Background
不对称算法有三个不同的目的(我知道)
- Encryption
- RSA is the only "standard" algorithm that can do this directly.
- Signature
- RSA
- DSA
- ECDSA
- ElGamal Signature
- Key Agreement
- Diffie-Hellman (DH)
- ECDH
- ElGamal encryption (the asymmetric startup phase)
- MQV
- ECMQV
由于RSA加密空间有限,90年代的计算机很难使用,因此RSA加密的主要用途是“Key Transfer”,也就是说,“加密电”只是DES/3DES(AES尚未发明)的不对称加密钥匙——。
Key agreement (or transfer) schemes always have to be combined with a protocol/scheme to result in an encryption operation. Such schemes include
- TLS (nee SSL)
- CMS or S/MIME encrypted-data
- IES (Integrated Encryption Scheme)
- ECIES (Elliptic Curve Integrated Encryption Scheme)
- ElGamal encryption (holistically)
- PGP encryption
因此,你可能想要的是ESCIES。
ECIES.Net
Currently (.NET Framework 4.7.1, .NET Core 2.0) there s no support to get an ECDiffieHellman object from a certificate in .NET.
Game? 很可能不是。 除非附有欧盟人权局钥匙的证书明确使用背后的人权算法识别符号(即标准比较高的立方位),否则即可作为欧洲空间法中心开放。 然后,你可以强迫该物体成为欧洲人权法院:
using (ECDsa ecdsa = cert.GetECDsaPublicKey())
{
return ECDiffieHellman.Create(ecdsa.ExportParameters(false));
}
。
让我们走下去,把受援的公众目标 off开:
ECDiffieHellmanPublicKey recipientPublic = GetECDHFromCertificate(cert).PublicKey;
ECCurve curve = recipientPublic.ExportParameters().Curve;
因此,我们现在来看。 http://www.secg.org/sec1-v2.pdf。 第5.1节(Elliptic Curve 综合加密计划)
Setup
- Choose ANSI-X9.63-KDF with SHA-2-256 as the hash function.
- Choose HMAC–SHA-256–256.
- Choose AES–256 in CBC mode.
- Choose Elliptic Curve Diffie-Hellman Primitive.
- You already chose secp256r1.
- Hard-coded. Done.
- Point compression s annoying, choose not to use it.
- I m omitting SharedInfo. That probably makes me a bad person.
- Not using XOR, N/A.
Encrypt
Make an ephemeral key on the right curve.
ECDiffieHellman ephem = ECDiffieHellman.Create(curve);
我们决定不这样做。
ECParameters ephemPublicParams = ephem.ExportParameters(false);
int pointLen = ephemPublicParams.Q.X.Length;
byte[] rBar = new byte[pointLen * 2 + 1];
rBar[0] = 0x04;
Buffer.BlockCopy(ephemPublicParams.Q.X, 0, rBar, 1, pointLen);
Buffer.BlockCopy(ephemPublicParams.Q.Y, 0, rBar, 1 + pointLen, pointLen);
这样做是直接的。
这样做是直接的。
自从我们在此重新控制以来,我们仅举一 thing三、4、5和6。
KDF时间。
// This is why we picked AES 256, HMAC-SHA-2-256(-256) and SHA-2-256,
// the KDF is dead simple.
byte[] ek = ephem.DeriveKeyFromHash(
recipientPublic,
HashAlgorithmName.SHA256,
null,
new byte[] { 0, 0, 0, 1 });
byte[] mk = ephem.DeriveKeyFromHash(
recipientPublic,
HashAlgorithmName.SHA256,
null,
new byte[] { 0, 0, 0, 2 });
加密。
byte[] em;
// ECIES uses AES with the all zero IV. Since the key is never reused,
// there s not risk in that.
using (Aes aes = Aes.Create())
using (ICryptoTransform encryptor = aes.CreateEncryptor(ek, new byte[16]))
{
if (!encryptor.CanTransformMultipleBlocks)
{
throw new InvalidOperationException();
}
em = encryptor.TransformFinalBlock(message, 0, message.Length);
}
MAC
byte[] d;
using (HMAC hmac = new HMACSHA256(mk))
{
d = hmac.ComputeHash(em);
}
Finish
// Either
return Tuple.Create(rBar, em, d);
// Or
return rBar.Concat(em).Concat(d).ToArray();
Decrypt
Left as an exercise to the reader.
