为什么本站点的ECC-DH对称密钥与OpenSSL不同 [英] Why is the ECC-DH Symmetric Key Of This Site Different From OpenSSL

问题描述

我正在使用（本网站） Javascript库和OpenSSL Ruby来计算Elliptic Curve Diffie Hellman的对称密钥。

I am using (this site's) Javascript library and OpenSSL Ruby to compute the symmetric key of Elliptic Curve Diffie Hellman.

但是，根据我的结果，OpenSSL Ruby只生成一个密钥，与具有X和Y对称密钥的网站不同。我感到困惑，因为我的OpenSSL对称密钥与网站上的那些x和y中的任何一个都不匹配。

However, from my results, OpenSSL Ruby only generated one key unlike that on the site which has X and Y symmetric keys. I am baffled as my OpenSSL symmetric key doesn't match either one of those x and y on the site.

我使用的对称（共享密钥）密钥 secp224r1 曲线：

The symmetric(shared secret) keys I got using secp224r1 curve:

Ruby OpenSSL

Ruby OpenSSL

   13506351678569412185536677668115375188438201041599149052762191980775

使用Site的JS库

x: 26210366144026557327555572210249241206666031403062020900473236895358
y: 19676808255388748321882118528911150828003358302170965920476006073155

我的问题是：

1）为什么OpenSSL Ruby只产生一个键，而该大小产生两个键：x和y（因为我假设x和y赢了因为与Ruby对称密钥相比，bitsize将太长，所以不能相互连接。

1) Why does OpenSSL Ruby yields only one key while that size yields two keys: x and y (as I've assumed x and y won't be concatenated with each other since the bitsize will be too long when compared to the Ruby symmetric key)

2）有没有办法转换两个对称密钥（上面的OpenSSL和JSBN-EC库）彼此？我所有的转换尝试都失败了。

2) Is there a way to convert the two symmetric keys (OpenSSL and JSBN-EC library above) from one another? All my attempts to convert failed.

我一直在努力工作一周，现在用JSBN-EC库实现Ruby OpenSSL。我也尝试了（SJCL库）但类似的结果（对称密钥不匹配）。请帮忙。

I've been struggling for a week now implementing Ruby OpenSSL with that JSBN-EC library. I've also tried (SJCL library) but similar results (symmetric keys don't match). Please help.

推荐答案

我已经设法通过在客户端（JSBN-EC）上使用对称密钥来实现它服务器OpenSSL Ruby

I've managed to work it out now with working symmetric keys on client (JSBN-EC) and on server OpenSSL Ruby

我发现我的问题实际上在于代码本身。修好之后，我最终在OpenSSL Ruby上找到了一个对称密钥，如下所示：

I found out that my problem actually lies in the code itself. After fixing it, I've ended up with a symmetric key on OpenSSL Ruby as follows:

#Ruby: OpenSSL
...
...
symm_key = ec.dh_compute_key(point)
symm_key.unpack('B*').first.to_i(2) #Converts to binary, then to integer
#--> 6922380353406615622038660570577625762884344085425862813095878420328

在客户端使用JSBN-EC

While on the client side using JSBN-EC

#Javascript: JSBN-EC
...
...
var curve = get_curve();
var P = new ECPointFp(curve,
curve.fromBigInteger(server_pub_key_x),
curve.fromBigInteger(server_pub_key_y));
var a = client_priv_key;
var S = P.multiply(a);

console.log('SYMM_KEY X: '+S.getX().toBigInteger().toString());
//--> 6922380353406615622038660570577625762884344085425862813095878420328
console.log('SYMM_KEY Y: '+S.getY().toBigInteger().toString());
//--> 14426877769799867628378883482085635535383864283889042780773103726343

因此从外观来看，与Ruby OpenSSL值匹配的对称密钥是X值JSBN-EC对称密钥

Therefore from the looks of it, the symmetric key that matches the Ruby OpenSSL value is the X value of the JSBN-EC symmetric key

6922380353406615622038660570577625762884344085425862813095878420328
==
6922380353406615622038660570577625762884344085425862813095878420328

我不知道现在的Y值是多少。看起来我不需要它。干杯! ：）

I don't know what the Y value is now for. Looks like I won't need it. Cheers! :)

这篇关于为什么本站点的ECC-DH对称密钥与OpenSSL不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！