In the world of blockchain development, secure data transmission is paramount. EOS, a high-performance blockchain platform, leverages advanced cryptographic techniques to ensure data integrity and confidentiality. One such method involves public key encryption with private key decryption, a core principle in asymmetric cryptography. This article explores practical implementations using the eos-crypto-java library, focusing on ECC (Elliptic Curve Cryptography) combined with AES (Advanced Encryption Standard) for robust security.
Whether you're building decentralized applications (dApps), securing wallet communications, or implementing secure inter-node messaging, understanding how to properly encrypt and decrypt data using EOS keys is essential.
Understanding EOS Cryptography Basics
EOS uses elliptic curve cryptography based on the secp256k1 curve — the same used in Bitcoin and Ethereum. Each user has a public key (shared openly) and a private key (kept secret). Data encrypted with a public key can only be decrypted by its corresponding private key.
The eos-crypto-java library simplifies this process for Java-based backend systems, enabling developers to integrate EOS-compatible encryption directly into their services.
Core keywords: EOS encryption, public key encryption, private key decryption, ECC AES encryption, blockchain security, asymmetric cryptography, secure data transmission, Java crypto library
Simple ECC Encryption and Decryption Example
Let’s begin with a basic example of encrypting data using an EOS public key and decrypting it with the corresponding private key.
String privateKey = "5KTZYCDdcfNrmEpcf97SJBCtToZjYHjHm8tqTWvzUbsUJgkxcfk";
EosPrivateKey eosPrivateKey = new EosPrivateKey(privateKey);
EosPublicKey eosPublicKey = eosPrivateKey.getPublicKey();
ECPrivateKey ecPrivateKey = eosPrivateKey.getECPrivateKey();
ECPublicKey ecPublicKey = eosPublicKey.getECPublicKey();
byte[] plainData = "{\"age\": 1,\"data\":\"sensitive_info\"}".getBytes("UTF-8");
System.out.println("Original Data: " + new String(plainData));
// Encrypt using receiver's public key
byte[] encryptedData = ECCUtil.publicEncrypt(plainData, ecPublicKey);
System.out.println("Encrypted Data (Hex): " + HexUtils.toHex(encryptedData));
// Decrypt using own private key
byte[] decryptedData = ECCUtil.privateDecrypt(encryptedData, ecPrivateKey);
System.out.println("Decrypted Data: " + new String(decryptedData, "UTF-8"));👉 Learn how to securely manage cryptographic keys in production environments.
This pattern ensures that only the holder of the private key can read the message — ideal for secure peer-to-peer communication in dApps or cross-chain messaging systems.
Secure Two-Way Authentication with ECC + AES
For enhanced security, many applications combine ECC for key exchange and AES for bulk data encryption. This hybrid approach leverages the strengths of both algorithms: ECC for secure asymmetric key derivation and AES for fast symmetric encryption.
In this model:
- The sender uses their private key and the receiver’s public key to derive a shared AES key.
- The message is encrypted with AES using a random nonce (initialization vector).
- Only the intended recipient, possessing their private key and the sender’s public key, can reconstruct the AES key and decrypt the message.
// Sender's credentials
String senderPrivateKeyWif = "5KTZYCDdcfNrmEpcf97SJBCtToZjYHjHm8tqTWvzUbsUJgkxcfk";
EosPrivateKey senderPrivKey = new EosPrivateKey(senderPrivateKeyWif);
EosPublicKey senderPubKey = senderPrivKey.getPublicKey();
// Receiver's public key (known to sender)
String receiverPublicKeyStr = "EOS7ez2gagfoXw9XdW3kRx3EsCoWvupGR6u6ZJhFPEe9Q12V8JgUL";
EosPublicKey receiverPubKey = new EosPublicKey(receiverPublicKeyStr);
// Generate random nonce
byte[] nonce = new byte[16];
new MTRandom().nextBytes(nonce);
// Data to encrypt
byte[] payload = "{\"test1\":1,\"test2\":\"secure_payload\"}".getBytes("UTF-8");
// Encrypt using ECC-derived AES key
byte[] encrypted = CryptUtil.encrypt(senderPrivKey, receiverPubKey, nonce, payload);
System.out.println("Encrypted Payload: " + new String(encrypted));
// On receiver side: decrypt using own private key and sender's public key
String receiverPrivateKeyWif = "5JUrqxYcssR9LLVtWDeQcc9HCX4FEqBG7d9GW6t7mvmB1rUuZr9";
EosPrivateKey receiverPrivKey = new EosPrivateKey(receiverPrivateKeyWif);
byte[] decrypted = CryptUtil.decrypt(receiverPrivKey, senderPubKey, nonce, encrypted);
System.out.println("Decrypted Message: " + new String(decrypted, "UTF-8"));This method provides mutual authentication — both parties must possess valid key pairs, preventing impersonation and man-in-the-middle attacks.
