問題描述
我正在尋找一種跨平臺(tái)的方式來共享用于 ECDSA 簽名的公鑰.從 CngKey 和標(biāo)準(zhǔn) .NET 加密庫的性能角度來看,我有一件很棒的事情,但后來我無法弄清楚 33(或 65)字節(jié)公鑰(使用 secp256r1/P256)是如何變成 104 字節(jié)的by MS.. Ergo,我不支持跨平臺(tái)簽名和驗(yàn)證..
I am looking for a cross platform way to share public keys for ECDSA signing. I had a great thing going from a performance perspective with CngKey and the standard .NET crypto libraries, but then I couldn't figure out how a 33 (or 65) byte public key (using secp256r1/P256) was getting turned into 104 bytes by MS.. Ergo, I couldn't support cross platform signing and verifying..
我現(xiàn)在正在使用 BouncyCastle,但神圣的手榴彈速度太慢了!
I'm using BouncyCastle now, but holy handgranade is it SLOW!
所以,尋找以下要求的建議:
So, looking for suggestions for the following requirements:
- 跨平臺(tái)/語言(服務(wù)器是 .NET,但這是通過 JSON/Web.API 接口提供的)
- JavaScript、Ruby、Python、C++ 等.
客戶端必須能夠?qū)ο⑦M(jìn)行簽名,服務(wù)器必須能夠使用在注冊服務(wù)時(shí)交換的公鑰來驗(yàn)證簽名.
The client has to be able to sign the message, the server has to be able to validate the signature with a public key that was exchanged at registration to the service.
無論如何,想法會(huì)很棒......謝謝
Anyways, Ideas would be awesome... Thanks
推薦答案
所以我已經(jīng)弄清楚了在 ECCPublicKeyBlob 和 ECCPrivateKeyBlob 中導(dǎo)出的 CngKey 的格式.這應(yīng)該允許其他人在其他密鑰格式和 CngKey 之間進(jìn)行互操作,以進(jìn)行橢圓曲線簽名等.
So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such.
ECCPrivateKeyBlob 的格式(對于 P256)如下
ECCPrivateKeyBlob is formatted (for P256) as follows
- [KEY TYPE(4 個(gè)字節(jié))][KEY LENGTH(4 個(gè)字節(jié))][PUBLIC KEY(64 個(gè)字節(jié))][PRIVATE KEY(32 個(gè)字節(jié))]
- 十六進(jìn)制的 KEY TYPE 是 45-43-53-32
- 十六進(jìn)制的鍵長度為 20-00-00-00
- PUBLIC KEY 是未壓縮格式減去前導(dǎo)字節(jié)(在其他庫中始終為 04 表示未壓縮密鑰)
ECCPublicKeyBlob 的格式(對于 P256)如下
ECCPublicKeyBlob is formatted (for P256) as follows
- [KEY TYPE(4 個(gè)字節(jié))][KEY LENGTH(4 個(gè)字節(jié))][PUBLIC KEY(64 個(gè)字節(jié))]
- 十六進(jìn)制的KEY TYPE是45-43-53-31
- 十六進(jìn)制的鍵長度為 20-00-00-00
- PUBLIC KEY 是未壓縮格式減去前導(dǎo)字節(jié)(在其他庫中始終為 04 表示未壓縮密鑰)
所以給定一個(gè)來自其他語言的未壓縮十六進(jìn)制公鑰,您可以修剪第一個(gè)字節(jié),將這 8 個(gè)字節(jié)添加到前面并使用
So given a uncompressed Public key in Hex from another language, you can trim the first byte, add those 8 bytes to the front and import it using
CngKey.Import(key,CngKeyBlobFormat.EccPrivateBlob);
注意:密鑰 blob 格式由 Microsoft 記錄.
Note: The key blob format is documented by Microsoft.
KEY TYPE 和 KEY LENGTH 在 BCRYPT_ECCKEY_BLOB 結(jié)構(gòu)為:
The KEY TYPE and KEY LENGTH are defined in BCRYPT_ECCKEY_BLOB struct as:
{ ulong Magic; ulong cbKey; }
ECC公鑰內(nèi)存格式:
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
ECC私鑰內(nèi)存格式:
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
BYTE d[cbKey] // Big-endian.
.NET 中可用的 MAGIC 值位于 微軟官方 GitHub dotnet/corefx BCrypt/Interop.Blobs.
The MAGIC values available in .NET are in Microsoft's official GitHub dotnet/corefx BCrypt/Interop.Blobs.
internal enum KeyBlobMagicNumber : int
{
BCRYPT_ECDH_PUBLIC_P256_MAGIC = 0x314B4345,
BCRYPT_ECDH_PRIVATE_P256_MAGIC = 0x324B4345,
BCRYPT_ECDH_PUBLIC_P384_MAGIC = 0x334B4345,
BCRYPT_ECDH_PRIVATE_P384_MAGIC = 0x344B4345,
BCRYPT_ECDH_PUBLIC_P521_MAGIC = 0x354B4345,
BCRYPT_ECDH_PRIVATE_P521_MAGIC = 0x364B4345,
BCRYPT_ECDSA_PUBLIC_P256_MAGIC = 0x31534345,
BCRYPT_ECDSA_PRIVATE_P256_MAGIC = 0x32534345,
BCRYPT_ECDSA_PUBLIC_P384_MAGIC = 0x33534345,
BCRYPT_ECDSA_PRIVATE_P384_MAGIC = 0x34534345
BCRYPT_ECDSA_PUBLIC_P521_MAGIC = 0x35534345,
BCRYPT_ECDSA_PRIVATE_P521_MAGIC = 0x36534345,
...
...
}
這篇關(guān)于將公鑰從其他地方導(dǎo)入 CngKey?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!