我正在尝试使用openssl在Linux(客户端)和使用Mentalis DiffieHellman C#包的Win 7(服务器端)之间实现Diffie-Hellman密钥共享(从http://www.mentalis.org下载)
客户端: DH * client_key = DH_new();
int rc = DH_generate_parameters_ex(client_key, 1024, DH_GENERATOR_2, NULL);
rc = DH_generate_key(client_key) code:
// Example of the client->pub_key (128 bytes):
//"0E9948EB9B589678805A0CCD46FAF6D834478571F9C8046AB67C06B2B091DD63E752B4B48565F87CBED02E1B150064636C36BDFC3
//570CD7EC6D90BC1CEA1AC303F335592286B30BD6D42714EF50C78649A2E5F6C41BD9CE625C2CF20DF89F762253C0954CBFCCDE4ED
//728330C1378545EBE746FB04F4935E2251B17F577C87FE"
int generated_key_length = BN_num_bytes(client_key->pub_key);
unsigned char *share_key = (unsigned char *)calloc(DH_size(client_key));
// Share the client public key to the server
char *pub_key_string = BN_bn2hex(client_key->pub_key);
// Example of the server_pubkey (128 bytes):
//"3D69F1371BAD271518D5D51978CBEBAD463E743F450937600F15037BA9B134F7008065A337DDBACD9C7DE58188F0DCE4D546FA8591
//18A2C791EBABA751A2774E57831A5AE9F3C5FAA192A11AA170EC4B5BF23CF70354A865AA5CDDFCC50A364B6835AA0652C1D498A079
//F994C8004E0FC9C3727EFAAD8AFF7786EDD5B945454F"
rc = DH_compute_key(share_key, server_pubkey, client_key):
// Example of the computed share_key (128 bytes):
//"6B1387C957BBC5BE7EFA8B44E2DA2306CBD54838A94EB187532FEFC2EAE0D19EFA42DAA1330F9D32676E986959DC18DC98EBCD1703
//2B2B4B034E88E8270EAB766B0479469E2C1CA2B49D2DB47194D606038958CA683297B1982A571825631B55BCED80B9599DE64D7DA7
//CD7CECDB6D1B522641C95DAA1C859380A3D623515A44"
free(secret_key);
DH_free(client_key);
// **End of Client side code!**
**Server side (C#) code:**
using Org.Mentalis.Security.Cryptography;
// Create a new DH instance
DiffieHellman dhServer = new DiffieHellmanManaged();
// Generate the public key of the first DH instance
byte[] server_pubkey = dhServer.CreateKeyExchange();
// And, hex encode server_pubkey and send it to the client side
// Decode the hex-encoded client_pubkey to get the share_key
byte[] sharedKey = dhServer.DecryptKeyExchange(client_pubkey);
// **End of Server side code!**
基于上面的实现,我从未成功获取计算的share_keys(一个来自客户端, 而另一个来自服务器端)相同!我错过了什么或做错了什么?
我还想问一下,是否有其他“c#包”/方法可以在服务器端用于与openssl共享DH密钥?非常感谢。