party computes a shared secret using their private key and the other's public key (Alice: S = a × B, Bob: S = b × A), 4) Both arrive at the same shared secret due to elliptic curve mathematics, 5) This shared secret is used as an AES key to encrypt/decrypt messages. The security relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP).

Which EC curve should I use - P-256, P-384, or secp256k1?

Choose based on your use case: P-256 (prime256v1/secp256r1) - Best for general use, TLS/HTTPS, offers 128-bit security equivalent to 3072-bit RSA. P-384 - Use for government, financial, or high-security applications requiring 192-bit security. P-521 - For top-secret or long-term security needs with 256-bit security. secp256k1 - Specifically for Bitcoin, Ethereum, and cryptocurrency applications. Brainpool curves - Required for EU government compliance and German BSI standards.

Is ECDH more secure than RSA?

ECDH offers equivalent security to RSA with much smaller key sizes: 256-bit EC equals ~3072-bit RSA, 384-bit EC equals ~7680-bit RSA. ECDH advantages include: 10-20x faster performance, smaller key sizes (better for mobile/IoT), built-in forward secrecy with ephemeral keys. Both ECDH and RSA are vulnerable to quantum computers. For post-quantum security, consider hybrid approaches or post-quantum algorithms like CRYSTALS-Kyber.

What is the difference between ECDH and ECIES?

ECDH (Elliptic Curve Diffie-Hellman) is a key agreement protocol that produces a shared secret. ECIES (Elliptic Curve Integrated Encryption Scheme) is a complete encryption scheme that uses ECDH internally plus: a Key Derivation Function (KDF) to derive encryption keys, symmetric encryption (like AES) for the actual data, a Message Authentication Code (MAC) for integrity. ECIES is standardized (IEEE 1363a, ISO 18033-2) and provides authenticated encryption, while basic ECDH requires you to implement these additional components yourself.

How to generate EC keys using OpenSSL?

Generate EC keys with OpenSSL: 1) Generate private key: openssl ecparam -genkey -name prime256v1 -out private.pem, 2) Extract public key: openssl ec -in private.pem -pubout -out public.pem, 3) For other curves, replace prime256v1 with secp384r1, secp521r1, or secp256k1. To derive shared secret: openssl pkeyutl -derive -inkey alice_private.pem -peerkey bob_public.pem -out shared_secret.bin. List available curves: openssl ecparam -list_curves.

Is this EC encryption tool safe to use online?

Yes, this tool processes all cryptographic operations client-side in your browser using JavaScript. No keys or messages are transmitted to our servers. For production or highly sensitive use cases, we recommend: using dedicated cryptographic libraries, generating keys on air-gapped systems, and following your organization's security policies. This tool is ideal for learning, testing, development, and non-critical encryption tasks.

EC Key Exchange & Encryption

Generate Elliptic Curve key pairs for Alice and Bob, compute shared secrets using ECDH, and encrypt/decrypt messages

Generate EC Key Pairs

Select EC Curve:

Alice's Keys

Public Key

Private Key

Bob's Keys

Public Key

Private Key

Encrypt / Decrypt

Encrypt Decrypt

Encryption: Uses Alice's Private Key + Bob's Public Key

Message:

Result

Enter a message above and click Process to see the result

Understanding EC Key Exchange (ECDH) - Complete Guide

What is ECDH?

Elliptic Curve Diffie-Hellman (ECDH) is a key agreement protocol that allows two parties (Alice and Bob) to establish a shared secret over an insecure channel - even if an attacker is watching all their communications!

The Magic: Alice and Bob can compute the SAME secret key without ever transmitting it. They only exchange public keys, which are useless to attackers.

How ECDH Works (Step-by-Step)

Key Generation

Alice and Bob each generate their own EC key pair (private + public key)

Private Public

Exchange Public Keys

Alice sends her public key to Bob. Bob sends his public key to Alice.

