Swiftpack.co - Kitura/BlueECC as Swift Package

Swiftpack.co is a collection of thousands of indexed Swift packages. Search packages.
See all packages published by Kitura.
Kitura/BlueECC IBM-2019
Elliptic-curve cryptography for Swift
⭐️ 90
🕓 4 weeks ago
.package(url: "https://github.com/Kitura/BlueECC.git", from: "IBM-2019")


APIDoc Build Status - Master macOS Linux Apache 2 Slack Status


A cross platform Swift implementation of Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Integrated Encryption Scheme (ECIES). This allows you to sign, verify, encrypt and decrypt using elliptic curve keys.

Swift version

The latest version of BlueECC requires Swift 5.2 or later. You can download this version of the Swift binaries by following this link. Compatibility with other Swift versions is not guaranteed.


Add dependencies

Add the BlueECC package to the dependencies within your application’s Package.swift file. Substitute "x.x.x" with the latest BlueECC release.

.package(url: "https://github.com/Kitura/BlueECC.git", from: "x.x.x")

Add CryptorECC to your target's dependencies:

.target(name: "example", dependencies: ["CryptorECC"]),

Import package

import CryptorECC

Getting Started

Elliptic curve private key

you can generate an ECPrivate key using BlueECC.

let p256PrivateKey = try ECPrivateKey.make(for: .prime256v1)

You can then view the key in it's PEM format as follows:

let privateKeyPEM = p256PrivateKey.pemString

The following curves are supported:

  • prime256v1
  • secp384r1
  • secp521r1

Alternatively, you may generate private key using a third party provider:

let privateKey =

The following commands generate private keys for the three supported curves as .pem files:

// p-256
$ openssl ecparam -name prime256v1 -genkey -noout -out key.pem
// p-384
$ openssl ecparam -name secp384r1 -genkey -noout -out key.pem
// p-521
$ openssl ecparam -name secp521r1 -genkey -noout -out key.pem

These keys will be formatted as follows:

let privateKey =

The key string can then be used to initialize an ECPrivateKey instance:

let eccPrivateKey = try ECPrivateKey(key: privateKey)

Elliptic curve public key

You can use OpenSSL to generate an elliptic curve public key .pem file from any of the above elliptic curve private key files:

$ openssl ec -in key.pem -pubout -out public.pem

This will produce a public key formatted as follows:

let publicKey =
-----END PUBLIC KEY-----

These keys can then be used to initialize an ECPrivateKey instance:

let eccPublicKey = try ECPublicKey(key: publicKey)

Alternatively, you can extract the public key from your ECPrivateKey:

let eccPublicKey = try eccPrivateKey.extractPublicKey()

Signing String or Data

BlueECC extends String and Data so you can call sign directly on your plaintext using an EC private key. This creates an ECSignature containing the r and s signature values:

let message = "hello world"
let signature = try message.sign(with: eccPrivateKey)

Verifying the signature

Use the public key to verify the signature for the plaintext:

let verified = signature.verify(plaintext: message, using: eccPublicKey)
if verified {
    print("Signature is valid for provided plaintext")

Encrypting String or Data

Use the public key to encrypt your plaintext String or Data to encrypted Data or an encrypted Base64Encoded String:

let encryptedData = try "Hello World".encrypt(with: eccPublicKey)

Decrypting to plaintext

Use the private key to decrypt the encrypted Data or Base64Encoded String to plaintext Data or UTF8 String:

let decryptedData = try encryptedData.decrypt(with: eccPrivateKey)
print(String(data: decryptedData, encoding: .utf8))

Encryption interoperability

Cross platform encryption and decryption is currently only supported with prime256v1 curves. The secp384r1 and secp521r1 curves do not support Linux encryption with Apple platform decryption and vice versa.

If you would like to interoperate with this repo, The following describes the encryption process:

  • Generate an ephemeral EC key pair
  • Use ECDH of your EC pair to generate a symmetric key
  • Use SHA256 ANSI x9.63 Key Derivation Function with the ephemeral public key to generate a 32 byte key
  • Use the first 16 bytes as an AES-GCM key
  • Use the second 16 bytes as the initialization vector (IV)
  • Use aes_128_gcm to encrypt the plaintext and generate a 16 byte GCM tag
  • Send the ephemeral public key, encrypted data and GCM tag

This is equivalent to: kSecKeyAlgorithmECIESEncryptionStandardVariableIVX963SHA256AESGCM when using apple security.

API Documentation

For more information visit our API reference.


We love to talk server-side Swift, and Kitura. Join our Slack to meet the team!


This library is licensed under Apache 2.0. Full license text is available in LICENSE.


Stars: 90
Last commit: 4 weeks ago
Advertisement: IndiePitcher.com - Cold Email Software for Startups


Related Packages

Release Notes

4 years ago
  • Resolve Swift 5.1 compilation warning (#19)

Swiftpack is being maintained by Petr Pavlik | @ptrpavlik | @swiftpackco | API | Analytics