我有一个包含公钥信息的Json Web Key,我想将公钥作为字节数组。我的目标是最终使用Keccak哈希从中获取以太坊地址。我理解从公钥字节数组中获取地址的过程,但我不知道如何获取这个字节数组。我的方案是,使用Azure Key Vault API生成EC密钥,检索密钥(JWK格式),然后查找地址。 JWK具有以下格式。
{
"kid": "https: //mykeyvault.vault.azure.net/keys/testeckey/8bad08aaae514efe981eaab4e590778d",
"kty": "EC",
"key_ops": [
"sign",
"verify"
],
"crv": "P-256",
"x": "YooqHyo7hlmcrBs5lDSSUsB0axzvorjxzNl6DBZLUf0",
"y": "NM-JrV6NTbUgILY_sBm5VgYxt1zYccCOCFtSDicSfWM"
}
我正在使用Azure .NET SDK,我可以选择使用Bouncy Castle for .NET或任何JS库,因为项目也可以在Node.js环境中运行。如何获取公钥的字节数组? 谢谢
答案 0 :(得分:0)
回答我自己的问题以防其他人需要这个问题。 我还写了一篇关于此的文章,希望有人觉得它很有用。
https://tmarkovski.github.io/eth-azure/keyvault-part1/
最初,我生成了错误的密钥类型。我能够通过连接JWK的X和Y数组来生成密钥。这是我在F#中使用的示例代码。它使用BouncyCastle作为Keccak哈希函数。 需要注意的重要事项是使用“EC-HSM”键类型。这是Key Vault的Premium SKU的一部分,只有这种类型支持SECP256K1曲线,否则如果使用“EC”键类型则抛出异常。
open Microsoft.Azure.KeyVault
open System.Threading.Tasks
open System
open Microsoft.IdentityModel.Clients.ActiveDirectory
open Microsoft.Azure.KeyVault.Models
open Microsoft.Azure.KeyVault.WebKey
open Org.BouncyCastle.Crypto.Digests
open Org.BouncyCastle.Crypto
/// Implements an extension method that overloads the standard
/// 'Bind' of the 'async' builder. The new overload awaits on
/// a standard .NET task
type AsyncBuilder with
member __.Bind(t:Task<'T>, f:'T -> Async<'R>) : Async<'R> =
async.Bind(Async.AwaitTask t, f)
let vaultUri = "https://__mykeyvault__.vault.azure.net/"
let clientId = "..."
let clientSecret = "..."
type AuthenticationCallback = KeyVaultClient.AuthenticationCallback
let getAccessToken (authority:string) (resource:string) (scope:string) =
let clientCredential = new ClientCredential(clientId, clientSecret)
let context = new AuthenticationContext(authority, TokenCache.DefaultShared)
async {
let! result = context.AcquireTokenAsync(resource, clientCredential)
return result.AccessToken;
} |> Async.StartAsTask
let client = new KeyVaultClient(new KeyVaultCredential(new AuthenticationCallback(getAccessToken)))
let createKey name =
let keyParams = new NewKeyParameters()
keyParams.Kty <- "EC-HSM"
keyParams.CurveName <- EcKey.SECP256K1
async {
let! result = client.CreateKeyAsync(vaultUri, name, keyParams)
return result
} |> Async.RunSynchronously
let getKey name =
async {
let! result = client.GetKeyAsync(vaultBaseUrl = vaultUri, keyName = name)
return result
} |> Async.RunSynchronously
let getPubKey (jwk:KeyBundle) =
Array.concat [| jwk.Key.X; jwk.Key.Y |]
let hash (digest:IDigest) data =
digest.Reset()
digest.BlockUpdate(data, 0, data.Length)
let a = digest.GetDigestSize() |> Array.zeroCreate
digest.DoFinal(a, 0) |> ignore
a
let toHex (x:byte) = x.ToString("x2")
let getAddress pubKey =
pubKey
|> hash (new KeccakDigest(256))
|> Array.map toHex
|> Array.skip 12
|> String.Concat
|> (+) "0x"
createKey "testEcKey"
|> getPubKey
|> getAddress
|> Console.WriteLine
// 0x51e4370152c132d307c302d8146c63ca6bf41167