ByteArray中的ECDiffieHellmanPublicKey(使用ECDiffieHellman NamedCurves) [英] ECDiffieHellmanPublicKey from ByteArray (using ECDiffieHellman NamedCurves)

问题描述

我正在使用通讯nodejs-> c#服务器. 我需要确保它们之间的连接安全，因此我选择使用ECDiffieHellman作为密钥交换机制(nodejs支持它).我有一些问题...只是我的知识不足，所以我上了一节课，现在我可以生成和导出密钥，因为base64和nodejs接受c#密钥没有问题，但是另一方面c#...赢了甚至都不用自己的钥匙... error System.Security.Cryptography.CryptographicException: 'The parameter is incorrect.' 是的，我知道我做错了，但是什么?

I'm working on communication nodejs -> c# server. I need to secure connection between them so I chode ECDiffieHellman as the key exchange mechanism (nodejs supports it). I had some problem with it... Just my lack of knowledge so I've made my lesson and now I can generate and export keys as base64 and nodejs have no problem with accepting c# key but on the other side c# ... won't even take his own key ... error System.Security.Cryptography.CryptographicException: 'The parameter is incorrect.' Ye I know I'm making sth wrong but what?

using (ECDiffieHellman alice = ECDiffieHellman.Create(ECCurve.NamedCurves.brainpoolP256r1))
{

    var alicePublicKey = Convert.ToBase64String(alice.PublicKey.ToByteArray());
    //NODEJS brainpoolP256r1 publickey 
    var key1 = Convert.FromBase64String("BB92GQLod55fXEhgNxwQcPQFFvph7eIjnSzdNz2PhzUAOcaPEiLBPQR6AL5pqVLFram8OtPapoBGYZn2vaGl+/U=").ToList();
    //test
    var key2 = Convert.FromBase64String(alicePublicKey);
    var keyType = new byte[] { 0x45, 0x43, 0x4B, 0x50 };
    var keyLength = new byte[] { 0x20, 0x00, 0x00, 0x00 };
    key1.RemoveAt(0);
    key1 = keyType.Concat(keyLength).Concat(key1).ToList();
    byte[] bobKeyBytes = key1.ToArray();
    ECDiffieHellmanPublicKey k = ECDiffieHellmanCngPublicKey.FromByteArray(bobKeyBytes, new CngKeyBlobFormat("ECCPUBLICBLOB")); //error  System.Security.Cryptography.CryptographicException: 'The parameter is incorrect.'
    ECDiffieHellmanPublicKey kk = ECDiffieHellmanCngPublicKey.FromByteArray(key2, new CngKeyBlobFormat("ECCPUBLICBLOB")); // error System.Security.Cryptography.CryptographicException: 'The parameter is incorrect.'
    byte[] aliceKey = alice.DeriveKeyMaterial(k);
    byte[] encryptedMessage = null;
    byte[] iv = null;
    // Send(aliceKey, "Secret message", out encryptedMessage, out iv);
}

您可以在此处找到故事的其余部分 ECDH nodejs和C#密钥交换

you can find rest of the story there ECDH nodejs and C# key exchange

推荐答案

您断言进入key1的base64内容适用于BrainpoolP256r1.

You're asserting that the base64 contents that go into key1 are for brainpoolP256r1.

解码该值，我们看到它是一个以04开头的65字节有效负载，对于具有256位素数的曲线，它看起来像是未压缩的点编码.到目前为止一切顺利.

Decoding the value we see that it's a 65 byte payload starting with 04, which looks like an uncompressed point encoding for a curve with a 256-bit prime. So far so good.

您甚至已经正确使用了BCRYPT_ECDH_PUBLIC_GENERIC_MAGIC，但是如果不指定可告诉它哪条曲线的导入属性，就无法导入通用命名密钥Blob".

You've even correctly used BCRYPT_ECDH_PUBLIC_GENERIC_MAGIC, but you can't import a "generic named key blob" without specifying the import property that tells it which curve.

从这一点开始加载密钥的简单方法是

The easy way that you load the key from this point is

byte[] keyX = new byte[key1.Length / 2];
byte[] keyY = new byte[keyX.Length];
Buffer.BlockCopy(key1, 1, keyX, 0, keyX.Length);
Buffer.BlockCopy(key1, 1 + keyX.Length, keyY, 0, keyY.Length);

ECParameters parameters = new ECParameters
{
    Curve = ECCurve.NamedCurves.brainpoolP256r1,
    Q =
    {
        X = keyX,
        Y = keyY,
    },
};

byte[] derivedKey;

using (ECDiffieHellman bob = ECDiffieHellman.Create(parameters))
using (ECDiffieHellmanPublicKey bobPublic = bob.PublicKey)
{
    derivedKey = alice.DeriveKeyFromHash(bobPublic, HashAlgorithmName.SHA256);
}

我已经着手将DeriveKeyMaterial方法扩展为ECDiffieHellmanCng的默认含义，因为其他类型的ECDH不支持该方法(由于其行为特异性低).

I've gone ahead and expanded the DeriveKeyMaterial method into what it means by default with an ECDiffieHellmanCng, since other types of ECDH don't support that method (due to its low specificity of behavior).

这篇关于ByteArray中的ECDiffieHellmanPublicKey(使用ECDiffieHellman NamedCurves)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！