本文介绍了Diffie Hellman服务器和HTML5 metro应用程序之间的密钥交换的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好我想在我的服务器和Metro客户端应用之间使用Diffie Hellman密钥交换。但是,我发现虽然.NET(在服务器上)确实在ECDiffieHellmanCng中提供了DiffieHellman实现,但Windows.Security.Cryptography中的新类确实
似乎没有沿着这些行提供任何东西。所以,我无法生成来自客户端的Diffie Hellman公钥(g.pow(randomclientsecret)mod p)



所以,我会,好吧,我会让客户生成一个私人秘密会话密钥,将被签名和加密(rsa)并发送到服务器。 服务器将使用它来生成客户端公钥,然后使用实际密钥与AES一起使用。因此,每个会话
将有一个新密钥,但我不必在服务器上使用会话状态来记住服务器解密的密钥,因为客户端提供随机密钥种子。



但是,即使这样做也有路障:我会通过构造函数初始化一个ECDiffieHellmanCng实例,并根据客户端密钥创建CngKey,但是ECDiffieHellmanCng 实际验证私钥是DiffieHellman组密钥。
我被困了!!!它不仅仅是特定密钥长度的任何随机字节集。字节数组似乎有特殊字节用于指定组。



我有什么选择,没有重新实现生成Diffie Hellman公共参数的算法?谢谢。

Hi I'm want to use Diffie Hellman Key exchange between my server and Metro client app. However, I found that while .NET (on the server) does provide DiffieHellman implementation in ECDiffieHellmanCng, the new classes in Windows.Security.Cryptography does not seem to offer anything along those lines.So, I can't generate Diffie Hellman public key from the client (g.pow(randomclientsecret) mod p)

So, I though, okay, I will get the client to generate a private secret session key which would be signed and encrypted (rsa) and sent to the server.  The server will use this to generate the client public key and then the actual key for use with AES. So, each session will have a new key, but I don't have to use session state on the server to remember the key for server decryption because the client provides a random secret seed.

However, even doing this have road-blocks: I would initialize an instance of ECDiffieHellmanCng via constructor with the CngKey created based on client secret, but ECDiffieHellmanCng  actually validates that the private key is DiffieHellman group key. I am stuck!!! It is not just any random set of bytes of a specific key length. The byte array seem to have special bytes for specifying the group.

What are my options, short of re-implementing the algorithms for generating Diffie Hellman public parameters? Thank you.

推荐答案

H,

在Metro风格的应用程序开发中,只有4.5 .NET框架的一部分可用。 如果您想实现不可用的功能,您可以实现自己的功能或搜索可与WinRT一起使用的第三方库。

In Metro style app development only a subset of the 4.5 .NET framework is available.  If you want to implement functionality that is not available you can implement your own functionality or search for a 3rd party library that will work with WinRT.

-Jeff


这篇关于Diffie Hellman服务器和HTML5 metro应用程序之间的密钥交换的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-31 20:32