Javascript P-521(Web Crypto Api)/secp521r1(NodeJS Crypto)的ECDH生成的共享秘密略有不同
我已经从NodeJS生成了一个带有Javascript P-521(Web Crypto Api)/secp521r1(NodeJS Crypto)的ECDH生成的共享秘密略有不同,javascript,node.js,encryption,webcrypto-api,ecdh,Javascript,Node.js,Encryption,Webcrypto Api,Ecdh,我已经从NodeJS生成了一个带有ECDH的公钥和私钥对 function _genPrivateKey(curveName = "secp384r1", encoding = "hex") { const private_0 = crypto.createECDH(curveName); private_0.generateKeys(); return private_0.getPrivateKey().toString(enco
ECDHfunction _genPrivateKey(curveName = "secp384r1", encoding = "hex") {
const private_0 = crypto.createECDH(curveName);
private_0.generateKeys();
return private_0.getPrivateKey().toString(encoding);
}
9d0c809d692c83c7d8d1355205dd78e679066fd9c15d12cdea3e1103b041873765264351e8939083b876d89d423301d8486a956da455ddbdc4a91ef60af7dd2325
[hex]
0400d7a342e89f501e1cd8224e2463ef1ad057c9b64bf45c1d3627cc1f06c055c80f75c2013c27b63dc984b467ecfc5202cf9a126ef1f1487e92b9acfb52abaeb7022e01f4259918ca34f442214a31d1bad329f9be1c67ce98af6621f622e44887264e856ee8c664a51e56f24008c932ee1cb5514c02d03ba27f6b6a1cd0aa0f8eac261250
[jwk] {
key_ops: [ 'deriveKey' ],
ext: true,
kty: 'EC',
x:'ANejQuifUB4c2CJOJGPvGtBXybZL9FwdNifMHwbAVcgPdcIBPCe2PcmEtGfs_FICz5oSbvHxSH6Suaz7UquutwIu',
y:'AfQlmRjKNPRCIUox0brTKfm-HGfOmK9mIfYi5EiHJk6FbujGZKUeVvJACMky7hy1UUwC0Duif2tqHNCqD46sJhJQ',
crv: 'P-521'
}
04000eefa90c3de22e79e6742f807806a603059d16afaa9f1bc69f420050aae100d0006e6510fe17a8f6767fe1e69bada039175ef5a375e30af4085e4315cf7527655f00ed9a39552a5f9170cc7626c1f4584d0e6de17870e336bcc5b6e251e3ea2c7cd9633e1afe2f9aee5f9a7445d38218c20695cc7ba2a462b67ce39a060e6464133609
9d0c809d692c83c7d8d1355205dd78e679066fd9c15d12cdea3e1103b041873765264351e8939083b876d89d423301d8486a956da455ddbdc4a91ef60af7dd2325
[hex]
0400d7a342e89f501e1cd8224e2463ef1ad057c9b64bf45c1d3627cc1f06c055c80f75c2013c27b63dc984b467ecfc5202cf9a126ef1f1487e92b9acfb52abaeb7022e01f4259918ca34f442214a31d1bad329f9be1c67ce98af6621f622e44887264e856ee8c664a51e56f24008c932ee1cb5514c02d03ba27f6b6a1cd0aa0f8eac261250
[jwk] {
key_ops: [ 'deriveKey' ],
ext: true,
kty: 'EC',
x:'ANejQuifUB4c2CJOJGPvGtBXybZL9FwdNifMHwbAVcgPdcIBPCe2PcmEtGfs_FICz5oSbvHxSH6Suaz7UquutwIu',
y:'AfQlmRjKNPRCIUox0brTKfm-HGfOmK9mIfYi5EiHJk6FbujGZKUeVvJACMky7hy1UUwC0Duif2tqHNCqD46sJhJQ',
crv: 'P-521'
}
04000eefa90c3de22e79e6742f807806a603059d16afaa9f1bc69f420050aae100d0006e6510fe17a8f6767fe1e69bada039175ef5a375e30af4085e4315cf7527655f00ed9a39552a5f9170cc7626c1f4584d0e6de17870e336bcc5b6e251e3ea2c7cd9633e1afe2f9aee5f9a7445d38218c20695cc7ba2a462b67ce39a060e6464133609
Aliceconst generateAlicesKeyPair = window.crypto.subtle.generateKey({
name: "ECDH",
namedCurve: "P-521"
},
false,
["deriveBits"]
);
const sharedSecret = await window.crypto.subtle.deriveBits({
name: "ECDH",
namedCurve: "P-521",
public: publicKey
},
privateKey,
521
);
9d0c809d692c83c7d8d1355205dd78e679066fd9c15d12cdea3e1103b041873765264351e8939083b876d89d423301d8486a956da455ddbdc4a91ef60af7dd2325
[hex]
