我正在寻找一种跨平台的方式来共享用于 ECDSA 签名的公钥.从 CngKey 和标准 .NET 加密库的性能角度来看,我有一件很棒的事情,但后来我无法弄清楚 33(或 65)字节公钥(使用 secp256r1/P256)是如何变成 104 字节的by MS.. Ergo,我不支持跨平台签名和验证..
I am looking for a cross platform way to share public keys for ECDSA signing. I had a great thing going from a performance perspective with CngKey and the standard .NET crypto libraries, but then I couldn't figure out how a 33 (or 65) byte public key (using secp256r1/P256) was getting turned into 104 bytes by MS.. Ergo, I couldn't support cross platform signing and verifying..
我现在正在使用 BouncyCastle,但神圣的手榴弹速度太慢了!
I'm using BouncyCastle now, but holy handgranade is it SLOW!
所以,寻找以下要求的建议:
So, looking for suggestions for the following requirements:
- JavaScript、Ruby、Python、C++ 等.
- [KEY TYPE(4 个字节)][KEY LENGTH(4 个字节)][PUBLIC KEY(64 个字节)][PRIVATE KEY(32 个字节)]
- 十六进制的 KEY TYPE 是 45-43-53-32
- 十六进制的键长度为 20-00-00-00
- PUBLIC KEY 是未压缩格式减去前导字节(在其他库中始终为 04 表示未压缩密钥)
- [KEY TYPE(4 个字节)][KEY LENGTH(4 个字节)][PUBLIC KEY(64 个字节)]
- 十六进制的KEY TYPE是45-43-53-31
- 十六进制的键长度为 20-00-00-00
- PUBLIC KEY 是未压缩格式减去前导字节(在其他库中始终为 04 表示未压缩密钥)
客户端必须能够对消息进行签名,服务器必须能够使用在注册服务时交换的公钥来验证签名.
The client has to be able to sign the message, the server has to be able to validate the signature with a public key that was exchanged at registration to the service.
无论如何,想法会很棒......谢谢
Anyways, Ideas would be awesome... Thanks
推荐答案所以我已经弄清楚了在 ECCPublicKeyBlob 和 ECCPrivateKeyBlob 中导出的 CngKey 的格式.这应该允许其他人在其他密钥格式和 CngKey 之间进行互操作,以进行椭圆曲线签名等.
So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such.
ECCPrivateKeyBlob 的格式(对于 P256)如下
ECCPrivateKeyBlob is formatted (for P256) as follows
ECCPublicKeyBlob 的格式(对于 P256)如下
ECCPublicKeyBlob is formatted (for P256) as follows
所以给定一个来自其他语言的未压缩十六进制公钥,您可以修剪第一个字节,将这 8 个字节添加到前面并使用
So given a uncompressed Public key in Hex from another language, you can trim the first byte, add those 8 bytes to the front and import it using
CngKey.Import(key,CngKeyBlobFormat.EccPrivateBlob);注意:密钥 blob 格式由 Microsoft 记录.
Note: The key blob format is documented by Microsoft.
KEY TYPE 和 KEY LENGTH 在 BCRYPT_ECCKEY_BLOB 结构为:
The KEY TYPE and KEY LENGTH are defined in BCRYPT_ECCKEY_BLOB struct as:
{ ulong Magic; ulong cbKey; }ECC公钥内存格式:
BCRYPT_ECCKEY_BLOB BYTE X[cbKey] // Big-endian. BYTE Y[cbKey] // Big-endian.ECC私钥内存格式:
BCRYPT_ECCKEY_BLOB BYTE X[cbKey] // Big-endian. BYTE Y[cbKey] // Big-endian. BYTE d[cbKey] // Big-endian..NET 中可用的 MAGIC 值位于 微软官方 GitHub dotnet/corefx BCrypt/Interop.Blobs.
The MAGIC values available in .NET are in Microsoft's official GitHub dotnet/corefx BCrypt/Interop.Blobs.
internal enum KeyBlobMagicNumber : int { BCRYPT_ECDH_PUBLIC_P256_MAGIC = 0x314B4345, BCRYPT_ECDH_PRIVATE_P256_MAGIC = 0x324B4345, BCRYPT_ECDH_PUBLIC_P384_MAGIC = 0x334B4345, BCRYPT_ECDH_PRIVATE_P384_MAGIC = 0x344B4345, BCRYPT_ECDH_PUBLIC_P521_MAGIC = 0x354B4345, BCRYPT_ECDH_PRIVATE_P521_MAGIC = 0x364B4345, BCRYPT_ECDSA_PUBLIC_P256_MAGIC = 0x31534345, BCRYPT_ECDSA_PRIVATE_P256_MAGIC = 0x32534345, BCRYPT_ECDSA_PUBLIC_P384_MAGIC = 0x33534345, BCRYPT_ECDSA_PRIVATE_P384_MAGIC = 0x34534345 BCRYPT_ECDSA_PUBLIC_P521_MAGIC = 0x35534345, BCRYPT_ECDSA_PRIVATE_P521_MAGIC = 0x36534345, ... ... }更多推荐
将公钥从其他地方导入 CngKey?
发布评论