Nodejs和C#使用ECDH算法交换秘钥

转载于:https://bkssl.com/document/nodejs-csharp-ecdh.html

nodejs的ECDH算法在进行computeSecret的时候不会自动进行HASH运算,但C#的ECDH算法必须指定HASH算法。

两边算法必须使用相同的椭圆曲线和Hash算法,例如下面用例都是用的SHA256。

双方交换公钥,计算得到共享秘钥:SharedSecret。

用例使用readline去交换公钥,实际一般运行在其他协议中,像SSH2等。

单纯秘钥交换并不安全,需要增加其他手段保证不被中间人监听、修改,例如ssh2使用serverhostkey对秘钥交换的数据进行签名。

nodejs测试代码

javascript 复制代码
import readline from 'readline';

import crypto  from 'crypto';

function computeHash(data, alg){
    const hashAlg = crypto.createHash(alg || 'SHA256');
    hashAlg.update(data);
    return hashAlg.digest();
}

const reader = readline.createInterface({
    input: process.stdin,
    output: process.stdout
});

const ecdh = crypto.createECDH('prime256v1');

const e = ecdh.generateKeys();

console.log("Local Public Key:" + e.toString('base64'));

reader.question('Please Input Remote PublicKey:', key => {
    console.log("Remote Public Key:" + key);
    let sharedSecret = ecdh.computeSecret(Buffer.from(key, 'base64'));

    //计算共享秘钥,需要先HASH运算,以兼容C#
    sharedSecret = computeHash(sharedSecret);
    console.log("Shared Secret: " + sharedSecret.toString('base64'));
})


// 控制台输出
// Local Public Key:BGLb5Sddo8N5sd1/+a7vhwb66QFMqAJtNFvEISecSzrBP3DjEr3R6vHeefI100yVDCnPQLNmgv56ampL+tNBc2c=
// Please Input Remote PublicKey:BASkBjbrTNysfXrcqyCOWuVgWVRF8a3VTufPLl99PFdY4+oj2d2kImu1OoZLMMoRKwul02gP27dWRoMCGicHjuQ=
// Remote Public Key:BASkBjbrTNysfXrcqyCOWuVgWVRF8a3VTufPLl99PFdY4+oj2d2kImu1OoZLMMoRKwul02gP27dWRoMCGicHjuQ=
// Shared Secret: EvhnVuNRa3dBqIFDyfSQfYmRF4/fPgJHDRZG5xB6HnA=

C#测试代码

cs 复制代码
var ecdh = ECDiffieHellmanHelper.New();
byte[] localPublicKey = ECDiffieHellmanHelper.CreateKeyExchange(ecdh);

Console.WriteLine("Local Public Key: {0}", localPublicKey.ToBase64String());


Console.WriteLine("Please Input Remote Public Key:");
string remotePublicKey = Console.ReadLine();

Console.WriteLine("Remote Public Key: {0}", remotePublicKey);

byte[] sharedSecret = ECDiffieHellmanHelper.DecryptKeyExchange(ecdh, remotePublicKey.AsBase64String());

Console.WriteLine("Shared Secret: {0}", sharedSecret.ToBase64String());

// 控制台输出
// Local Public Key: BASkBjbrTNysfXrcqyCOWuVgWVRF8a3VTufPLl99PFdY4+oj2d2kImu1OoZLMMoRKwul02gP27dWRoMCGicHjuQ=
// Please Input Remote Public Key:
// BGLb5Sddo8N5sd1/+a7vhwb66QFMqAJtNFvEISecSzrBP3DjEr3R6vHeefI100yVDCnPQLNmgv56ampL+tNBc2c=
// Remote Public Key: BGLb5Sddo8N5sd1/+a7vhwb66QFMqAJtNFvEISecSzrBP3DjEr3R6vHeefI100yVDCnPQLNmgv56ampL+tNBc2c=
// Shared Secret: EvhnVuNRa3dBqIFDyfSQfYmRF4/fPgJHDRZG5xB6HnA=

C#的ECDiffieHellmanHelper类实现

cs 复制代码
internal class ECPublicKey : ECDiffieHellmanPublicKey
{
    private readonly ECParameters parameters;

    public ECPublicKey(ECParameters parameters)
    {
        this.parameters = parameters;
    }

    public override ECParameters ExportParameters() => parameters;

    public override ECParameters ExportExplicitParameters() => parameters;

}

public class ECDiffieHellmanHelper
{
    //可以选择其他的曲线
    private static readonly ECCurve curve = ECCurve.NamedCurves.nistP256;


    public static ECDiffieHellman New(ECCurve curve) => ECDiffieHellman.Create(curve);
    public static ECDiffieHellman New() => ECDiffieHellman.Create(curve);
    public static byte[] CreateKeyExchange(ECDiffieHellman ecdh)
    {
        var args = ecdh.PublicKey.ExportParameters();

        int blockSize = args.Q.X.Length;
        byte[] buffer = new byte[blockSize * 2 + 1];
        buffer[0] = 0x4;
        args.Q.X.CopyTo(buffer, 1);
        args.Q.Y.CopyTo(buffer, blockSize + 1);

        return buffer;
    }

    public static byte[] DecryptKeyExchange(ECDiffieHellman ecdh, byte[] serverPublicKey)
    {
        ReadOnlySpan<byte> bytes = new(serverPublicKey);

        int length = (serverPublicKey.Length - 1) / 2;

        ECPublicKey thirdPublicKey = new (new ECParameters
        {
            Curve = curve,
            D = null,
            Q = new ECPoint
            {
                X = bytes.Slice(1, length).ToArray(),
                Y = bytes.Slice(1 + length, length).ToArray(),
            }
        });

        return ecdh.DeriveKeyFromHash(thirdPublicKey, HashAlgorithmName.SHA256);
    }
}
相关推荐
求知若饥11 分钟前
NestJS 项目实战-权限管理系统开发(六)
后端·node.js·nestjs
Jasmine_llq1 小时前
《 火星人 》
算法·青少年编程·c#
军训猫猫头3 小时前
20.抽卡只有金,带保底(WPF) C#
ui·c#·wpf
理想不理想v13 小时前
webpack最基础的配置
前端·webpack·node.js
向宇it13 小时前
【从零开始入门unity游戏开发之——C#篇25】C#面向对象动态多态——virtual、override 和 base 关键字、抽象类和抽象方法
java·开发语言·unity·c#·游戏引擎
向宇it14 小时前
【从零开始入门unity游戏开发之——C#篇24】C#面向对象继承——万物之父(object)、装箱和拆箱、sealed 密封类
java·开发语言·unity·c#·游戏引擎
南城巷陌15 小时前
JWT认证机制在Node.js中的详细阐述
node.js·jwt认证机制·前端安全认证
理想不理想v17 小时前
node.js的简单示例
node.js
yrldjsbk18 小时前
使用Node.js搭配express框架快速构建后端业务接口模块Demo
node.js·express