Compute Shared Secret

Each computes the secret using their private key + other's public key

S = priv * Pub

Encrypt/Decrypt

Use the shared secret as an AES key to encrypt and decrypt messages

The Math (Simplified)

Setup: Both parties agree on a curve and base point G

Alice	Private: `a` (random number)	Public: `A = a * G`
Bob	Private: `b` (random number)	Public: `B = b * G`

Shared Secret Computation:

Alice computes: S = a * B = a * (b * G) = ab * G
Bob computes: S = b * A = b * (a * G) = ab * G

Both get the same point ab * G on the curve!

Why Is It Secure?

Elliptic Curve Discrete Logarithm Problem (ECDLP):

Easy: Given a and G, compute A = a * G
Hard: Given A and G, find a

Attacker sees: Public keys A and B, base point G

Attacker cannot compute: a or b (private keys), therefore cannot compute ab * G (shared secret)

EC Curves Comparison

Curve	Key Size	Security	RSA Equivalent	Common Use
P-256	256 bits	128-bit	~3072-bit RSA	TLS 1.3, Web PKI
P-384	384 bits	192-bit	~7680-bit RSA	Government, Finance
P-521	521 bits	256-bit	~15360-bit RSA	Top Secret, Long-term
secp256k1	256 bits	128-bit	~3072-bit RSA	Bitcoin, Ethereum
Curve25519	256 bits	128-bit	~3072-bit RSA	Signal, SSH, WireGuard
brainpoolP256r1	256 bits	128-bit	~3072-bit RSA	EU Government, German BSI

Real-World Applications

TLS/HTTPS Secures 70%+ of web traffic

Cryptocurrencies Bitcoin, Ethereum wallets

Messaging Apps Signal, WhatsApp E2E encryption

SSH Keys Ed25519 keys for servers

OpenSSL Commands

# Generate Alice's key pair
openssl ecparam -genkey -name prime256v1 -out alice_priv.pem
openssl ec -in alice_priv.pem -pubout -out alice_pub.pem

# Generate Bob's key pair
openssl ecparam -genkey -name prime256v1 -out bob_priv.pem
openssl ec -in bob_priv.pem -pubout -out bob_pub.pem

# Alice derives shared secret
openssl pkeyutl -derive -inkey alice_priv.pem \
  -peerkey bob_pub.pem -out alice_secret.bin

# Bob derives shared secret (same result!)
openssl pkeyutl -derive -inkey bob_priv.pem \
  -peerkey alice_pub.pem -out bob_secret.bin

# Verify both secrets are identical
diff alice_secret.bin bob_secret.bin && echo "Secrets match!"

Security Best Practices

Use P-256 or higher
Generate fresh key pairs
Use secure random generator
Derive keys with KDF (HKDF)
Validate public keys

DON'T

Reuse ephemeral keys
Share private keys
Use weak curves (<224 bit)
Skip key validation
Use raw shared secret

Pro Tip: Always use a Key Derivation Function (KDF) like HKDF to derive encryption keys from the shared secret, never use it directly!

ECDH vs RSA Key Exchange

Aspect	ECDH	RSA
Key Size for 128-bit Security	256 bits	3072 bits
Performance	10-20x faster	Slower (large modular exponentiation)
Forward Secrecy	Yes (with ephemeral keys)	No (unless using RSA-DHE)
Mobile/IoT Friendly	Excellent	Resource intensive
Quantum Resistance	No (use post-quantum)	No (use post-quantum)

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users

200+ tools

100% private

☕ One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good

Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

EC Key Exchange & Encryption

Alice's Keys

Bob's Keys

What is ECDH?

How ECDH Works (Step-by-Step)

Key Generation

Exchange Public Keys

Compute Shared Secret

Encrypt/Decrypt

The Math (Simplified)

Why Is It Secure?

EC Curves Comparison

Real-World Applications

OpenSSL Commands

Security Best Practices

ECDH vs RSA Key Exchange

Support This Free Tool

Quick Access

PGP Tools

Sharing Services

Security Tools

Cryptography

Network Tools

Legal & Compliance

DevOps/Container

Blockchain

Encoders/Converters

Developer Tools

Machine Learning Visualizers

Media Tools

Documents & PDF

Finance

Health

Lifestyle & Productivity

Chemistry

Math & Education

Physics Tools

Internationalization