从BouncyCastle导出EC私钥并导入CngKey或ECDsaCng？ [英] Export EC private key from BouncyCastle and import into CngKey or ECDsaCng?

问题描述

我已经使用BouncyCastle为椭圆曲线DSA签名创建了密钥对，并设法使用编码为 RFC4050 。现在，我也想移动私钥，但还没有找到解决方案。我最接近的是使用CngKey.Import。

I have created key pairs for elliptic curve DSA signatures using BouncyCastle and managed to import the public key into ECDsaCng using an XMLString accoding to RFC4050. Now I want to also move the private key and have not managed to find a solution. The closest I have got is using CngKey.Import.

CngKey.Import支持PKCS＃8格式，因此，如果您可以将密钥转换为有效的pkcs8，那么它应该可以工作。不幸的是，以下代码无法正常工作。

CngKey.Import supports PKCS#8 format so if you can get your keys into valid pkcs8 then it should work. Unfortunately the following code does not quite work.

var privatekey = (ECPrivateKeyParameters) keyPair.Private;

var pkinfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privatekey);

byte[] pkcs8Blob = pkinfo.GetDerEncoded(); 

var importedKey = CngKey.Import(pkcs8Blob, CngKeyBlobFormat.Pkcs8PrivateBlob);

这将引发异常：

System.Security.Cryptography.CryptographicException：满足ASN1错误标记值。

System.Security.Cryptography.CryptographicException: ASN1 bad tag value met.

GetDerEncoded应该返回有效的Pkcs8 blob据我所知。

GetDerEncoded should return a valid Pkcs8 blob as far as I can tell.

如何在ECDsaCng对象中使用BouncyCastle创建的私钥？

How can I use the private key created with BouncyCastle in a ECDsaCng object?

推荐答案

经过多次梳理，阅读RFC并研究BouncyCastle和CngKey生成的字节数组。导出我已经找到了答案。

After much hair-pulling, reading RFCs and studying the byte arrays generated by BouncyCastle and CngKey.Export I have found the answer.

问题在于BouncyCastle如何将EC密钥编码为DER / Pkcs8格式。与该特定问题相关的两个RFC是RFC5915（这不是标准而是共识文件）和RFC5480。它们指出必须使用RFC5480中引用的命名曲线来指定曲线参数。当您使用错误的生成器参数创建AsymmetricCipherKeyPair时，PKCS8 / DER导出的BouncyCastle实现将导出整个曲线规范（隐式曲线），该规范不符合这两个规范。您必须使用ECKeyGenerationParameters来指定命名曲线。

The issue lies in how BouncyCastle encodes the EC key to DER/Pkcs8 format. The two RFCs which are relevant to this particular issue are RFC5915 (which is not a standard but instead a consensus document) and RFC5480. They state that curve parameters must be specified using named curves referenced in RFC5480. The BouncyCastle implementation of PKCS8/DER exporting will export the entire curve specification (implicit curve) which is not compliant with these two specs when you create the AsymmetricCipherKeyPair using the wrong generator parameters. You must use the ECKeyGenerationParameters which specify a named curve.

在BouncyCastle中创建可互操作的键时，必须使用以下内容（据我所知）：

The following must be used (as far as I can tell) when creating interoperable keys in BouncyCastle:

string namedCurve = "prime256v1";
ECKeyPairGenerator pGen = new ECKeyPairGenerator();
ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(
  X962NamedCurves.GetOid(namedCurve)   
  new SecureRandom());
pGen.Init(genParam);

AsymmetricCipherKeyPair keyPair = pGen.GenerateKeyPair();

可以通过使用Der编码字节导入密钥来创建CngKey：

The CngKey can be created by importing the key using the Der encoded bytes:

var bcKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
var pkcs8Blob = bcKeyInfo.GetDerEncoded();
var importedKey = CngKey.Import(pkcs8Blob, CngKeyBlobFormat.Pkcs8PrivateBlob);

这篇关于从BouncyCastle导出EC私钥并导入CngKey或ECDsaCng？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！