我正在尝试使用BouncyCastle生成公钥(因为我使用的是Unity,并且无法访问ECDiffieHellmanCng),然后将公钥传输到服务器它使用ECDiffieHellmanCng进行密钥处理。 服务器拒绝我的密钥,看起来是因为它的长度小。 ECDiffieHellmanCng生成的公钥与Bouncy城堡生成的公钥相比,其大小要大得多。为什么BouncyCastle生成的密钥小于.Net的ECDiffieHellmanCng
有没有办法在充气城堡中生成一个更大的钥匙?
我试着改变keybit大小,但得到一个错误:InvalidParameterException:未知的密钥大小。
密钥BouncyCastle的生成:
3059301306072A8648CE3D020106082A8648CE3D03010703420004272F71C1D8B3DC0A7FCB1E9650EEF64EA8F639BEC97D49F8848455C2F5869F7324332D188129C84727F834EE7EE7D8EB7DFC8D40CD4ED219A4FBCEF6C15200F3
密钥ECDiffieHellmanCng生成:
45434B35420000000055CC8665A66A7CDF2E9BF7C69A25B322C72CDBDB1EA8F348050B0A7CF32F9AAD8 90EA513583367977D5157B2F7FBF55661C9AE2DBAF09B1DC1EA8F193688C3C09501BEE326867ABCB41CA1029F66AF888649F0A6C0674D19670CF32461BA7B3867C1623D68829A7A9A7F1CFC6F5DB99E13C8D960AEF6F5CDAB5B3B62ED6CBEC7222C9F
这里是代码多数民众赞成产生充气城堡关键:
const string Algorithm = "ECDH";
const int KeyBitSize = 256;
const int NonceBitSize = 128;
const int MacBitSize = 128;
const int DefaultPrimeProbability = 30;
IAsymmetricCipherKeyPairGenerator aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm);
DHParametersGenerator aliceGenerator = new DHParametersGenerator();
aliceGenerator.Init(KeyBitSize, DefaultPrimeProbability, new SecureRandom());
DHParameters aliceParameters = aliceGenerator.GenerateParameters();
KeyGenerationParameters aliceKGP = new DHKeyGenerationParameters(new SecureRandom(), aliceParameters);
aliceKeyGen.Init(aliceKGP);
AsymmetricCipherKeyPair aliceKeyPair = aliceKeyGen.GenerateKeyPair();
IBasicAgreement aliceKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm);
aliceKeyAgree.Init(aliceKeyPair.Private);
SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(aliceKeyPair.Public);
byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded();
string serializedPublic = AsString(serializedPublicBytes);
public static string AsString(byte[] bytes, bool keepDashes = false)
{
string hex = BitConverter.ToString(bytes);
return (keepDashes ? hex : hex.Replace("-", ""));
}
我也试过Mentalis.org DH库,这给了我更大的关键,但仍然只是一个头发剪得太短。从mentalis.org库
// create a new DH instance
DiffieHellman dh1 = new DiffieHellmanManaged();
// generate the public key of the first DH instance
byte[] ke1 = dh1.CreateKeyExchange();
string publicKeyString = AsString(ke1);
重点:
5F4542F9A8F5636ECCBBAC38238C97ABE757B8F65E25B181BCF41C58985E699EFD6B9606B99F7074717E83F7AC1B5E97DFF6DBA94876F74645F25F0D7FAA1528898C1BD0BB568DF15A98724093766B213769893A05B47E40410B0F395C834F68F57B2EE01852895D912C1D56675A7D8C5367B5E06DE08AAA18CBB4C69F3AE142
它不是这么多的大小,但有关格式。 Bouncycastle返回公钥的标准化编码,但您的ECDiffieHellmanCng是Microsoft专有的blob。Mentalis结果根本不* ECDH值。 –
嗯,有没有办法使用ECDiffieHellmanCng以外的东西来获得Microsoft专有的blob?我无法访问它。 – Snipe3000
哦,部分尺寸差异是你在CNG有一个NIST P-521密钥,而BouncyCastle有一个NIST P-256密钥。 (0x354B4345 == BCRYPT_ECDH_PUBLIC_P521_MAGIC) – bartonjs