我有一个使用BouncyCaSTLe作为安全提供程序的应用程序,但是我想切换到直接使用OpenSSL的另一个应用程序(Conscrypt)。我遇到的问题是我正在使用BouncyCaSTLe提供的KeyGenerator中的ECDH“ key ”,但在我的其他库中没有类似的KeyGenerator。
为了比较两者,我将使用下面的输入使用这两种方法对点进行解码:
添加了换行符以提高可读性
BADX_GAXp03z_5p05O1-op61KJAl4j9U2sBnAnJ4p_6GSAIyFGU3lM
oC4aIXw_2qlTnplykArgjvwCWw-2g6L44
使用BouncyCaSTLe方法-
public org.bouncycastle.jce.interfaces.ECPublicKey loadECPublicKeyBC(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("ECDH", "BC");
ECParameterSpec ecParameterSpec = ECUtil.getECParameterSpec(openSSLProvider, "prime256v1");
ECPoint ecPoint = ECUtil.decodePoint(decodedPublicKey, ecParameterSpec.getCurve());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
org.bouncycastle.jce.interfaces.ECPublicKey ecPublicKey = (org.bouncycastle.jce.interfaces.ECPublicKey)keyFactory.generatePublic(pubSpec);
return ecPublicKey;
}
返回的
getAlgorithm
是EC
。返回的
getFormat
是X.509
。这个的
getEncoded
值是-[48,-126,1,51,48,-127,-20,6,7,42,-122,72,-50,61,2,1,48,
-127,-32,2,1,1,48,44,6,7,42,-122,72,-50,61,1,1,2,33,0,
-1,-1,-1,-1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,48,68,4,32,-1,-1,-1,-1,0,0,0,1,
0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-4,4,32,90,-58,53,-40,-86,58,-109,-25,-77,-21,-67,85,
118,-104,-122,-68,101,29,6,-80,-52,83,-80,-10,59,-50,60,
62,39,-46,96,75,4,65,4,107,23,-47,-14,-31,44,66,71,-8,-68,
-26,-27,99,-92,64,-14,119,3,125,-127,45,-21,51,-96,-12,
-95,57,69,-40,-104,-62,-106,79,-29,66,-30,-2,26,127,-101,
-114,-25,-21,74,124,15,-98,22,43,-50,51,87,107,49,94,-50,
-53,-74,64,104,55,-65,81,-11,2,33,0,-1,-1,-1,-1,0,0,0,0,-1,
-1,-1,-1,-1,-1,-1,-1,-68,-26,-6,-83,-89,23,-98,-124,-13,
-71,-54,-62,-4,99,37,81,2,1,1,3,66,0,4,0,-41,-4,96,23,-89,
77,-13,-1,-102,116,-28,-19,126,-94,-98,-75,40,-112,37,-30,
63,84,-38,-64,103,2,114,120,-89,-2,-122,72,2,50,20,101,55,
-108,-54,2,-31,-94,23,-61,-3,-86,-107,57,-23,-105,41,0,-82,
8,-17,-64,37,-80,-5,104,58,47,-114]
只需使用BouncyCaSTLe EC算法(而不是ECDH),我就会获得-
[48,-126,1,51,48,-127,-20,6,7,42,-122,72,
-50,61,2,1,48,-127,-32,2,1,1,48,44,6,7,42,
-122,72,-50,61,1,1,2,33,0,-1,-1,-1,-1,0,0,
0,1,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,48,68,4,32,-1,-1,-1,-1,
0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-4,4,32,90,-58,53,-40,
-86,58,-109,-25,-77,-21,-67,85,118,-104,-122,
-68,101,29,6,-80,-52,83,-80,-10,59,-50,60,62,
39,-46,96,75,4,65,4,107,23,-47,-14,-31,44,66,
71,-8,-68,-26,-27,99,-92,64,-14,119,3,125,
-127,45,-21,51,-96,-12,-95,57,69,-40,-104,-62,
-106,79,-29,66,-30,-2,26,127,-101,-114,-25,
-21,74,124,15,-98,22,43,-50,51,87,107,49,94,
-50,-53,-74,64,104,55,-65,81,-11,2,33,0,-1,-1,
-1,-1,0,0,0,0,-1,-1,-1,-1,-1,-1,-1,-1,-68,-26,
-6,-83,-89,23,-98,-124,-13,-71,-54,-62,-4,99,
37,81,2,1,1,3,66,0,4,0,-41,-4,96,23,-89,77,
-13,-1,-102,116,-28,-19,126,-94,-98,-75,40,
-112,37,-30,63,84,-38,-64,103,2,114,120,-89,
-2,-122,72,2,50,20,101,55,-108,-54,2,-31,-94,
23,-61,-3,-86,-107,57,-23,-105,41,0,-82,8,-17,
-64,37,-80,-5,104,58,47,-114]
现在使用Conscrypt方法-
public ECPublicKey loadECPublicKey(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("EC", "Conscrypt");
ECParameterSpec ecParameterSpec = ECUtil.getECParameterSpec(openSSLProvider, "prime256v1");
ECPoint ecPoint = ECUtil.decodePoint(decodedPublicKey, ecParameterSpec.getCurve());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
ECPublicKey ecPublicKey = (ECPublicKey)keyFactory.generatePublic(pubSpec);
return ecPublicKey;
}
返回的
getAlgorithm
是EC
。返回的
getFormat
是X.509
。这个的
getEncoded
值是-[48,89,48,19,6,7,42,-122,72,-50,61,2,1,6,8,42,
-122,72,-50,61,3,1,7,3,66,0,4,0,-41,-4,96,23,
-89,77,-13,-1,-102,116,-28,-19,126,-94,-98,-75,
40,-112,37,-30,63,84,-38,-64,103,2,114,120,-89,
-2,-122,72,2,50,20,101,55,-108,-54,2,-31,-94,23,
-61,-3,-86,-107,57,-23,-105,41,0,-82,8,-17,-64,
37,-80,-5,104,58,47,-114]
忽略两个EC生成 key 之间的差异。 BouncyCaSTLe在ECDH KeyGenerator中做什么?
