0

我正在与使用 AES-CCM 加密的设备通信,我需要使用 ECDH 派生的密钥进行设置。我的机器证书在 TPM 中有一个 ECC 私钥。

我对此有些陌生,所以请多多包涵。

这是我现在正在查看的代码。这是用我的证书签署密钥的正确方法吗?

//this will actually be loaded by another method.  Only here for demo purposes;
X509Certificate2 masterEndEntityCert;

//we are using the NST p-256 curve
using (var ecdh = new ECDiffieHellmanCng(ECCurve.NamedCurves.nistP256))
{
    //our HKDF should be HMAC
    ecdh.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hmac;
    ecdh.HashAlgorithm = CngAlgorithm.Sha256;

    //get the ephemeral key to send to the other device
    var ephemeralKey = ecdh.PublicKey.ToByteArray();

    //get the ecdsa private key from my cert for signing
    using (var alg = masterEndEntityCert.GetECDsaPrivateKey() as ECDsaCng)
    {
        //sign the sha256 hash of the key
        var sig = alg.SignData(ephemeralKey, HashAlgorithmName.SHA256);

        //concat the ephemeral key and the signed hash together for transmission
        this.SignedEphemeralPublicKey = ephemeralKey.Concat(sig).ToArray();
    }
}
4

0 回答 0