ECIES – SEC.1 and ISO/IEC 18033

The wolfSSL library has for a long time supported encryption and decryption using ECC with an implementation of ECIES (Elliptic Curve Integrated Encryption Scheme). Recently the ECIES code was updated to support the SEC.1 and ISO/IEC 18033 variants.

ECIES is the elliptic curve equivalent of the RSA encryption algorithm and is useful as a key encapsulation mechanism (KEM). KEMs are used to established shared keys between two parties that have never communicated before. By securing, say, a symmetric key with the EC public key, only the owner of the EC private key can derive it.

Unlike RSA encryption, ECIES can also be used for sending a message securely to the owner of the private key (i.e. data encapsulation mechanism (DEM)). The integration of a symmetric cipher in the ECIES algorithm allows it to encrypt any amount of data.

In the real world, ECIES is used by standards like the Intelligent Transport Systems (ETSI TS 103 097) and is part of Android Pay and Apple’s iMessage and Find My.

In the wolfSSL library, the default algorithm is now as described in SEC.1. If you require the original wolfSSL algorithm then configure with -–enable-ecies=old or define WOLFSSL_ECIES_OLD. Alternatively, if the ISO/IEC 18033 algorithm is required then configure with -–enable-ecies=iso18033 or define WOLFSSL_ECIES_ISO18033.

Contact us at to learn more!