問題描述
我正在尋找一種跨平臺的方式來共享用于 ECDSA 簽名的公鑰.從 CngKey 和標準 .NET 加密庫的性能角度來看,我有一件很棒的事情,但后來我無法弄清楚 33(或 65)字節公鑰(使用 secp256r1/P256)是如何變成 104 字節的by MS.. Ergo,我不支持跨平臺簽名和驗證..
I am looking for a cross platform way to share public keys for ECDSA signing. I had a great thing going from a performance perspective with CngKey and the standard .NET crypto libraries, but then I couldn't figure out how a 33 (or 65) byte public key (using secp256r1/P256) was getting turned into 104 bytes by MS.. Ergo, I couldn't support cross platform signing and verifying..
我現在正在使用 BouncyCastle,但神圣的手榴彈速度太慢了!
I'm using BouncyCastle now, but holy handgranade is it SLOW!
所以,尋找以下要求的建議:
So, looking for suggestions for the following requirements:
- 跨平臺/語言(服務器是 .NET,但這是通過 JSON/Web.API 接口提供的)
- JavaScript、Ruby、Python、C++ 等.
客戶端必須能夠對消息進行簽名,服務器必須能夠使用在注冊服務時交換的公鑰來驗證簽名.
The client has to be able to sign the message, the server has to be able to validate the signature with a public key that was exchanged at registration to the service.
無論如何,想法會很棒......謝謝
Anyways, Ideas would be awesome... Thanks
推薦答案
所以我已經弄清楚了在 ECCPublicKeyBlob 和 ECCPrivateKeyBlob 中導出的 CngKey 的格式.這應該允許其他人在其他密鑰格式和 CngKey 之間進行互操作,以進行橢圓曲線簽名等.
So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such.
ECCPrivateKeyBlob 的格式(對于 P256)如下
ECCPrivateKeyBlob is formatted (for P256) as follows
- [KEY TYPE(4 個字節)][KEY LENGTH(4 個字節)][PUBLIC KEY(64 個字節)][PRIVATE KEY(32 個字節)]
- 十六進制的 KEY TYPE 是 45-43-53-32
- 十六進制的鍵長度為 20-00-00-00
- PUBLIC KEY 是未壓縮格式減去前導字節(在其他庫中始終為 04 表示未壓縮密鑰)
ECCPublicKeyBlob 的格式(對于 P256)如下
ECCPublicKeyBlob is formatted (for P256) as follows
- [KEY TYPE(4 個字節)][KEY LENGTH(4 個字節)][PUBLIC KEY(64 個字節)]
- 十六進制的KEY TYPE是45-43-53-31
- 十六進制的鍵長度為 20-00-00-00
- PUBLIC KEY 是未壓縮格式減去前導字節(在其他庫中始終為 04 表示未壓縮密鑰)
所以給定一個來自其他語言的未壓縮十六進制公鑰,您可以修剪第一個字節,將這 8 個字節添加到前面并使用
So given a uncompressed Public key in Hex from another language, you can trim the first byte, add those 8 bytes to the front and import it using
CngKey.Import(key,CngKeyBlobFormat.EccPrivateBlob);
注意:密鑰 blob 格式由 Microsoft 記錄.
Note: The key blob format is documented by Microsoft.
KEY TYPE 和 KEY LENGTH 在 BCRYPT_ECCKEY_BLOB 結構為:
The KEY TYPE and KEY LENGTH are defined in BCRYPT_ECCKEY_BLOB struct as:
{ ulong Magic; ulong cbKey; }
ECC公鑰內存格式:
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
ECC私鑰內存格式:
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
BYTE d[cbKey] // Big-endian.
.NET 中可用的 MAGIC 值位于 微軟官方 GitHub dotnet/corefx BCrypt/Interop.Blobs.
The MAGIC values available in .NET are in Microsoft's official GitHub dotnet/corefx BCrypt/Interop.Blobs.
internal enum KeyBlobMagicNumber : int
{
BCRYPT_ECDH_PUBLIC_P256_MAGIC = 0x314B4345,
BCRYPT_ECDH_PRIVATE_P256_MAGIC = 0x324B4345,
BCRYPT_ECDH_PUBLIC_P384_MAGIC = 0x334B4345,
BCRYPT_ECDH_PRIVATE_P384_MAGIC = 0x344B4345,
BCRYPT_ECDH_PUBLIC_P521_MAGIC = 0x354B4345,
BCRYPT_ECDH_PRIVATE_P521_MAGIC = 0x364B4345,
BCRYPT_ECDSA_PUBLIC_P256_MAGIC = 0x31534345,
BCRYPT_ECDSA_PRIVATE_P256_MAGIC = 0x32534345,
BCRYPT_ECDSA_PUBLIC_P384_MAGIC = 0x33534345,
BCRYPT_ECDSA_PRIVATE_P384_MAGIC = 0x34534345
BCRYPT_ECDSA_PUBLIC_P521_MAGIC = 0x35534345,
BCRYPT_ECDSA_PRIVATE_P521_MAGIC = 0x36534345,
...
...
}
這篇關于將公鑰從其他地方導入 CngKey?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!