2
  1. 甲方拥有ECC证书(连同其私钥)
  2. 甲方将此ECC证书发送给乙方

  3. 乙方根据该证书计算 ECDiffieHellmanPublicKey

    var cert = new X509Certificate2(certBytes);
var bytesWithFormatIndicator = cert.PublicKey.EncodedKeyValue.RawData;
var bytesWithoutFormatIndicator = bytesWithFormatIndicator.Skip(1).ToArray();
var preBytes = "45434b3120000000".HexToBytes();   // First 8 bytes are specific to elliptic curve P-256
var rawBytes = bytesWithoutFormatIndicator;
var fullBytes = new byte[preBytes.Length + rawBytes.Length];
Buffer.BlockCopy(preBytes, 0, fullBytes, 0, preBytes.Length);
Buffer.BlockCopy(rawBytes, 0, fullBytes, preBytes.Length, rawBytes.Length);

ECDiffieHellmanPublicKey senderPublicKey = ECDiffieHellmanCngPublicKey.FromByteArray(fullBytes, CngKeyBlobFormat.EccPublicBlob);

  4. 乙方创建 ECDH 实现(即临时公钥和私钥对)

    var ecdhReceiver = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP256);

  5. B 方在 ECDH 实现上与 A 方 ECC 证书公钥(以及一些前置和附加字节)一起使用并计算对称密钥

    var prependBytes = "00000001".HexToBytes();
var appendBytes = "00000002".HexToBytes();
var derivedSymmetricKey = ecdhReceiver.DeriveKeyFromHash(senderPublicKey, HashAlgorithmName.SHA256, prependBytes, appendBytes);

  6. 乙方将临时公钥(来自上述 ECDH 实现)发送给甲方

    var ephemeralKeyBytesWithoutFormat = ecdhReceiver.PublicKey.ToByteArray().Skip(8).ToArray()

  7. 甲方现在的目标是使用乙方的临时公钥和甲方的 ECC 证书(及其私钥)计算相同的对称密钥。

我被困在(7)。任何帮助表示赞赏。

谢谢。

4

1 回答 1

0

事实证明这比我想象的要容易:

1) 甲方可以从 open ssl 命令中导出私钥和公钥信息。

    openssl ec -in chris\key.pem -text -noout

2) 甲方获得如下所示的输出。

    Private-Key: (256 bit)
    priv:
        36:aa:94:67:66:2c:c5:3a:6b:44:da:af:2b:af:69:
        eb:83:e1:f6:b2:43:52:b5:b4:82:4f:bb:a7:64:71:
        68:3f
    pub:
        04:e7:b2:14:ce:a1:66:0a:2f:1f:3d:5e:af:95:be:
        e4:4b:00:27:fd:1a:06:f7:14:10:88:2a:ed:2c:51:
        1b:54:13:16:3e:05:f5:5b:bc:48:30:4a:49:32:46:
        7f:ca:fe:cc:b1:a0:09:91:6b:fd:8f:01:7f:41:ba:
        35:50:6e:a4:da
    ASN1 OID: prime256v1
    NIST CURVE: P-256

3)甲方用上述信息构造ECDH实现(公钥中的前导字节0x04是格式指示符,忽略它):

    var ecParamsReceiver = new ECParameters
    {
        Curve = ECCurve.NamedCurves.nistP256,
        D = "36aa9467662cc53a6b44daaf2baf69eb83e1f6b24352b5b4824fbba76471683f".HexToBytes(),
        Q = new ECPoint()
        {
            X = "e7b214cea1660a2f1f3d5eaf95bee44b0027fd1a06f71410882aed2c511b5413".HexToBytes(),
            Y = "163e05f55bbc48304a4932467fcafeccb1a009916bfd8f017f41ba35506ea4da".HexToBytes(),
        }
    };
    ecParamsReceiver.Validate();
    var receiverEcdh = ECDiffieHellman.Create(ecParamsReceiver);

4)甲方从乙方临时公钥构造乙方公钥

    var senderEphemeralPublicKey = ephemeralKeyBytesWithoutFormat;
    var ecParams = new ECParameters
    {
        Curve = ECCurve.NamedCurves.nistP256,
        Q = new ECPoint()
        {
            X = senderEphemeralPublicKey.Take(senderEphemeralPublicKey.Length / 2).ToArray(),
            Y = senderEphemeralPublicKey.Skip(senderEphemeralPublicKey.Length / 2).Take(senderEphemeralPublicKey.Length / 2).ToArray(),
        }
    };
    ecParams.Validate();
    var senderEcdh = ECDiffieHellman.Create(ecParams);

5)甲方使用相同的前置和附加字节来计算相同的对称密钥

    var prependBytes = "00000001".HexToBytes();
    var appendBytes = "00000002".HexToBytes();
    var derivedSymmetricKey = receiverEcdh.DeriveKeyFromHash(senderEcdh.PublicKey, HashAlgorithmName.SHA256, prependBytes, appendBytes);
于 2018-07-04T19:20:59.027 回答