CNG提供程序,如何将EC密钥转换为BCRYPT_ECCKEY_BLOB结构? [英] CNG provider, how to convert an EC key to BCRYPT_ECCKEY_BLOB structure?
问题描述
我正在写CNG提供程序。具体来说,坚持实施 NCryptExportKey
API。我正在尝试从硬件密钥管理器转换EC密钥(用于签名,ECDSA256)。硬件密钥管理器以ASN格式提供密钥。我参考了MSDN文档,其中提到公钥X和Y值(BCRYPT_ECCKEY_BLOB结构)采用大端格式。但在关于stackoverflow的另一篇文章中(导入公众(从其他地方输入CngKey?),那么Magic值似乎也采用大端格式。
I am writing a CNG provider. Specifically, stuck on implementing NCryptExportKey
API. I am trying to convert an EC key (for signing, ECDSA256) from a hardware key manager. The h/w keymanager provides key in ASN format. I referred to MSDN documentation, it's mentioned that public key X and Y values(of BCRYPT_ECCKEY_BLOB structure) are in big-endian format. But in another post on stackoverflow (Import a Public key from somewhere else to CngKey?), the Magic value also seems to be in big-endian format.
我的问题是:
-
'magic'和'length'值需要采用大端格式吗?
Are the 'magic' and 'length' values need to be in big-endian format?
如何将大数X转换为大尾数格式?转换每个字节吗?
How a big number X to be converted to big-endian format? Convert each byte?
推荐答案
您将EC密钥转换为BCRYPT_ECCKEY_BLOB就是这样。
我们应该忽略EC密钥的第一个字节,因为它仅表示压缩/未压缩格式。
You convert EC key to BCRYPT_ECCKEY_BLOB by like this. We should ignore the first byte from EC key because it just represent compressed/uncompressed format.
BCRYPT_ECCKEY_BLOB eccBlobHeader;
PCHAR bycrtptKey;
eccBlobHeader.dwMagic = BCRYPT_ECDH_PUBLIC_P384_MAGIC;
eccBlobHeader.cbKey = 48;//size of EC key(without 1st byte)
memcpy(bycrtptKey, &eccBlobHeader, 8);//copying 8bytes header blob
memcpy(bycrtptKey+ 8,publicKeyFromOtherParty+1,publicKeyFromOtherPartySize- 1);
现在使用bycrtptKey进行导入。
now use bycrtptKey for importing.
这篇关于CNG提供程序,如何将EC密钥转换为BCRYPT_ECCKEY_BLOB结构?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!