我正在构建一个Web API,我需要实现ECDH来执行端到端加密。在服务器端,我有一个C#应用程序,在客户端,我有一个Javascript应用程序。
我可以交换密钥,生成私钥并加密消息,但是解密时遇到问题。
我认为问题出在公共密钥的交换上。在javascript键中,以“ 4”字节开头,.NET键以8个字节开头,用于标识键的类型和大小,我需要更改此字节以导入每个键(我发现的信息{{3 }})。也许这会导致一些不一致。
在客户端,我正在使用Web密码API处理ECDH。我正在实现如下。
生成密钥
await window.crypto.subtle.generateKey(
{
name: "ECDH",
namedCurve: "P-256",
},
false,
["deriveKey", "deriveBits"]
);
像这样导出公钥:
await window.crypto.subtle.exportKey(
"raw",
publicKey
);
导入外部公钥
await window.crypto.subtle.importKey(
"raw",
{
name: "ECDH",
namedCurve: "P-256",
},
false,
["deriveKey", "deriveBits"]
)
最后得到密钥
await window.crypto.subtle.deriveKey(
{
name: "ECDH",
namedCurve: "P-256",
public: publicKey,
},
privateKey,
{
name: "AES-CBC",
length: 256,
},
false,
["encrypt", "decrypt"]
)
在服务器端,我正在执行以下相同步骤。 生成公钥
private static ECDiffieHellmanCng ecdh = new ECDiffieHellmanCng(256);
public static void GeneratePublicKey()
{
ecdh.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
ecdh.HashAlgorithm = CngAlgorithm.Sha256;
publicKey = ecdh.PublicKey.ToByteArray();
}
导出公钥。请注意,我更改了第一个字节
public static byte[] GetPublicKey()
{
var auxKey = publicKey.Skip(7).ToArray();
auxKey[0] = 4;
return auxKey;
}
导入公钥并派生私钥。请注意,我更改了第一个字节
public static void GerarChavePrivada(byte[] bobPublicKey)
{
byte[] aux = new byte[bobPublicKey.Length + 7];
aux[0] = 0x45;
aux[1] = 0x43;
aux[2] = 0x4B;
aux[3] = 0x31;
aux[4] = 0x20;
aux[5] = 0x00;
aux[6] = 0x00;
aux[7] = 0x00;
for (int i = 1; i < bobPublicKey.Length; i++)
{
aux[7 + i] = bobPublicKey[i];
}
var importedKey = CngKey.Import(aux, CngKeyBlobFormat.EccPublicBlob);
privateKey = ecdh.DeriveKeyMaterial(importedKey);
}
我相信问题在于这些键。无论如何,这些都是加密和解密代码:
JavaScript
async function encrypt2(iv, key, data){
var mensagemCriptografada;
await window.crypto.subtle.encrypt(
{
name: "AES-CBC",
iv: iv,
},
key,
str2ab(data) //Data is a string and I'm converting using str2ab method.
)
.then(function(encrypted){
mensagemCriptografada = encrypted;
})
.catch(function(err){
console.error(err);
});
return mensagemCriptografada;
}
function str2ab (str) {
var array = new Uint8Array(str.length);
for(var i = 0; i < str.length; i++) {
array[i] = str.charCodeAt(i);
}
return array.buffer
}
C#
string decMessage = "";
using (Aes aes = new AesCryptoServiceProvider())
{
aes.Key = privateKey;
aes.IV = iv; //IV is the same used by the javascript code
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.None;
var dec = aes.CreateDecryptor(privateKey, iv);
var plain = dec.TransformFinalBlock(message, 0, message.Length);
//I've tried every possible enconding.
decMessage = Encoding.UTF8.GetString(plain);
}
return decMessage;
我真的不知道如何解决这个问题。
答案 0 :(得分:0)
您看过PKI.js吗?在那里,您可以找到CMS Enveloped / Encrypted Data的所有可能的密钥加密方案的完整实现。还有所有示例的live examples和here is源代码。请注意,WiKi page关于在PKI.js中使用CMS EnvelopedData。
答案 1 :(得分:0)
我有同样的问题。经过更多调试之后,我意识到C#使用DeriveKeyMaterial生成的密钥随后将使用SHA-256进行哈希处理。
我的解决方案是在javascript上导出派生密钥,对其进行散列,然后将其作为新密钥导入。
cryptoApi().deriveKey(
{
name: "ECDH",
namedCurve: "P-256", //can be "P-256", "P-384", or "P-521"
public: ServerKey, //an ECDH public key from generateKey or importKey
},
ECkey.privateKey, //your ECDH private key from generateKey or importKey
{ //the key type you want to create based on the derived bits
name: "AES-CBC", //can be any AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH", or "HMAC")
//the generateKey parameters for that type of algorithm
length: 256, //can be 128, 192, or 256
},
true, //whether the derived key is extractable (i.e. can be used in exportKey)
["encrypt", "decrypt"] //limited to the options in that algorithm's importKey
)
.then(function(AESKeyData){
//returns the exported key data
console.log(AESKeyData);
cryptoApi().exportKey('raw',
AESKeyData
).then(function (exportedAESKeyData) {
cryptoApi().digest('SHA-256', exportedAESKeyData).then(function (HashedAESKeyValue) {
console.log(HashedAESKeyValue);
cryptoApi().importKey(
'raw',
HashedAESKeyValue,
{ //the key type you want to create based on the derived bits
name: "AES-CBC", //can be any AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH", or "HMAC")
//the generateKey parameters for that type of algorithm
length: 256, //can be 128, 192, or 256
},
false,
["encrypt", "decrypt"]
).then(function (TrueAESKey) {
cryptoApi().decrypt(
{
name: 'AES-CBC',
length: 256,
iv: base64ToArrayBuffer(IV)
},
TrueAESKey,
base64ToArrayBuffer(EncryptedData)
).then(function (decrypted) {
console.log(buf2hex(decrypted));
});
})
});
});
})
答案 2 :(得分:0)
尝试通过这种方式完成
gist中的全部示例
view()使用方法:
class Protector {
ab2str(buffer) {
return new TextDecoder().decode(buffer);
}
str2ab(text) {
return new TextEncoder().encode(text);
}
generateIv() {
return crypto.getRandomValues(new Uint8Array(16));
}
/**
* @see https://github.com/mdn/dom-examples/blob/master/web-crypto/derive-bits/ecdh.js
*/
async generateKey() {
this.key = await window.crypto.subtle.generateKey(
{ name: 'ECDH', namedCurve: 'P-256' },
false,
['deriveBits']
);
}
async encrypt(plaintext) {
const counter = this.generateIv();
const buffer = await crypto.subtle.decrypt({
name: 'aes-ctr',
counter: counter,
length: 128
}, this.importedKey, this.str2ab(plaintext));
return { buffer, counter };
}
async decrypt(data) {
const buffer = await crypto.subtle.decrypt({
name: 'aes-ctr',
counter: data.counter,
length: 128
}, this.importedKey, data.buffer);
return this.ab2str(buffer);
}
getPublicKey() {
return {publicKey: this.key.publicKey};
}
async setRemotePublicKey(key) {
this.clientKey = key;
this.sharedSecret = await window.crypto.subtle.deriveBits(
{ name: 'ECDH', namedCurve: 'P-256', public: this.clientKey.publicKey },
this.key.privateKey,
256
);
this.importedKey = await crypto.subtle.importKey(
'raw',
this.sharedSecret,
'aes-ctr',
false,
['encrypt', 'decrypt']
);
}
}