使用OpenSSL 1.1生成EC密钥时仅使用1个EVP_PKEY [英] Using only 1 EVP_PKEY while generating EC keys using OpenSSL 1.1

问题描述

在我看到的所有示例中，使用EVP高级函数通过OpenSSL使用椭圆曲线生成密钥，需要两个EVP_PKEY_CTX和EVP_PKEY(总共4个)变量:

In all of the examples I've seen of generating a key using elliptic curve via OpenSSL using the EVP high level functions, two EVP_PKEY_CTX and EVP_PKEY (total of 4) variables are needed:

1. 一对用于参数生成的键/上下文
2. 用于实际密钥本身的一对密钥/上下文对(使用参数初始化).

是否有可能将两者合并为一对密钥/上下文对?据我了解，从我所看到的示例中，逻辑是这样的:

Is it possible to consolidate this down to just one key/context pair for both? As I understand it, from the examples I've seen, the logic goes like this:

1. 使用所需的任何曲线算法ID创建EVP_PKEY_CONTEXT.
2. 使用EVP_PKEY_paramgen_init()初始化上下文.
3. 在参数上下文中调用所需的任何参数设置函数(例如EVP_PKEY_CTX_set_ec_paramgen_curve_nid).
4. 使用EVP_PKEY_paramgen生成/完成参数，从而为您提供EVP_PKEY.
5. 为实际键创建一个EVP_PKEY_CTX，并使用上一步中的参数EVP_PKEY进行初始化.
6. 使用EVP_PKEY_keygen_init()初始化密钥.
7. 使用EVP_PKEY_keygen()生成/确定密钥.

1. Create an EVP_PKEY_CONTEXT using whatever curve algorithm ID you want.
2. Initialize the context with EVP_PKEY_paramgen_init().
3. Call whatever parameter-setting functions you want on the param context (e.g. EVP_PKEY_CTX_set_ec_paramgen_curve_nid).
4. Generate/finalize the parameters with EVP_PKEY_paramgen which gives you an EVP_PKEY.
5. Create an EVP_PKEY_CTX for the actual key, initialized with the param EVP_PKEY from the previous step.
6. Init the key with EVP_PKEY_keygen_init().
7. Generate/finalize the key with EVP_PKEY_keygen().

有什么方法可以简化这个过程?例如，我可以只初始化一个键，调用该键上的paramgen函数，然后再调用EVP_PKEY_keygen()吗?根据我的经验，这就是RSA密钥生成的工作方式(您实际上只完成了上面的最后两个步骤，中间发生了步骤3).

Is there any way to simplify this process? For example, can I just init a key, call the paramgen functions on the key, and then call EVP_PKEY_keygen()? This is sort of how it works with RSA key generation from my experience (you really only do the last 2 steps above, with step 3 happening in the middle).

文档指出了这一点，这似乎表明第二个上下文/密钥对是不必要的:

The documentation states this, which seems to indicate the second context/key pair is unnecessary:

在调用EVP_PKEY_keygen_init()或EVP_PKEY_paramgen_init()算法之后，可以执行特定的控制操作来为该操作设置任何适当的参数.

After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm specific control operations can be performed to set any appropriate parameters for the operation.

如果使用相同参数执行多项操作，则可以在同一上下文中多次调用函数EVP_PKEY_keygen()和EVP_PKEY_paramgen().

The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than once on the same context if several operations are performed using the same parameters.

也许我误会了，但似乎是说您可以在调用EVP_PKEY_keygen_init()之后调用参数设置函数，而不是使用paramgen函数.

Maybe I'm misunderstanding, but it seems like it's saying you can invoke the parameter-setting functions after calling EVP_PKEY_keygen_init(), instead of using the paramgen functions.

推荐答案

单独的参数生成阶段确实适用于Diffie-Hellman等算法(在必要时).对于EC，您几乎总是使用标准"参数集(即众所周知的曲线).因此，OpenSSL允许您对此进行快捷方式设置，并且仅在您已经知道要使用哪些参数的情况下才进行密钥生成.对于EVP_PKEY_CTX_set_ec_paramgen_curve_nid()宏，可以通过参数生成或键生成选项将其明确记录为可用:

The separate parameter generation stage is really intended for algorithms such as Diffie-Hellman where this is necessary. For EC you almost always use "standard" sets of parameters (i.e. well known curves). Therefore OpenSSL allows you to shortcut this and only do the key generation if you already know what parameters you want to use. In the case of the EVP_PKEY_CTX_set_ec_paramgen_curve_nid() macro it is explicitly documented to be usable by either the parameter generation or key generation options:

https://www.openssl.org/docs/man1 .1.1/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.html

EVP_PKEY_CTX_set_ec_paramgen_curve_nid()设置EC参数的EC曲线 生成到B.对于EC参数生成，必须调用此宏 或由于没有默认曲线而发生错误. 在以下情况下，也可以调用此函数来显式设置曲线 生成EC密钥.

The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to B. For EC parameter generation this macro must be called or an error occurs because there is no default curve. This function can also be called to set the curve explicitly when generating an EC key.

因此，使用P-256曲线(NID_X9_62_prime256v1)生成密钥的代码可能如下所示:

So the code to generate a key using the P-256 curve (NID_X9_62_prime256v1) might look like this:

#include <openssl/evp.h>
#include <openssl/ec.h>

int main(void) {
    EVP_PKEY_CTX *ctx;
    EVP_PKEY *pkey = NULL;
    int ret = 1;

    ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
    if (ctx == NULL)
        goto err;
    if (EVP_PKEY_keygen_init(ctx) <= 0)
        goto err;
    if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_X9_62_prime256v1) <= 0)
        goto err;

    /* Generate key */
    if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
        goto err;

    printf("Success!\n");

    ret = 0;
 err:
    EVP_PKEY_CTX_free(ctx);
    return ret;
}

这仅需要一个EVP_PKEY和一个EVP_PKEY_CTX.

这篇关于使用OpenSSL 1.1生成EC密钥时仅使用1个EVP_PKEY的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！