0400d7a342e89f501e1cd8224e2463ef1ad057c9b64bf45c1d3627cc1f06c055c80f75c2013c27b63dc984b467ecfc5202cf9a126ef1f1487e92b9acfb52abaeb7022e01f4259918ca34f442214a31d1bad329f9be1c67ce98af6621f622e44887264e856ee8c664a51e56f24008c932ee1cb5514c02d03ba27f6b6a1cd0aa0f8eac261250
[jwk] {
key_ops: [ 'deriveKey' ],
ext: true,
kty: 'EC',
x:'ANejQuifUB4c2CJOJGPvGtBXybZL9FwdNifMHwbAVcgPdcIBPCe2PcmEtGfs_FICz5oSbvHxSH6Suaz7UquutwIu',
y:'AfQlmRjKNPRCIUox0brTKfm-HGfOmK9mIfYi5EiHJk6FbujGZKUeVvJACMky7hy1UUwC0Duif2tqHNCqD46sJhJQ',
crv: 'P-521'
}
04000eefa90c3de22e79e6742f807806a603059d16afaa9f1bc69f420050aae100d0006e6510fe17a8f6767fe1e69bada039175ef5a375e30af4085e4315cf7527655f00ed9a39552a5f9170cc7626c1f4584d0e6de17870e336bcc5b6e251e3ea2c7cd9633e1afe2f9aee5f9a7445d38218c20695cc7ba2a462b67ce39a060e6464133609
当我试图导出
共享密钥时,发生了一件奇怪的事情,密钥的末尾有不同的位
NodeJS:
function _getSharedSecret(privateKey, publicKey, curveName = "secp521r1", encoding = "hex") {
const private_0 = crypto.createECDH(curveName);
private_0.setPrivateKey(privateKey, encoding);
const _sharedSecret = private_0.computeSecret(publicKey, encoding);
return _sharedSecret
};
网络加密API
const generateAlicesKeyPair = window.crypto.subtle.generateKey({
name: "ECDH",
namedCurve: "P-521"
},
false,
["deriveBits"]
);
const sharedSecret = await window.crypto.subtle.deriveBits({
name: "ECDH",
namedCurve: "P-521",
public: publicKey
},
privateKey,
521
);
结果:
这只发生在曲线p-521/secp521r1上,而不发生在曲线p-256/secp256r1和p-384/secp384r1上,使用第三个库(Python,加密库)检查NodeJS结果是否正确(即以0xEB
结尾的结果)
p-521的X和Y坐标由66字节(521位=65字节+1位)(s.)表示。共享秘密是曲线点的X坐标,因此也有66字节=528位。此值将在webcryptoapi实现中的deriveBits()
中指定为共享密钥的长度
如果指定521位,则只考虑最高位(设置为0xEB
),其余位设置为0
,从而产生值0x80
下面的代码说明了这一点(请注意,该脚本没有在Firefox下运行,这可能是一个bug):
(异步()=>{
等待getSharedSecret(521);
等待getSharedSecret(528);
})();
异步函数getSharedSecret(位){
var bobPrivateKeyJwk={
kty:“EC”,
crv:“P-521”,
x:“Anejquifub4c2cjojgpvgtbxybzl9fwdnifmhwbavcgpcibpce2pcmetgfs_ficz5osbvhxsh6suaz7uqutwiu”,
y:“AfQlmRjKNPRCIUox0brTKfm-HGFOMK9MIFYI5EIHJK6FBUJGZKUEVVJACMKY7HY1UWC0DUIF2TQHNCQD46SJHJQ”,
d:“AJ0MGJ1PIPH2NE1UGXDEOZ5BMZWV0SZEO-EQOWQYC3ZSZDUEITKIO4DTIQJMB2EHQLW2KVD29XKKE9GR33SML”,
分机:是的,
}
var AlicePubliceyBuffer=typedArray('04000EEFA90C3DE22E79E6742F807806A6059D16AFAA9F1BC69F420AAE100D0006E6510FE17A8F6767FE1E69BADA039175175EF5A375E30AF4085E4315CF7527655F00ED9A3955F9170CC7626C1F45840E6DE17870E336BCC5B6E251E37CD9633AFE2F9EE5F9AD458218C205CA46609');
var privateKey=await window.crypto.division.importKey(
“jwk”,
bobPrivateKeyJwk,
{名称:“ECDH”,名称曲线:“P-521”},
是的,
[“deriveKey”、“deriveBits”]
);
var publicKey=await window.crypto.minute.importKey(
“生的”,
AlicePubliceBuffer.buffer,
{名称:“ECDH”,名称曲线:“P-521”},
是的,
[]
);
var sharedSecret=await window.crypto.minute.deriveBits(
{名称:“ECDH”,名称曲线:“P-521”,公共:公钥},
私钥,
位
);
log(“鲍勃的共享秘密:\n”,buf2hex(sharedSecret).replace(/({48})/g,'$1\n');
};
函数类型Darray(十六进制){
返回新的Uint8Array(hex.match(/[\da-f]{2}/gi).map(函数(h){//from:https://stackoverflow.com/a/43131635
返回parseInt(h,16)
}))
}
函数buf2hex(缓冲区){
return Array.prototype.map.call(新的Uint8Array(buffer),x=>('00'+x.toString(16)).slice(-2)).join(“”);//from:https://stackoverflow.com/a/40031979/9014097
}
您能否通过选择相同的私钥并打印每侧的点数来测试结果?