Try this:

var alicePrivateKey = new bitcore.PrivateKey();
var bobPrivateKey = new bitcore.PrivateKey();
var data = new Buffer('The is a raw data example');

var cypher1 = ECIES().privateKey(alicePrivateKey).publicKey(bobPrivateKey.publicKey);
var encrypted = cypher1.encrypt(data);

var cypher2 = ECIES().privateKey(bobPrivateKey);
var decrypted = cypher2.decrypt(encrypted);

decrypted.ToString() == "The is a raw data example" which shouldn't be true. You should need alice's public key to decrypt the cipher.

Is alice's public key somehow cached and then used inside of the ECIES lib?

To test around caching I saved raw values and import them into buffer to test (I saved bobs private keys from above and the cipher text and input it directly into decrypt):

var bobPrivateKey = new bitcore.PrivateKey("5JSZTwCycfifeCuAbByTPmq8pED4PeHtLvyt1HC1yuc5iv6hm3A");

var data = new Buffer('The is a raw data example');

var cypher2 = ECIES().privateKey(bobPrivateKey);
var decrypted = cypher2.decrypt(new Buffer("048d2dd8c7c59dbe66210c872cab7f144e33468f90247d14f28f5e848e560a10e1a0a689c1e1f20ec2abbd8b7dc5b71468c8429d5ea89fa72f5ff68083e43e09b26455de7695c4436a6ff61ccee03413e6da4114b4c7ef4f0a32e650be3102165ee0b105dce8b4e32db020d1536456ca68cb00badb13a154699825fa544fe22ec9f8e39eb0c4fbae04197331d367befab6", 'hex'));

again decrypted is correct which shouldn't be. The later example should probably be part of a unit test.

UPDATE:

I found that noKey option is what you would want to use if you need sender authentication:

var data = new Buffer('The is a raw data example');
var eciesObj = new ECIES({noKey: true});
var eciesObj1 = new ECIES({noKey: true});
var cypher1 = eciesObj.privateKey(alicePrivateKey).publicKey(bobPrivateKey.publicKey);
var encrypted = cypher1.encrypt(data);
var cypher2 = eciesObj1.privateKey(bobPrivateKey).publicKey(bobPrivateKey.publicKey);
var decrypted = cypher2.decrypt(encrypted);

I get the expected "Invalid Checksum" message here.

Now works as expected, for anyone else that's having issues, you have to create a new ECIES object class on the heap and pass in noKey option. If noKey is set to false by default the ECDH key exchange isn't really happening properly not sure if its per design. Can you please document what it is doing here and why we need this?

See: https://github.com/orgs/bitpay/teams/bitcore/repositories

I've encountered a strange behavior where a public key can decrypt data encrypted with another private / public key pair, e.g.:

1. Alice and Carol send their public key to Bob
2. Bob sends his public key to Alice and Carol
3. Alice encrypts data with her private key / Bob's public key
4. Bob able to decrypt Alice data with his private key / Carol's public key???

As far as I understand, the ECIES/DH should not allow this, or I'm missing something?

Example:

Functions and branches in aescbc.js and cdb.js are not covered in tests:

See: https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf (ECIES section)
suggested by @juli

Requires should only include what is necessary to keep the browser version small, example:

var crypto = require('bitcore/lib/crypto');
var Point = crypto.Point;
var Hash = crypto.Hash;
var Random = crypto.Random;

Likewise, this is recommended:

var Random = require('bitcore/lib/crypto').Random;

Instead of:

var Random = require('bitcore').crypto.Random;

Remove the following references:

• Poing
• PublicKey
• PrivateKey

using this combo:

    "bitcore-ecies": "^1.0.1",
    "bitcore-lib": "^0.14.0",

throws:

Uncaught Error: More than one instance of bitcore-lib found. Please make sure to require bitcore-lib and check that submodules do not also include their own bitcore-lib dependency.
    at Object.bitcore.versionGuard (index.js:12)
    at Object.<anonymous> (index.js:15)
    at Object.<anonymous> (index.js:70)
    at __webpack_require__ (bootstrap 205478a…:691)
    at fn (bootstrap 205478a…:110)
    at Object.<anonymous> (mnemonic.js:3)
    at Object.<anonymous> (mnemonic.js:295)
    at __webpack_require__ (bootstrap 205478a…:691)
    at fn (bootstrap 205478a…:110)
    at Object.bitcore (index.js:1)

All of the bitcore modules use a lowercase naming convention, e.g.lib/privatekey.js, for the purposes of consistency, we should standardize on this to avoid common typing mistakes.

I'd like to encrypt a message and send it to the receiver, without the receiver having to know the sender's pubkey. That is, all we know is Bob's pub key and nothing about Alice should need to be known. Something like:

// alice's code
var message = 'some secret message';
var bobPublicKey = new bitcode.PublicKey(bobPublicKeyString)
var encryptedForBob = bobPublicKey.encrypt(message);

// bob's code
var bobPrivateKey = new bitcode.PrivateKey(bobPrivateKeyString)
var decrypted = bobPrivateKey.decrypt(encryptedForBob).toString();

Does bitcore-ecies or some other bitcode library support this? There are other node.js libs for this but I'm looking for something that works in-browser.

I'm searching for a way to encrypt and sign messages with bitcoin keys. The sender pub key seams to do something like signing but I don't see a signature check or some ´throw Error(bad sig)´. Please elaborate.

Can signing (sender pub key) be left out?

JSDoc documentation for many of the methods is missing, and currently not listed in bitcore API docs.