从 BCRYPT_SECRET_HANDLE 将共享密钥导出为 BYTE 数组 [英] Exporting shared secret as BYTE array from BCRYPT_SECRET_HANDLE

问题描述

我正在使用加密下一代 API (CNG) 实施 ECDHE.我成功生成了公钥和私钥.对于预共享密钥，我使用 BCryptSecretAgreement API，它返回预共享密钥秘密句柄 (BCRYPT_SECRET_HANDLE).

I'm implementing ECDHE using crypto next generation APIs (CNG). I generate public and private keys successfully. For pre-shared key, I use BCryptSecretAgreement API, which returns me the pre-shared key secret handle (BCRYPT_SECRET_HANDLE).

如何将预共享密钥作为 BYTE 数组从 BCRYPT_SECRET_HANDLE 导出?

How can I export the pre-shared key as BYTE array from the BCRYPT_SECRET_HANDLE?

推荐答案

从 Windows 10 开始，您可以使用 BCRYPT_KDF_RAW_SECRET 调用 BCryptDeriveKey().

Starting with Windows 10, you can call BCryptDeriveKey() with BCRYPT_KDF_RAW_SECRET.

生成的密钥数据是原始秘密.

The resulting key data is the raw secret.

注意 1:bcrypt.h 表示此格式适用于WINBLUE"，如果我理解正确，它将是 Windows 8.1，但我收到了 STATUS_NOT_SUPPORTED 以在 Windows 8.1 和 Windows Server 2012 R2 上使用此 KDF 类型.但是，这适用于 Windows 10.)

Note 1: bcrypt.h indicates that this format works for "WINBLUE", which would be Windows 8.1, if I understand correctly, but I received STATUS_NOT_SUPPORTED for the use of this KDF type on both Windows 8.1 and Windows Server 2012 R2. This works, however, on Windows 10.)

注2:我发现使用这种 KDF 类型返回的数据是小端的(BCrypt 中的其他所有内容都是大端的).因此，要在其他大端世界中使用该值，您需要对数据进行字节翻转.

Note2: I found the data returned using this KDF type to be little-endian (where everything else in BCrypt is big-endian). So, to use the value in an otherwise big-endian world, you need to byte-flip the data.

这篇关于从 BCRYPT_SECRET_HANDLE 将共享密钥导出为 BYTE 数组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！