C# 从文本文件中的公钥获取 CngKey 对象 [英] C# Get CngKey object from public key in text file

问题描述

我有一个文件，其中有几个 ECDSA SHA256 的公钥.该文件如下所示:

I have got a file in which there are several public keys for ECDSA SHA256. The file looks like:

KEY_ID: 1
STATUS: VALID
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaq6djyzkpHdX7kt8DsSt6IuSoXjp
WVlLfnZPoLaGKc/2BSfYQuFIO2hfgueQINJN3ZdujYXfUJ7Who+XkcJqHQ==
-----END PUBLIC KEY-----

KEY_ID: 2
STATUS: VALID
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Y5mYZL/EEY9zGji+hrgGkeoyccK
D0/oBoSDALHc9+LXHKsxXiEV7/h6d6+fKRDb6Wtx5cMzXT9HyY+TjPeuTg==
-----END PUBLIC KEY-----

KEY_ID: 3
STATUS: VALID
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkvgJ6sc2MM0AAFUJbVOD/i34YJJ8
ineqTN+DMjpI5q7fQNPEv9y2z/ecPl8qPus8flS4iLOOxdwGoF1mU9lwfA==
-----END PUBLIC KEY-----

我怎样才能为这些键中的一个(或全部)获取 CngKey 对象(或 CngKey 列表)?

How can I can get CngKey object (or list of CngKey) for one (or all) of these keys?

我尝试过类似的东西

string plainTextKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaq6djyzkpHdX7kt8DsSt6IuSoXjpWVlLfnZPoLaGKc/2BSfYQuFIO2hfgueQINJN3ZdujYXfUJ7Who+XkcJqHQ==";
byte[] publicKeyBytes = Convert.FromBase64String(plainTextKey);
CngKey ret = CngKey.Import(publicKeyBytes, CngKeyBlobFormat.EccPublicBlob);

但是 Import 方法抛出 System.Security.Cryptography.CryptographicException 无效参数.

but Import method throws System.Security.Cryptography.CryptographicException for invalid parameter.

推荐答案

EccPublicBlob 映射到 BCRYPT_ECCPUBLIC_BLOB 格式类型，不是 X.509 SubjectPublicKeyInfo.

EccPublicBlob maps to BCRYPT_ECCPUBLIC_BLOB format type, not X.509 SubjectPublicKeyInfo.

如果您的所有密钥都在 secp256r1/NIST P-256 上，那么有一个非常简单的 hacky 方法.

If all of your keys are on secp256r1/NIST P-256 then there's a pretty straightforward hacky approach.

您可能已经注意到，您的所有密钥都以 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 开头.我们很快就会看到原因.

You may have noticed that all of your keys start with MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE. We'll see why shortly.

转换

MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaq6djyzkpHdX7kt8DsSt6IuSoXjp
WVlLfnZPoLaGKc/2BSfYQuFIO2hfgueQINJN3ZdujYXfUJ7Who+XkcJqHQ==

到字节(或者，这里是十六进制):

to bytes (or, here, hex):

30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 
86 48 CE 3D 03 01 07 03 42 00 04 6A AE 9D 8F 2C 
E4 A4 77 57 EE 4B 7C 0E C4 AD E8 8B 92 A1 78 E9 
59 59 4B 7E 76 4F A0 B6 86 29 CF F6 05 27 D8 42 
E1 48 3B 68 5F 82 E7 90 20 D2 4D DD 97 6E 8D 85 
DF 50 9E D6 86 8F 97 91 C2 6A 1D

这是一个 DER 编码的 X.509 SubjectPublicKeyInfo blob.

This is a DER encoded X.509 SubjectPublicKeyInfo blob.