DH是KeyAgreement,我假设它正在生成EC key 并通过DH KeyAgreement运行它-但是在KeyGenerator规范中未指定任何内容时,它将初始化为私钥吗?
还。为什么当我同时使用这两个提供程序的EC算法时,当两者都使用
prime256v1
规范时,同一算法却得到不同的结果吗?我认为这些至少是相等的。编辑:
ECUtil来自
sun.security.util.ECUtil
。对于我的示例中BC和Java安全性库都使用相同名称的任何类(例如ECPoint),它始终是Java安全性库。仅当该类以bouncycaSTLe路径(例如org.bouncycaSTLe.jce.interfaces.ECPublicKey)为前缀时,它才是BC类。 openSSLProvider是Conscrypt库中OpenSSLProvider的实例。
该项目可以在这里找到。
https://github.com/google/conscrypt
安装的pom在这里-
<dependency>
<groupId>org.conscrypt</groupId>
<artifactId>conscrypt-openjdk-uber</artifactId>
<version>2.1.0</version>
</dependency>
///
import org.conscrypt.OpenSSLProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.security.util.ECUtil;
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new OpenSSLProvider());
ECUtil.getECParameterSpec(new OpenSSLProvider, "prime256v1");
编辑编辑:
完整的最小可重现示例-
编辑编辑编辑:
现在的示例包括手动加载公钥,而不是通过KeyFactory加载。
手动加载BC公钥时,通过 key 工厂加载时,其编码值与Conscrypt公钥的编码值匹配...
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.conscrypt.OpenSSLProvider;
import sun.security.util.ECUtil;
import java.io.IOException;
import java.security.*;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.*;
public class Main {
public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, IOException {
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new OpenSSLProvider());
String pubKey = "BADX_GAXp03z_5p05O1-op61KJAl4j9U2sBnAnJ4p_6GSAIyFGU3lMoC4aIXw_2qlTnplykArgjvwCWw-2g6L44";
ECPublicKey publicKey = (ECPublicKey)loadPublicKey(pubKey, "Conscrypt");
org.bouncycastle.jce.interfaces.ECPublicKey publicKeyBC = (org.bouncycastle.jce.interfaces.ECPublicKey)loadPublicKey(pubKey, "BC");
org.bouncycastle.jce.interfaces.ECPublicKey publicKeyBC2 = (org.bouncycastle.jce.interfaces.ECPublicKey) loadPublicKeyManually(pubKey);
System.out.println(Arrays.toString(publicKey.getEncoded()));
System.out.println(Arrays.toString(publicKeyBC.getEncoded()));
System.out.println(Arrays.toString(publicKeyBC2.getEncoded()));
}
public static PublicKey loadPublicKey(String encodedPublicKey, String provider) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("EC", provider);
ECParameterSpec ecParameterSpec = ECUtil.getECParameterSpec(new OpenSSLProvider(), "prime256v1");
ECPoint ecPoint = ECUtil.decodePoint(decodedPublicKey, ecParameterSpec.getCurve());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
ECPublicKey ecPublicKey = (ECPublicKey)keyFactory.generatePublic(pubSpec);
return ecPublicKey;
}
public static PublicKey loadPublicKeyManually(String encodedPublicKey) {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
org.bouncycastle.jce.spec.ECPublicKeySpec ecPublicKeySpec = new org.bouncycastle.jce.spec.ECPublicKeySpec(
parameterSpec.getCurve().decodePoint(decodedPublicKey),
parameterSpec
);
org.bouncycastle.jce.interfaces.ECPublicKey ecPublicKey = new JCEECPublicKey(
"EC",
ecPublicKeySpec
);
return ecPublicKey;
}
}
最佳答案
这两个公钥表示本质上是等效的。两者都是RFC 5280中描述的DER编码的SubjectPublicKeyInfo结构的实例。该结构不仅包含公用 key ,还包含一些描述公用 key 的算法上下文的元数据。对于其中一种形式,元数据仅声明上下文是“prime256v1”曲线。另一方面,提供了该曲线的所有参数。公钥本身作为两种形式的最后一部分出现,并且您可以看到它们是相同的。
您拥有的是相同公钥的3种不同表示形式。 base-64编码的字符串仅包含根据SEC 1第2.3.3节编码的类型4(未压缩)椭圆曲线点。您在sun.security.util.ECUtil
类中找到了一个未记录且不受支持的API,可以将其转换为PublicKey。
我不确定您对私钥有什么疑问。对于包括ECDH的DH方案,私钥只是从基础组顺序范围中“安全地”选择的整数。然后,通过将该整数乘以曲线的基点来计算公钥(在椭圆曲线意义上)。结果公钥也是曲线上的一个点。
关于java - BouncyCaSTLe如何生成ECDH "Keys"?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/56725999/