Ashish Gulhati
and 1 contributors


Crypt::EECDH - Simple ephemeral ECDH + AES hybrid cryptosystem


 $Revision: 1.007 $
 $Date: Tue Oct 16 23:45:54 PDT 2018 $


    use Crypt::EECDH;

    my $eecdh = new Crypt::EECDH;

    # Generate server's signing keypair
    my ($pub_signkey, $sec_signkey) = $eecdh->signkeygen;

    # Generate server's messaging key and signature
    my ($pubkey, $seckey, $signature) =
      $eecdh->keygen( PrivateKey => $sec_signkey, PublicKey => $pub_signkey );

    my $msg = "Testing";

    # Encrypt a message to server
    my ($encrypted, $clientsec) = $eecdh->encrypt( PublicKey => $pubkey,
      Message => $msg, SigningKey => $pub_signkey, Signature => $signature );

    # Server decrypts message
    my ($decrypted, $clientpub) =
      $eecdh->decrypt( Key => $seckey, Ciphertext => $encrypted );
    print "OK\n" if $decrypted eq $msg;

    # Server encrypts response (using a fresh ephemeral keypair)
    my ($encrypted2, $newsec) =
      $eecdh->encrypt( PublicKey => $clientpub, Message => $msg );

    # Client decrypts the response
    my ($decrypted2, $newpub) =
      $eecdh->decrypt( Key => $clientsec, Ciphertext => $encrypted2);

    # Now client can use $newpub to encrypt another message and the
    # exchange can continue. Note that the server will need to hold on
    # to $newsec in order to decrypt the response.

    # Alternately the client can use server's $pubkey for all messages
    # it sends, which frees server from having to keep track of new
    # ephemeral keys.


A simple hybrid crypto system with ephemeral ECDH key agreement in combination with the AES cipher.


This modules uses Daniel J. Bernstein's curve25519 to perform a Diffie-Hellman key agreement. A new keypair is generated for every encryption operation. The shared key resulting from the key agreement is hashed and used to encrypt the plaintext using AES in CBC mode (with the IV deterministically derived from the public key). It also adds a HMAC, with the key derived from the same shared secret as the encryption key.

Some of the code in this module (and most of the text of the previous paragraph) is from the Crypt::ECDH_ES module, which provides one-way communication functionality in an ephemeral-static mode, where one side (the decoder or "server") uses a static key.

Crypt::EECDH provides full two-way encryption capability with ephemeral keys on both sides. Instead of a static messaging key, the server uses a static signing key, and signs its ephemeral messaging keys with its signing key. The signing key is never used to encrypt messages. The server may generate a new ephemeral messaging key pair at the start of each client session, or it may perodically generate and publish new messaging keys.



Creates and returns a new Crypt::EECDH object. The following optional named parameters can be provided:

    SigScheme - The signature scheme to use for the signing keys. Valid options are 'ECDSA' and 'Ed25519', which use the Crypt::EC_DSA and Crypt::Ed25519 modules respectively. The default is 'ECDSA'.

    Debug - Set to a true value to have the module emit messages useful for debugging.


Generates and returns a signing keypair as a two element list, with the public key as the first element, private key as the second.


Generates and returns a messaging keypair as a two element list, with the public key as the first element, private key as the second. The following optional parameters may be provided:

    PrivateKey - The signing private key

    PublicKey - The signing public key


Encrypts a message. A new keypair is generated for each encryption operation. Returns a list whose first element is the cipherext and second element is the generated private key. The following named parameters are required:

    PublicKey - The public messaging key of the recipient

    Message - The message to be encrypted

The following optional parameters can be provided:

    SigningKey - The public signing key of the recipient

    Signature - Signature on the messaging key


Decrypts a message. Returns a list whose first element is the decrypted message and second element is the public key of the sender. The following named parameters are required:

    Key - The private messaging key of the recipient

    Ciphertext - The ciphertext to be decrypted



Ashish Gulhati, <crypt-eecdh at>


Please report any bugs or feature requests to bug-crypt-eecdh at, or through the web interface at I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.


You can find documentation for this module with the perldoc command.

    perldoc Crypt::EECDH

You can also look for information at:


Some of the code in this module is from Crypt::ECDH_ES by Leon Timmermans <>


Copyright (c) Ashish Gulhati.

This software package is Open Software; you can use, redistribute, and/or modify it under the terms of the Open Artistic License 2.0.

Please see for the full license terms, and ensure that the license grant applies to you before using or modifying this software. By using or modifying this software, you indicate your agreement with the license terms.