使用我们看到的 DER-fu

Using our DER-fu we see

// SubjectPublicKeyInfo
30 59  // SEQUENCE, 0x59 == 89 bytes of payload
   // AlgorithmIdentifier
   30 13  // SEQUENCE, 0x13 == 19 bytes of payload
      // AlgorithmIdentifier.algorithm
      06 07 2A 86 48 CE 3D 02 01  // OBJECT ID 1.2.840.10045.2.1 (id-ecPublicKey)
      // AlgorithmIdentifier.parameters
      06 08 2A 86 48 CE 3D 03 01 07 // OBJECT ID 1.2.840.10045.3.1.7 (secp256r1)
   // SubjectPublicKeyInfo.publicKey
   03 42 00  // BIT STRING, 0x42 == 66 (65) payload bytes, 0 unused bits
      // "the public key"
      04
      92F809EAC73630CD000055096D5383FE2DF860927C8A77AA4CDF83323A48E6AE
      DF40D3C4BFDCB6CFF79C3E5F2A3EEB3C7E54B888B38EC5DC06A05D6653D9707C

由于算法标识符是 id-ecPublicKey，因此参数是标识曲线的 OID(在本例中为 secp256r1/NIST P-256).和公钥"格式来自 SEC 1 v2.0 (2.3.4 Octet-String-到椭圆曲线点转换).

Since the algorithm identifier is id-ecPublicKey the parameters is an OID identifying the curve (in this case, secp256r1 / NIST P-256). And "the public key" is of a format from SEC 1 v2.0 (2.3.4 Octet-String-to-Elliptic-Curve-Point Conversion).

最常见的编码是类型04，未压缩的密钥.(0x04 后跟 Qx 填充到必要的长度，然后 Qy 填充到必要的长度).

The most common encoding is type 04, uncompressed key. (0x04 followed by Qx padded to the necessary length followed by Qy padded to the necessary length).

因此，对于在 secp256r1 上以 04 类型编码的所有点，字节模式都以

So, for all points encoded with type 04 on secp256r1 the byte pattern starts with

30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 
86 48 CE 3D 03 01 07 03 42 00 04

恰好与 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 的通用 base64 前缀对齐.

which happens to align to a common base64 prefix of MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE.

CNG 想要什么 是 [32 位标识符][32 位小端长度][填充 Qx][填充 Qy].

What CNG wants is [32-bit identifier][32-bit little-endian length][padded Qx][padded Qy].

所以超级骗子的hacky版本是:

So the super-duper hacky version is:

private static readonly byte[] s_secp256r1Prefix =
    Convert.FromBase64String("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE");

// For ECDH instead of ECDSA, change 0x53 to 0x4B.
private static readonly byte[] s_cngBlobPrefix = { 0x45, 0x43, 0x53, 0x31, 0x20, 0, 0, 0 };

private static CngKey ImportECDsa256PublicKey(string base64)
{
    byte[] subjectPublicKeyInfo = Convert.FromBase64String(base64);

    if (subjectPublicKeyInfo.Length != 91)
        throw new InvalidOperationException();

    byte[] prefix = s_secp256r1Prefix;

    if (!subjectPublicKeyInfo.Take(prefix.Length).SequenceEqual(prefix))
        throw new InvalidOperationException();

    byte[] cngBlob = new byte[s_cngBlobPrefix.Length + 64];
    Buffer.BlockCopy(s_cngBlobPrefix, 0, cngBlob, 0, s_cngBlobPrefix.Length);

    Buffer.BlockCopy(
        subjectPublicKeyInfo,
        s_secp256r1Prefix.Length,
        cngBlob,
        s_cngBlobPrefix.Length,
        64);

    return CngKey.Import(cngBlob, CngKeyBlobFormat.EccPublicBlob);
}

要支持其他曲线，您需要将 CNG blob 的前 4 个字节更改为正确的Magic"；值，并将第 5 个字节更改为正确的长度.当然，不同的 SubjectPublicKeyInfo 前缀，64 不会是公钥坐标长度(64 == 256/8 * 2).但所有这些都留给读者作为练习.

To support other curves you need to change the first 4 bytes of the CNG blob to the correct "Magic" value, and change the 5th byte to be the correct length. And, of course, different SubjectPublicKeyInfo prefixes, and 64 won't be the public key coordinate length (64 == 256 / 8 * 2). But all of that is left as an exercise to the reader.

请参阅 C# 和 PHP ECDH 不匹配反过来.

这篇关于C# 从文本文件中的公钥获取 CngKey 对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！