我有一个使用BouncyCastle作为安全提供程序的应用程序,但是我想切换到另一个直接使用OpenSSL的应用程序(Conscrypt)。我遇到的问题是我正在使用BouncyCastle提供的KeyGenerator中的ECDH“密钥”,但在我的其他库中没有类似的KeyGenerator。
要比较两者,我将使用下面的输入使用这两种方法对点进行解码-
添加换行符以提高可读性
BADX_GAXp03z_5p05O1-op61KJAl4j9U2sBnAnJ4p_6GSAIyFGU3lM
oC4aIXw_2qlTnplykArgjvwCWw-2g6L44
使用BouncyCastle方法-
public org.bouncycastle.jce.interfaces.ECPublicKey loadECPublicKeyBC(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("ECDH", "BC");
ECParameterSpec ecParameterSpec = ECUtil.getECParameterSpec(openSSLProvider, "prime256v1");
ECPoint ecPoint = ECUtil.decodePoint(decodedPublicKey, ecParameterSpec.getCurve());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
org.bouncycastle.jce.interfaces.ECPublicKey ecPublicKey = (org.bouncycastle.jce.interfaces.ECPublicKey)keyFactory.generatePublic(pubSpec);
return ecPublicKey;
}
返回的getAlgorithm是EC。
返回的getFormat是X.509。
此getEncoded的值是-
[48,-126,1,51,48,-127,-20,6,7,42,-122,72,-50,61,2,1,48,
-127,-32,2,1,1,48,44,6,7,42,-122,72,-50,61,1,1,2,33,0,
-1,-1,-1,-1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,48,68,4,32,-1,-1,-1,-1,0,0,0,1,
0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-4,4,32,90,-58,53,-40,-86,58,-109,-25,-77,-21,-67,85,
118,-104,-122,-68,101,29,6,-80,-52,83,-80,-10,59,-50,60,
62,39,-46,96,75,4,65,4,107,23,-47,-14,-31,44,66,71,-8,-68,
-26,-27,99,-92,64,-14,119,3,125,-127,45,-21,51,-96,-12,
-95,57,69,-40,-104,-62,-106,79,-29,66,-30,-2,26,127,-101,
-114,-25,-21,74,124,15,-98,22,43,-50,51,87,107,49,94,-50,
-53,-74,64,104,55,-65,81,-11,2,33,0,-1,-1,-1,-1,0,0,0,0,-1,
-1,-1,-1,-1,-1,-1,-1,-68,-26,-6,-83,-89,23,-98,-124,-13,
-71,-54,-62,-4,99,37,81,2,1,1,3,66,0,4,0,-41,-4,96,23,-89,
77,-13,-1,-102,116,-28,-19,126,-94,-98,-75,40,-112,37,-30,
63,84,-38,-64,103,2,114,120,-89,-2,-122,72,2,50,20,101,55,
-108,-54,2,-31,-94,23,-61,-3,-86,-107,57,-23,-105,41,0,-82,
8,-17,-64,37,-80,-5,104,58,47,-114]
我只用BouncyCastle EC算法(不是ECDH)就得到了
[48,-126,1,51,48,-127,-20,6,7,42,-122,72,
-50,61,2,1,48,-127,-32,2,1,1,48,44,6,7,42,
-122,72,-50,61,1,1,2,33,0,-1,-1,-1,-1,0,0,
0,1,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,48,68,4,32,-1,-1,-1,-1,
0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-4,4,32,90,-58,53,-40,
-86,58,-109,-25,-77,-21,-67,85,118,-104,-122,
-68,101,29,6,-80,-52,83,-80,-10,59,-50,60,62,
39,-46,96,75,4,65,4,107,23,-47,-14,-31,44,66,
71,-8,-68,-26,-27,99,-92,64,-14,119,3,125,
-127,45,-21,51,-96,-12,-95,57,69,-40,-104,-62,
-106,79,-29,66,-30,-2,26,127,-101,-114,-25,
-21,74,124,15,-98,22,43,-50,51,87,107,49,94,
-50,-53,-74,64,104,55,-65,81,-11,2,33,0,-1,-1,
-1,-1,0,0,0,0,-1,-1,-1,-1,-1,-1,-1,-1,-68,-26,
-6,-83,-89,23,-98,-124,-13,-71,-54,-62,-4,99,
37,81,2,1,1,3,66,0,4,0,-41,-4,96,23,-89,77,
-13,-1,-102,116,-28,-19,126,-94,-98,-75,40,
-112,37,-30,63,84,-38,-64,103,2,114,120,-89,
-2,-122,72,2,50,20,101,55,-108,-54,2,-31,-94,
23,-61,-3,-86,-107,57,-23,-105,41,0,-82,8,-17,
-64,37,-80,-5,104,58,47,-114]
现在使用Conscrypt方法-
public ECPublicKey loadECPublicKey(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("EC", "Conscrypt");
ECParameterSpec ecParameterSpec = ECUtil.getECParameterSpec(openSSLProvider, "prime256v1");
ECPoint ecPoint = ECUtil.decodePoint(decodedPublicKey, ecParameterSpec.getCurve());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
ECPublicKey ecPublicKey = (ECPublicKey)keyFactory.generatePublic(pubSpec);
return ecPublicKey;
}
返回的getAlgorithm是EC。
返回的getFormat是X.509。
getEncoded的值是-
[48,89,48,19,6,7,42,-122,72,-50,61,2,1,6,8,42,
-122,72,-50,61,3,1,7,3,66,0,4,0,-41,-4,96,23,
-89,77,-13,-1,-102,116,-28,-19,126,-94,-98,-75,
40,-112,37,-30,63,84,-38,-64,103,2,114,120,-89,
-2,-122,72,2,50,20,101,55,-108,-54,2,-31,-94,23,
-61,-3,-86,-107,57,-23,-105,41,0,-82,8,-17,-64,
37,-80,-5,104,58,47,-114]
忽略两个EC生成的密钥之间的差异。 BouncyCastle在ECDH KeyGenerator中做什么?
