我正在使用Windows CNG API编写自定义OpenSSL引擎。在实现
nlp = spacy.load('en')
text_data = u'This is a text document that speaks about entities like Sweden and Nokia'
document = nlp(text_data)
text_no_namedentities = []
for word in document:
if word not in document.ents:
text_no_namedentities.append(word)
return " ".join(text_no_namedentities)
以生成和使用ECDH密钥时,我遇到了将密钥从OpenSSL EVP_PKEY_meths转换为CNG EVP_PKEY的问题,反之亦然。在实现Keygen和Derive功能时,我面临着这种情况。有没有简单的方法可以执行这些转换?
答案 0 :(得分:1)
我只使用RSA私钥来做到这一点,但是我假设其他类型(例如ECC)将遵循导出密钥参数并将其导入的相同原理。
我使用BCryptExportKey导出私钥数据,并使用BCryptImportKeyPair在win32端导入数据。在openssl方面,我使用“ set”类型调用来设置密钥数据(例如“ RSA_set0_crt_params”)以设置RSA密钥。
这是我将RSA私钥的BCRYPT_KEY_HANDLE转换为EVP_PKEY的示例。反之类似。它不能满足您的特定ECDH要求,但我认为与您处理ECC私钥/公钥详细信息而不是RSA密钥详细信息大致相同。
EVP_PKEY* extract_private_key(const BCRYPT_KEY_HANDLE key_handle)
{
EVP_PKEY* pkey = nullptr;
DWORD length = 0;
if(SUCCEEDED(BCryptExportKey(key_handle, NULL, BCRYPT_RSAFULLPRIVATE_BLOB, nullptr, 0, &length, 0)))
{
auto data = std::make_unique<BYTE[]>(length);
if(SUCCEEDED(BCryptExportKey(key_handle, NULL, BCRYPT_RSAFULLPRIVATE_BLOB, data.get(), length, &length, 0)))
{
// https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/ns-bcrypt-_bcrypt_rsakey_blob
auto const blob = reinterpret_cast<BCRYPT_RSAKEY_BLOB*>(data.get());
if(blob->Magic == BCRYPT_RSAFULLPRIVATE_MAGIC)
{
auto rsa = RSA_new();
// n is the modulus common to both public and private key
auto const n = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp, blob->cbModulus, nullptr);
// e is the public exponent
auto const e = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB), blob->cbPublicExp, nullptr);
// d is the private exponent
auto const d = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp + blob->cbModulus + blob->cbPrime1 + blob->cbPrime2 + blob->cbPrime1 + blob->cbPrime2 + blob->cbPrime1, blob->cbModulus, nullptr);
RSA_set0_key(rsa, n, e, d);
// p and q are the first and second factor of n
auto const p = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp + blob->cbModulus, blob->cbPrime1, nullptr);
auto const q = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp + blob->cbModulus + blob->cbPrime1, blob->cbPrime2, nullptr);
RSA_set0_factors(rsa, p, q);
// dmp1, dmq1 and iqmp are the exponents and coefficient for CRT calculations
auto const dmp1 = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp + blob->cbModulus + blob->cbPrime1 + blob->cbPrime2, blob->cbPrime1, nullptr);
auto const dmq1 = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp + blob->cbModulus + blob->cbPrime1 + blob->cbPrime2 + blob->cbPrime1, blob->cbPrime2, nullptr);
auto const iqmp = BN_bin2bn(data.get() + sizeof(BCRYPT_RSAKEY_BLOB) + blob->cbPublicExp + blob->cbModulus + blob->cbPrime1 + blob->cbPrime2 + blob->cbPrime1 + blob->cbPrime2, blob->cbPrime1, nullptr);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
pkey = EVP_PKEY_new();
// ownership of rsa transferred to pkey
EVP_PKEY_assign_RSA(pkey, rsa);
}
}
}
return pkey;
}