问题描述
限时送ChatGPT账号..我正在使用加密下一代 API (CNG) 实施 ECDHE.我成功生成了公钥和私钥.对于预共享密钥,我使用 BCryptSecretAgreement API,它返回预共享密钥秘密句柄 (BCRYPT_SECRET_HANDLE).
I'm implementing ECDHE using crypto next generation APIs (CNG). I generate public and private keys successfully. For pre-shared key, I use BCryptSecretAgreement API, which returns me the pre-shared key secret handle (BCRYPT_SECRET_HANDLE).
如何将预共享密钥作为 BYTE 数组从 BCRYPT_SECRET_HANDLE 导出?
How can I export the pre-shared key as BYTE array from the BCRYPT_SECRET_HANDLE?
推荐答案
从 Windows 10 开始,您可以使用 BCRYPT_KDF_RAW_SECRET
调用 BCryptDeriveKey()
.
Starting with Windows 10, you can call BCryptDeriveKey()
with BCRYPT_KDF_RAW_SECRET
.
生成的密钥数据是原始秘密.
The resulting key data is the raw secret.
注意 1:bcrypt.h 表示此格式适用于WINBLUE",如果我理解正确,它将是 Windows 8.1,但我收到了 STATUS_NOT_SUPPORTED 以在 Windows 8.1 和 Windows Server 2012 R2 上使用此 KDF 类型.但是,这适用于 Windows 10.)
Note 1: bcrypt.h indicates that this format works for "WINBLUE", which would be Windows 8.1, if I understand correctly, but I received STATUS_NOT_SUPPORTED for the use of this KDF type on both Windows 8.1 and Windows Server 2012 R2. This works, however, on Windows 10.)
注2:我发现使用这种 KDF 类型返回的数据是小端的(BCrypt 中的其他所有内容都是大端的).因此,要在其他大端世界中使用该值,您需要对数据进行字节翻转.
Note2: I found the data returned using this KDF type to be little-endian (where everything else in BCrypt is big-endian). So, to use the value in an otherwise big-endian world, you need to byte-flip the data.
这篇关于从 BCRYPT_SECRET_HANDLE 将共享密钥导出为 BYTE 数组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论