导入从别的地方CngKey公钥? [英] Import a Public key from somewhere else to CngKey?
问题描述
我要寻找一个跨平台的方式来分担ECDSA签名的公钥。我从CngKey和标准的.NET加密库性能的角度去一个伟大的事情,但我无法弄清楚如何将33(或65)个字节的公钥(使用secp256r1 / P256)被越来越变成104字节通过MS ..人机工程学,我不能支持跨平台的签名和验证。
I am looking for a cross platform way to share public keys for ECDsa signing. I had a great thing going from a performance perspective with CngKey and the standard .NET crypto libraries, but then I couldn't figure out how a 33 (or 65) byte public key (using secp256r1/P256) was getting turned into 104 bytes by MS.. Ergo, I couldn't support cross platform signing and verifying..
我使用的BouncyCastle的了,但圣handgranade是慢!
I'm using Bouncycastle now, but holy handgranade is it SLOW!
因此,寻找建议以下要求
So, looking for suggestions for the following requirements
- 跨平台/语言(服务器是.NET,但这是通过JSON / Web.API接口担任了)
- 的JavaScript和Ruby,Python和C ++等。
客户端必须能够对消息进行签名,服务器必须能够与在登记交换到服务的公共密钥来验证签名。
The client has to be able to sign the message, the server has to be able to validate the signature with a public key that was exchanged at registration to the service.
不管怎样,想法将真棒...谢谢
Anyways, Ideas would be awesome... Thanks
推荐答案
所以我想出了一个CngKey的格式导出在ECCPublicKeyBlob和ECCPrivateKeyBlob。这应该让别人等关键格式和CngKey为Elliptcal曲线签署和这样的互操作之间
So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such.
ECCPrivateKeyBlob被格式化(P256为)如下:
ECCPrivateKeyBlob is formatted (for P256) as follows
- [KEY类型(4字节)] [密钥长度(4字节)] [公钥(64字节)] [PRIVATE KEY(32字节)]
- 在HEX密钥类型45-43-53-32
- 在HEX密钥长度为20-00-00-00
- 公钥是uncom pressed格式减去首字节(这始终是04来表示一个uncom $ P $其他图书馆pssed键)
ECCPublicKeyBlob被格式化(P256为)如下:
ECCPublicKeyBlob is formatted (for P256) as follows
- [KEY类型(4字节)] [密钥长度(4字节)] [公钥(64字节)]
- 在HEX密钥类型45-43-53-31
- 在HEX密钥长度为20-00-00-00
- 公钥是uncom pressed格式减去首字节(这始终是04来表示一个uncom $ P $其他图书馆pssed键)
因此,考虑从其他语言pssed公钥十六进制一个uncom $ P $,你可以修剪的第一个字节,这8个字节添加到前面,并使用导入
So given a uncompressed Public key in Hex from another language, you can trim the first byte, add those 8 bytes to the front and import it using
CngKey.Import(key,CngKeyBlobFormat.EccPrivateBlob);
注意:该密钥blob格式是由Microsoft记录
Note: The key blob format is documented by Microsoft.
的密钥类型和密钥长度的 BCRYPT_ECCKEY_BLOB 结构为:
The KEY TYPE and KEY LENGTH are defined in BCRYPT_ECCKEY_BLOB struct as:
{ ulong Magic; ulong cbKey; }
ECC公钥存储格式为:
ECC public key memory format:
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
ECC私钥存储格式为:
ECC private key memory format:
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
BYTE d[cbKey] // Big-endian.
在.NET中可用的魔力值是<一个href=\"https://github.com/dotnet/corefx/blob/master/src/Common/src/Interop/Windows/BCrypt/Interop.Blobs.cs\"相对=nofollow>微软官方GitHub上的dotnet / corefx BCrypt / Interop.Blobs 。
The MAGIC values available in .NET are in Microsoft's official GitHub dotnet/corefx BCrypt/Interop.Blobs.
internal enum KeyBlobMagicNumber : int
{
BCRYPT_ECDH_PUBLIC_P256_MAGIC = 0x314B4345,
BCRYPT_ECDH_PRIVATE_P256_MAGIC = 0x324B4345,
BCRYPT_ECDH_PUBLIC_P384_MAGIC = 0x334B4345,
BCRYPT_ECDH_PRIVATE_P384_MAGIC = 0x344B4345,
BCRYPT_ECDH_PUBLIC_P521_MAGIC = 0x354B4345,
BCRYPT_ECDH_PRIVATE_P521_MAGIC = 0x364B4345,
BCRYPT_ECDSA_PUBLIC_P256_MAGIC = 0x31534345,
BCRYPT_ECDSA_PRIVATE_P256_MAGIC = 0x32534345,
BCRYPT_ECDSA_PUBLIC_P384_MAGIC = 0x33534345,
BCRYPT_ECDSA_PRIVATE_P384_MAGIC = 0x34534345
BCRYPT_ECDSA_PUBLIC_P521_MAGIC = 0x35534345,
BCRYPT_ECDSA_PRIVATE_P521_MAGIC = 0x36534345,
...
...
}
这篇关于导入从别的地方CngKey公钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
