我知道MS CNG私有这种格式 -
BCRYPT_ECCKEY_BLOB
BYTE X[cbKey] // Big-endian.
BYTE Y[cbKey] // Big-endian.
BYTE d[cbKey] // Big-endian.
因此尝试导入以下关键字节 -
byte[] ec256PrivKB =
{
//Magic + CBLength
0x45, 0x43, 0x53, 0x31, 0x20, 0x00, 0x00, 0x00,
//X
0xA7, 0xFB, 0xCD, 0x4D, 0x7E, 0x43, 0x6F, 0x22, 0xBD, 0x74, 0xFA, 0x1F, 0xD7, 0x10, 0xDB, 0x8C, 0xF8, 0x29, 0xC1, 0xEC, 0x5E, 0x15, 0x1E, 0xE2, 0x84, 0x56, 0x3E, 0x54, 0x6E, 0x1D, 0x5C, 0xF6,
//Y
0x6B, 0x42, 0x21, 0xD1, 0x92, 0xEB, 0x69, 0x66, 0x56, 0xD6, 0xEC, 0x4D, 0x21, 0xB7, 0xDB, 0x3C, 0x94, 0x56, 0x8D, 0x87, 0xEB, 0x1C, 0x11, 0x0F, 0x03, 0x80, 0xF6, 0x10, 0x70, 0x73, 0x7D, 0x1D,
//D
0x5E, 0xF0, 0x2A, 0x1B, 0x34, 0xE9, 0x2B, 0x96, 0xA4, 0xAE, 0x05, 0x1D, 0x33, 0x53, 0x36, 0x39, 0x7B, 0x1F, 0xF5, 0x24, 0xA4, 0xD6, 0xBD, 0x12, 0x07, 0x3F, 0x43, 0x30, 0x70, 0x32, 0x4E, 0x5D
};
现在正在致电
ECDsaCng eCDsa = new ECDsaCng( CngKey.Import(ec256PrivKB, CngKeyBlobFormat.EccPrivateBlob,
CngProvider.MicrosoftSoftwareKeyStorageProvider));
它给出了System.Security.Cryptography.CryptographicException: 'The requested operation is not supported.
我不明白为什么会给出这个例外?
另外如何将base64编码的ecdsa私钥导入MS密钥存储提供程序,即假设我有以下ec私钥 -
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICWeuFHssg5i2vJlyMHPUb+DJnylxfbkR8KJPXfYw5ikoAoGCCqGSM49
AwEHoUQDQgAE7A4wVMLQ+orOZYcFv6mLNBbAWfffPwTTw4iroyQDcytYWT+frzl3
RiFXqC1niHgduYtGBZIbwq/48ooyL9HbkA==
-----END EC PRIVATE KEY-----
现在如何将其导入CNG提供商?
编辑 - 也有办法回应这个过程,即
我知道如何从OpenSSL(PEM FORMAT)转换为MS Format(RAW format)
但如何做反向意义
如何将MS格式ECDSA密钥转换为PEM中的OpenSSL EC密钥。
答案 0 :(得分:3)
您的密钥blob以BCRYPT_ECDSA_ PUBLIC _P256_MAGIC开头,但您需要BCRYPT_ECDSA_ PRIVATE _P256_MAGIC(将0x31更改为0x32)。
由此我们可以假设您知道如何进行转换,但由于标题会更一般地询问如何进行转换,因此我将继续。 C# Get CngKey object from public key in text file对公钥有一个直截了当(如果hacky)的答案。私钥是不同的,但大多是直截了当的。
如果我们从问题中取出PEM键,我们可以删除“PEM装甲”以获得base-64 blob。将base-64 blob转换为十六进制,我们得到
30 77 02 01 01 04 20 25 9E B8 51 EC B2 0E 62 DA
F2 65 C8 C1 CF 51 BF 83 26 7C A5 C5 F6 E4 47 C2
89 3D 77 D8 C3 98 A4 A0 0A 06 08 2A 86 48 CE 3D
03 01 07 A1 44 03 42 00 04 EC 0E 30 54 C2 D0 FA
8A CE 65 87 05 BF A9 8B 34 16 C0 59 F7 DF 3F 04
D3 C3 88 AB A3 24 03 73 2B 58 59 3F 9F AF 39 77
46 21 57 A8 2D 67 88 78 1D B9 8B 46 05 92 1B C2
AF F8 F2 8A 32 2F D1 DB 90
如果我们打开https://www.secg.org/sec1-v2.pdf C.4节,我们会看到
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
通过ASN.1(ITU-T X.680)和BER / DER(ITU-T X.690)规范,我们可以混合该十六进制转储和该结构:
// (constructed) SEQUENCE, 119 content bytes
30 77
// INTEGER, 1 content byte, value 0x01.
