OpenSSL是否支持ECDH? [英] does OpenSSL support ECDH?
问题描述
openssl_dh_compute_key() 使我认为OpenSSL不会ECDH.它仅谈论DH,而不是ECDH.此外,公钥基本上只是base-256中的质数,并且有关于如何删除公钥的 ----- BEGIN PUBLIC KEY ----- 部分的具体说明,好像不受支持.另外,从技术上讲,以 ----- BEGIN PUBLIC KEY ----- 开头的字符串是有效的以256为底的数字.
openssl_dh_compute_key() makes me think OpenSSL doesn't ECDH. It only talks about DH, not ECDH. Further, the public key is basically just a prime number in base-256 and there are specific instructions on how to remove the -----BEGIN PUBLIC KEY----- part of the public key, as though it's not supported. Plus, technically, strings beginning with -----BEGIN PUBLIC KEY----- are valid base-256 numbers.
假定ECDH密钥与ECDSA密钥相同,则ECDH的公共密钥由X,Y坐标和曲线(无论是命名曲线还是指定曲线)组成,并且立即知道该公共密钥的格式是什么需要进入openssl_dh_compute_key()才能工作.
Assuming ECDH keys are the same as ECDSA keys, then a public key for ECDH consists of the X, Y coordinates and the curve (be it a named or specified curve) and it's not immediately obvious what format that the public key would need to be in for openssl_dh_compute_key() to work.
尽管如此,我还是没有尝试过,但令我惊讶的是,我没有得到任何错误,但是我也没有得到任何输出.
None-the-less I tried and, to my surprise, I didn't get an error, but neither did I get any output.
$public = '-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkldhVs+UpzZ/E6hYF536mSYvdnfN
oEa/Idsfu7pBEcqPGHTsp+zDM/rquKwr8eoxn554LYw/3udRgzEpHk4vag==
-----END PUBLIC KEY-----';
$private = openssl_pkey_get_private('-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgF1ZD0LhQm5q71gL9
O+yzfX8g/sdYTBz/50nkw6wrE16hRANCAAQeZkUZ3ey7W5Czz52pOLmgSBHlnI3u
9gLcbr9NVCecEstDR0EK2+fJMfokogfW+RdoEJKN0qLdHilGPGHV/aq1
-----END PRIVATE KEY-----');
$s = openssl_dh_compute_key($public, $private);
echo bin2hex($s);
echo "\n\n";
echo openssl_error_string();
$s是错误的.
推荐答案
OpenSSL确实支持 ECDH .我的猜测PHP并未像支持DH那样公开支持ECDH所需的ECDH方法.
OpenSSL does support ECDH. My guess PHP is not exposing the ECDH methods required to support ECDH like it does for DH.
我的猜测是,建议ECH使用EVP功能,该功能会稍微抽象DH指定的内容,而ECDH_compute_key的使用并未真正记录.
My guess is that ECH is recommended to use the EVP functionality which will somewhat abstract the DH specifies, whereas use of ECDH_compute_key is not really documented.
PHP似乎没有提供足够的EVP功能来支持ECDH.
It doesn't look like PHP exposes enough of the EVP functionality to support ECDH.
这篇关于OpenSSL是否支持ECDH?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
