问题描述

我手头的任务需要使用 NIST SP 800-56A 第 5.8.1 节中描述的密钥派生函数派生密钥材料.我不是密码学专家，所以如果问题很幼稚，请原谅.这是我到目前为止所做的:

I have a task at hand that requires deriving key material using the key derivation function described in NIST SP 800-56A, section 5.8.1. I'm not an expert in Cryptography so please excuse me if the question is naive. Here's what I've done so far:

1. 我有对方的公钥和我的私钥

2. 现在我尝试使用 ECDH 1.3.132.1.12 使用 C# (.NET 4) ECDiffieHellmanCng 类生成共享密钥，如下所示:

1. I have the other party's public key and my private key

2. Now I try to generate the shared secret using ECDH 1.3.132.1.12 using C# (.NET 4) ECDiffieHellmanCng class like so:

// The GetCngKey method reads the private key from a certificate in my Personal certificate store

CngKey cngPrivateKey = GetCngKey();

ECDiffieHellmanCng ecDiffieHellmanCng = new ECDiffieHellmanCng(cngPrivateKey);

ecDiffieHellmanCng.HashAlgorithm = CngAlgorithm.ECDiffieHellmanP256;
ecDiffieHellmanCng.KeyDerivationFunction = ?? // What do I set here

最后这样做:

ecDiffieHellmanCng.DeriveKeyMaterial(otherPartyPublicKey:);

在哪里/如何设置其他参数 Algorithm ID、Party U Info、Party V Info?

Where/how do I set the other parameters Algorithm ID, Party U Info, Party V Info?

编辑我愿意使用其他库，例如 Bouncy Castle(只要它们可以从 .NET 调用)

EDIT I am open to using other libraries like Bouncy Castle (provided they can be called from .NET)

推荐答案

TL;DR;我还没有找到使用 NIST SP 800-56A 第 5.8.1 节中描述的 KDF 派生对称密钥的方法，仅使用 .NET 4.0 中的内置类

TL;DR; I haven't found a way to derive the symmetric key using KDF described in NIST SP 800-56A, section 5.8.1 using built-in classes in .NET 4.0 alone

好消息(对我来说 :-))是在 .NET 4.0 中使用可爱的 BouncyCastle 库(NuGet:Install-Package BouncyCastle-Ext -Version "1.7.0")是可能的.方法如下:

The good news (for me :-)) is that it IS possible in .NET 4.0 using the lovely BouncyCastle library (NuGet: Install-Package BouncyCastle-Ext -Version "1.7.0"). Here's how:

第一步:获取对方的公钥

STEP 1: Get other party's public key

根据您的情况，这可能会从证书中读取或作为包含加密数据的消息的一部分发送给您.获得 Base64 编码的公钥后，将其读入 Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters 对象，如下所示:

Depending on your scenario, this may be read from a certificate or come to you as part of the message containing the encrypted data. Once you have the Base64 encoded public-key, read it into a Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters object like so:

var publicKeyBytes = Convert.FromBase64String(base64PubKeyStr);
ECPublicKeyParameters otherPartyPublicKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(publicKeyBytes);

第 2 步:读取您的私钥

STEP 2: Read your private-key

这通常涉及从 PFX/P12 证书中读取私钥.运行代码的 Windows 帐户应该可以访问 PFX/P12，此外，如果将证书导入证书存储区，您需要通过所有任务"->管理 certmgr.msc 中的私钥"菜单授予权限

This would most-commonly involve reading the private key from a PFX/P12 certificate. The windows account running the code should have access to the PFX/P12 and additionally, if the certificate is imported into a certificate store, you'll need to grant permissions via the All Tasks -> manage private key menu in certmgr.msc

using (StreamReader reader = new StreamReader(path))
{
    var fs = reader.BaseStream;
    string password = "<password for the PFX>";
    Pkcs12Store store = new Pkcs12Store(fs, passWord.ToCharArray());

   foreach (string n in store.Aliases)
   {
       if (store.IsKeyEntry(n))
       {
           AsymmetricKeyEntry asymmetricKey = store.GetKey(n);

           if (asymmetricKey.Key.IsPrivate)
           {
               ECPrivateKeyParameters privateKey = asymmetricKey.Key as ECPrivateKeyParameters;
           }
       }
   }
}

第 3 步:计算共享密钥

STEP 3: Compute the shared secret

IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDH");
aKeyAgree.Init(privateKey);
BigInteger sharedSecret = aKeyAgree.CalculateAgreement(otherPartyPublicKey);
byte[] sharedSecretBytes = sharedSecret.ToByteArray();

第 4 步:准备计算对称密钥所需的信息:

STEP 4: Prepare information required to compute symmetric key:

byte[] algorithmId = Encoding.ASCII.GetBytes(("<prependString/Hex>" + "id-aes256-GCM"));
byte[] partyUInfo = Encoding.ASCII.GetBytes("<as-per-agreement>");
byte[] partyVInfo = <as-per-agreement>; 
MemoryStream stream = new MemoryStream(algorithmId.Length + partyUInfo.Length + partyVInfo.Length);
var sr = new BinaryWriter(stream);
sr.Write(algorithmId);
sr.Flush();
sr.Write(partyUInfo);
sr.Flush();
sr.Write(partyVInfo);
sr.Flush();
stream.Position = 0;
byte[] keyCalculationInfo = stream.GetBuffer();

第 5 步:导出对称密钥

STEP 5: Derive the symmetric key

// NOTE: Use the digest/Hash function as per your agreement with the other party
IDigest digest = new Sha256Digest();
byte[] symmetricKey = new byte[digest.GetDigestSize()];
digest.Update((byte)(1 >> 24));
digest.Update((byte)(1 >> 16));
digest.Update((byte)(1 >> 8));
digest.Update((byte)1);
digest.BlockUpdate(sharedSecret, 0, sharedSecret.Length);
digest.BlockUpdate(keyCalculationInfo, 0, keyCalculationInfo.Length);
digest.DoFinal(symmetricKey, 0);

现在您已准备好进行解密的对称密钥.要使用 AES 执行解密，可以使用 BouncyCastle IWrapper.通过调用 WrapperUtilities.GetWrapper("AES//") 例如使用 Org.BouncyCastle.Security.WrapperUtilities 获取 IWrapperAES/CBC/PKCS7".这也取决于两个通信方之间的协议.

Now you have the symmetric key ready to do the decryption. To perform decryption using AES, BouncyCastle IWrapper can be used. Obtain an IWrapper using Org.BouncyCastle.Security.WrapperUtilities by calling WrapperUtilities.GetWrapper("AES//") e.g. "AES/CBC/PKCS7". This will also depend on the agreement between the two communicating parties.

使用对称密钥和初始化向量 (IV) 初始化密码 (IWrapper) 并调用 Unwrap 方法以获取纯文本字节.最后，使用所使用的字符编码(例如 UTF8/ASCII/Unicode)转换为字符串文字

Initialize the cipher (IWrapper) with symmetric key and initialization vector (IV) and call the Unwrap method to get plain-text bytes. Finally, convert to string literal using the character encoding used (e.g. UTF8/ASCII/Unicode)

这篇关于.NET 中的 ECDiffieHellmanCng 是否具有实现 NIST SP 800-56A 第 5.8.1 节的密钥派生函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！