DH是KeyAgreement,我假设它正在生成EC密钥并通过DH KeyAgreement运行它,但是当KeyGenerator规范中未指定任何内容时,它将初始化为私钥吗?
也。为什么当我两个供应商都使用EC算法时,当两者都使用prime256v1规范时,对于同一算法我却得到了不同的结果?我认为这些至少是相等的。
编辑:
ECUtil来自sun.security.util.ECUtil。
对于在我的示例中BC和Java安全性库都使用相同名称的任何类(例如ECPoint)-它始终是Java安全性库。仅当该类以bouncycastle路径(例如org.bouncycastle.jce.interfaces.ECPublicKey)为前缀时,它才是BC类。 openSSLProvider是Conscrypt库中OpenSSLProvider的实例。
可以在这里找到该项目。
https://github.com/google/conscrypt
这里要安装的pom-
<dependency>
<groupId>org.conscrypt</groupId>
<artifactId>conscrypt-openjdk-uber</artifactId>
<version>2.1.0</version>
</dependency>
///
import org.conscrypt.OpenSSLProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.security.util.ECUtil;
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new OpenSSLProvider());
ECUtil.getECParameterSpec(new OpenSSLProvider, "prime256v1");
编辑编辑:
完整的最小可复制示例-
编辑编辑编辑:
示例现在包括手动加载公共密钥,而不是通过KeyFactory加载。
手动加载BC公钥时,其编码值与通过Key Factory加载时Conscrypt公钥的编码值匹配...
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.conscrypt.OpenSSLProvider;
import sun.security.util.ECUtil;
import java.io.IOException;
import java.security.*;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.*;
public class Main {
public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, IOException {
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new OpenSSLProvider());
String pubKey = "BADX_GAXp03z_5p05O1-op61KJAl4j9U2sBnAnJ4p_6GSAIyFGU3lMoC4aIXw_2qlTnplykArgjvwCWw-2g6L44";
ECPublicKey publicKey = (ECPublicKey)loadPublicKey(pubKey, "Conscrypt");
org.bouncycastle.jce.interfaces.ECPublicKey publicKeyBC = (org.bouncycastle.jce.interfaces.ECPublicKey)loadPublicKey(pubKey, "BC");
org.bouncycastle.jce.interfaces.ECPublicKey publicKeyBC2 = (org.bouncycastle.jce.interfaces.ECPublicKey) loadPublicKeyManually(pubKey);
System.out.println(Arrays.toString(publicKey.getEncoded()));
System.out.println(Arrays.toString(publicKeyBC.getEncoded()));
System.out.println(Arrays.toString(publicKeyBC2.getEncoded()));
}
public static PublicKey loadPublicKey(String encodedPublicKey, String provider) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("EC", provider);
ECParameterSpec ecParameterSpec = ECUtil.getECParameterSpec(new OpenSSLProvider(), "prime256v1");
ECPoint ecPoint = ECUtil.decodePoint(decodedPublicKey, ecParameterSpec.getCurve());
ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameterSpec);
ECPublicKey ecPublicKey = (ECPublicKey)keyFactory.generatePublic(pubSpec);
return ecPublicKey;
}
public static PublicKey loadPublicKeyManually(String encodedPublicKey) {
Base64.Decoder base64Decoder = Base64.getUrlDecoder();
byte[] decodedPublicKey = base64Decoder.decode(encodedPublicKey);
ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
org.bouncycastle.jce.spec.ECPublicKeySpec ecPublicKeySpec = new org.bouncycastle.jce.spec.ECPublicKeySpec(
parameterSpec.getCurve().decodePoint(decodedPublicKey),
parameterSpec
);
org.bouncycastle.jce.interfaces.ECPublicKey ecPublicKey = new JCEECPublicKey(
"EC",
ecPublicKeySpec
);
return ecPublicKey;
}
}
答案 0 :(得分:5)
这两个公钥表示基本上是等效的。两者都是RFC 5280中描述的DER编码的SubjectPublicKeyInfo结构的实例。该结构不仅包含公用密钥,还包含一些描述公用密钥的算法上下文的元数据。对于其中一种形式,元数据仅声明上下文是“ prime256v1”曲线。另一方面,提供了该曲线的所有参数。公钥本身是两种形式的最后一部分,并且您可以看到它们是相同的。
您拥有的总共有3个不同的表示形式。 base-64编码的字符串仅包含根据SEC 1第2.3.3节编码的类型4(未压缩)椭圆曲线点。在sun.security.util.ECUtil类中发现了一个未记录且不受支持的API,可以将其转换为PublicKey。
我不确定您对私钥有什么疑问。对于包括ECDH的DH方案,私钥只是从基础组顺序范围中“安全地”选择的整数。然后,通过将该整数乘以曲线的基点来计算公钥(在椭圆曲线意义上)。结果公钥也是曲线上的一个点。