Implementing Digital Envelope Encryption
A digital envelope combines symmetric and asymmetric encryption to securely transmit large amounts of data. Here’s how it works:
- A random AES key (nonce) is generated.
- The actual data is encrypted using AES.
- The AES key is then encrypted using the receiver’s public key.
- Both encrypted data and encrypted key are sent together.
- The receiver decrypts the AES key with their private key, then decrypts the data.
This technique is widely used in blockchain middleware, smart contract event encryption, and secure API gateways.
// Step 1: Generate random AES key (nonce)
byte[] aesKey = new byte[16];
new MTRandom().nextBytes(aesKey);
// Step 2: Encrypt data with AES
byte[] plainText = "{\"age\":1,\"note\":\"confidential\"}".getBytes("UTF-8");
byte[] encryptedData = CryptUtil.aesEncryptWithNOIV(aesKey, plainText);
// Step 3: Encrypt AES key with receiver's public key
byte[] encryptedKey = ECCUtil.publicEncrypt(aesKey, receiverPubKey.getECPublicKey());
// Step 4: Package into envelope
ByteBuffer buffer = ByteBuffer.allocate(4 + encryptedKey.length + 4 + encryptedData.length);
buffer.putInt(encryptedKey.length).put(encryptedKey);
buffer.putInt(encryptedData.length).put(encryptedData);
String hexEnvelope = HexUtils.toHex(buffer.array());
System.out.println("Digital Envelope (Hex): " + hexEnvelope);On the receiving end:
ByteBuffer receivedBuffer = ByteBuffer.wrap(HexUtils.toBytes(hexEnvelope));
int encKeyLen = receivedBuffer.getInt();
byte[] encKey = new byte[encKeyLen];
receivedBuffer.get(encKey);
int dataLen = receivedBuffer.getInt();
byte[] encData = new byte[dataLen];
receivedBuffer.get(encData);
// Decrypt AES key with private key
byte[] decryptedAesKey = ECCUtil.privateDecrypt(encKey, receiverPrivKey.getECPrivateKey());
// Decrypt data with recovered AES key
byte[] finalPlainText = CryptUtil.aesDecryptWithNOIV(decryptedAesKey, encData);
System.out.println("Recovered Data: " + new String(finalPlainText, "UTF-8"));👉 Discover best practices for implementing digital envelopes in enterprise blockchain systems.
Frequently Asked Questions
Q: Can I use any EOS private key for encryption?
A: Yes, as long as it's a valid WIF-formatted private key derived from the secp256k1 curve. However, always ensure keys are stored securely and never exposed in client-side code.
Q: Is this method compatible with other blockchains like Ethereum?
A: While both use secp256k1, address formats and signature schemes differ. You can reuse cryptographic principles but must adapt encoding and serialization logic accordingly.
Q: What happens if I lose the private key?
A: Without the private key, decryption is impossible due to the one-way nature of ECC. Always implement secure backup mechanisms like hardware wallets or encrypted key vaults.
Q: How do I prevent replay attacks when using static nonces?
A: Always use cryptographically secure random nonces. For added protection, include timestamps or sequence numbers within the encrypted payload.
Q: Can I encrypt data without knowing the sender's private key?
A: Yes — if you only need confidentiality (not authentication), you can encrypt using just the receiver’s public key via standard ECC encryption.
Q: Is eos-crypto-java suitable for production use?
A: It's a solid reference implementation, but audit your usage against industry standards. Consider integrating with HSMs or trusted cryptographic providers in high-risk environments.
👉 Explore advanced cryptographic tools and secure development kits for blockchain applications.
By mastering these encryption patterns — simple ECC, hybrid ECC+AES, and digital envelopes — developers can build more secure, trustworthy blockchain solutions. Whether you're handling user identities, securing off-chain data, or enabling private transactions, these techniques form the backbone of modern decentralized security architectures.