Can I use ECC for encryption/decryption, just like RSA?

Question

I'm familiar with RSA for asymmetric encryption. I also understand it's only supposed to encrypt small amounts of data (smaller than the key) so for encrypting arbitrary data I would typically generate a one-time random key, encrypt just that random key with asymmetric encryption, and then encrypt the actual data using AES with the random key (and then throw away the plaintext key)

Can I also use Elliptic Curve Cryptography for this? And if yes, can I use any common type of curves / keys?

For example, can I create a Ed25519 or Secp256k1 or Secp521r1 keypair, and then encrypt something with the public key so it can only be decrypted with the corresponding private key?

I sometimes read things like 'Ed25519 is only for signatures, not encryption' or 'ECC is only for authentication'.

Suppose I have an RSA keypair MyPrivateRsaKey.pem and MyPublicRsaKey.pem and a small data file secret.txt.
I can encrypt secret.txt using MyPublicRsaKey.pem, and then the encrypted data can only be decrypted with MyPrivateRsaKey.pem.

Now if I have a keypair MyPrivateEd25519Key.pem and MyPublicEd25519Key.pem for example, can I do the same? Or am I mistaken and are elliptic curve keys fundamentally unsuitable for this?

P.S. note that for the context of this question, I'm not dealing with key exchange or signatures or certificates or authentication. Just asymmetric encryption+decryption.

Answer 1

This has indeed been answered previously and I'd be comfortable with it being closed as a redirect to prior answers. But just in case:

No, but yes. These are signature schemes, they cannot be used like RSA. The specific thing you're proposing (directly encrypting a tiny amount of data without a hybrid encryption scheme) is not done. Notice that because key sizes for ECC are much smaller than RSA the "tiny amount of data" could only be a few bytes anyway.

However, the thing you'd actually want to do (encrypting arbitrary data) is possible using ECIES, here's a Wikipedia link about this approach.

https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme

Also, if you're serious about using RSA to encrypt data, please stop. Safely doing this is hard in the general case, plus you've got this arbitrary limit on how much data you can encrypt. Use a hybrid scheme (like ECIES) if you want encryption.