Ok, dug up my minimal ECC (ECDSA + ECIES) implementation in newer JS (the one with BigInt type support) written 1.5 years ago. Custom modexp implementation included. Now thinking of how to port it to POSIX bc (because bigints really are bc's/dc's specialization). The SHA256 requirement can be temporarily dropped for now, as I really can't think of any embedded system that has bc and doesn't have sha256sum. POSIX AWK can be a glue language for all this.

Just need to find some time to start rolling it.