02 01 01
// OCTET STRING (byte[]), 32 bytes, value 25 9E ... 98 A4
04 20
25 9E B8 51 EC B2 0E 62 DA F2 65 C8 C1 CF 51 BF
83 26 7C A5 C5 F6 E4 47 C2 89 3D 77 D8 C3 98 A4
// (constructed) CONTEXT-SPECIFIC 0, 10 content bytes
A0 0A
// OBJECT IDENTIFIER, 8 content bytes, 1.2.840.10045.3.1.7
06 08 2A 86 48 CE 3D 03 01 07
// (constructed) CONTEXT-SPECIFIC 1, 68 content bytes
A1 44
// BIT STRING, 66 content bytes, 0 unused bits, value 04 EC .. DB 90
03 42
00
04 EC 0E 30 54 C2 D0 FA 8A CE 65 87 05 BF A9 8B
34 16 C0 59 F7 DF 3F 04 D3 C3 88 AB A3 24 03 73
2B 58 59 3F 9F AF 39 77 46 21 57 A8 2D 67 88 78
1D B9 8B 46 05 92 1B C2 AF F8 F2 8A 32 2F D1 DB
90
执行search for 1.2.840.10045.3.1.7表示它(不出所料)是secp256r1 / NIST P-256椭圆曲线。
BIT STRING的内容以04开头,表示它是未压缩的EC点,剩下的前半部分是X坐标,后半部分是Y坐标。很好,这与私钥的OCTET STRING的宽度对齐,这意味着结构是有效的。
你会注意到ASN.1结构表示曲线标识符和公钥在技术上都是可选的。在实践中,它们被记录下来,这很好,因为我们将依赖它。
// structure opening up to the private key (D) value.
private static readonly byte[] s_secp256R1Prefix =
{ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20 };
// After D through the 0x04 identifying the public key is uncompressed
private static readonly byte[] s_secp256R1Infix =
{
0xA0, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
0x3D, 0x03, 0x01, 0x07, 0xA1, 0x44, 0x03, 0x42,
0x00, 0x04
};
private static readonly byte[] s_secp256R1PrivateCngPrefix =
{ 0x45, 0x43, 0x53, 0x32, 0x20, 0x00, 0x00, 0x00 };
private static CngKey DecodeP256ECPrivateKeyBase64(string base64)
{
byte[] derBlob = Convert.FromBase64String(base64);
if (derBlob.Length == 121 &&
derBlob.Take(s_secp256R1Prefix.Length).SequenceEqual(s_secp256R1Prefix) &&
derBlob.Skip(0x20 + s_secp256R1Prefix.Length).Take(s_secp256R1Infix.Length).
SequenceEqual(s_secp256R1Infix))
{
byte[] cngBlob = new byte[2 * sizeof(uint) + 3 * 0x20];
int offset = 0;
// Header (BCRYPT_ECDSA_PRIVATE_P256_MAGIC and 0x00000020)
Buffer.BlockCopy(
s_secp256R1PrivateCngPrefix,
0,
cngBlob,
offset,
s_secp256R1PrivateCngPrefix.Length);
offset += s_secp256R1PrivateCngPrefix.Length;
// X and Y
Buffer.BlockCopy(
derBlob,
s_secp256R1Prefix.Length + 0x20 + s_secp256R1Infix.Length,
cngBlob,
offset,
2 * 0x20);
offset += 2 * 0x20;
Buffer.BlockCopy(
derBlob,
s_secp256R1Prefix.Length,
cngBlob,
offset,
0x20);
offset += 0x20;
Debug.Assert(offset == cngBlob.Length);
return CngKey.Import(cngBlob, CngKeyBlobFormat.EccPrivateBlob);
}
throw new InvalidOperationException();
}