在 Crypto++ 中使用 Curve25519 签名
Signing using Curve25519 in Crypto++
我正在我的一个项目中实施 Curve25519。我想我可以将它与 HMAC、CMAC 或其他算法结合起来进行签名和验证。问题是 Curve25519 没有生成相同的共享密钥。
我对密码学不太了解,我不知道是我做错了什么,还是我无法将 Curve25519 与 HMAC 结合使用。
这是我准备的测试代码。
#include "xed25519.h"
using CryptoPP::x25519;
#include "donna.h"
using CryptoPP::Donna::curve25519_mult;
using CryptoPP::Donna::ed25519_sign;
using CryptoPP::Donna::ed25519_sign_open;
using CryptoPP::Donna::ed25519_publickey;
#include "filters.h"
#include "osrng.h"
#include "cryptlib.h"
#include "files.h"
#include "hex.h"
#include "sha.h"
#include "hmac.h"
using namespace std;
static const int SECRET_KEYLENGTH=32;
static const int PRIVATE_KEYLENGTH=128;
static const int PUBLIC_KEYLENGTH=32;
#include <string>
#include <iostream>
int main(int argc, char* argv[])
{
using namespace CryptoPP;
AutoSeededRandomPool prng, prng2;
byte *aux ;// new byte[PRIVATE_KEYLENGTH];
byte privateKey[PUBLIC_KEYLENGTH];
byte publicKey[PUBLIC_KEYLENGTH];
// Node 1
x25519 x(privateKey, publicKey) ; //( const byte y[PUBLIC_KEYLENGTH],const byte x[SECRET_KEYLENGTH]
cout << "1- Generating private key " << endl;
aux = new byte;
x.GeneratePrivateKey(prng, privateKey);
Integer intPrvK(privateKey, sizeof(privateKey));
cout << "Private key created " << intPrvK << endl;
cout << "1- Generating public key " << endl;
//void GeneratePublicKey (RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
if(curve25519_mult(privateKey, publicKey) == 0 ){
Integer intPubK(publicKey, sizeof(publicKey));
cout << "1- Public key created " << intPubK << endl;
//cout << "1- The new public key is " << privateKey << endl;
}
else
cout << "curve25519_mult did not work " << endl;
//Node 2
byte privateKey2[PUBLIC_KEYLENGTH];
byte publicKey2[PUBLIC_KEYLENGTH];
x25519 y(privateKey2, publicKey2) ; //( const byte y[PUBLIC_KEYLENGTH],const byte x[SECRET_KEYLENGTH]
cout << "2- Generating private key " << endl;
aux = new byte;
y.GeneratePrivateKey(prng2, privateKey2);
Integer intPrvK2(privateKey2, sizeof(privateKey2));
cout << "2- Private key created " << intPrvK2 << endl;
cout << "2- Generating public key " << endl;
//void GeneratePublicKey (RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
if(curve25519_mult(privateKey2, publicKey2) == 0 ){
Integer intPubK2(publicKey2, sizeof(publicKey2));
cout << "2- Public key created " << intPubK2 << endl;
//cout << "2- The new public key is " << privateKey2 << endl;
}
else
cout << "2- curve25519_mult did not work " << endl;
cout << "\nGenerations of shared keys" << endl;
/*int curve25519_mult ( byte sharedKey[32],
const byte secretKey[32],
const byte othersKey[32]
) */
byte sharedKey1_2[PUBLIC_KEYLENGTH];
byte sharedKey2_1[PUBLIC_KEYLENGTH];
if( curve25519_mult(sharedKey1_2, privateKey, publicKey2) == 0){
Integer intSharedKey1_2(sharedKey1_2, sizeof(sharedKey1_2));
cout << "1- Shared key created " << intSharedKey1_2 << endl;
}
if( curve25519_mult(sharedKey2_1, privateKey2, publicKey) == 0){
Integer intSharedKey2_1(sharedKey2_1, sizeof(sharedKey2_1));
cout << "2- Shared key created " << intSharedKey2_1 << endl;
}
// We have two keys each.
string plain = "\n\nHMAC Test";
string mac, encoded;
/*********************************\
\*********************************/
cout << "plain text: " << plain << endl;
/*********************************\
\*********************************/
try
{
HMAC< SHA256 > hmac(sharedKey1_2, PUBLIC_KEYLENGTH);
StringSource ss2(plain, true,
new HashFilter(hmac,
new StringSink(mac)
) // HashFilter
); // StringSource
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
exit(1);
}
/*********************************\
\*********************************/
// Pretty print
encoded.clear();
StringSource ss3(mac, true,
new HexEncoder(
new StringSink(encoded)
) // HexEncoder
); // StringSource
cout << "hmac: " << encoded << endl;
try
{
HMAC< SHA256 > hmac2(sharedKey2_1, PUBLIC_KEYLENGTH);
const int flags = HashVerificationFilter::THROW_EXCEPTION | HashVerificationFilter::HASH_AT_END;
StringSource(plain + mac, true,
new HashVerificationFilter(hmac2, NULL, flags)
); // StringSource
cout << "Verified message" << endl;
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
}
return 0;
}
编辑:这是这段代码的输出:
1- Generating private key
Private key created 3951427468589058657788500055898583055730859037456996206614247149081707227760.
1- Generating public key
1- Public key created 2713877106980505211026290261997698325438191786766062178625865092937394618368.
2- Generating private key
2- Private key created 58089620826126204922773651760985512282935010454438059044416143831910823682427.
2- Generating public key
2- Public key created 1185077373537344710091841384487531087158005785833397747712.
Generations of shared keys
1- Shared key created 32717475549536125870454478996763331991259932599267432219938737089203052157444.
2- Shared key created 83438083910146518364399797164490155462911710345063602550172142504835353991253.
plain text:
HMAC Test
hmac: 27C84FED802319639DF86D36E43090666D6CB20F556778B90819087BC55C2249
HashVerificationFilter: message hash or MAC not valid
希望大家能给我解释一下
提前致谢!!
The problem is that Curve25519 is not generating the same shared keys...
curve25519 描述了底层字段。 x25519 是该领域的关键协议。协议的每个 运行 都会产生一个新的共享秘密。那是因为每次协议 运行 都会使用一组新的随机参数。
以下是您如何与 x25519. x25519 is Bernstein's key agreement scheme using curve25519. The sample code below was taken from the Crypto++ wiki 执行密钥协议。
首先,创建一些临时密钥:
AutoSeededRandomPool rndA, rndB;
x25519 ecdhA(rndA), ecdhB(rndB);
SecByteBlock privA(ecdhA.PrivateKeyLength());
SecByteBlock pubA(ecdhA.PublicKeyLength());
ecdhA.GenerateKeyPair(rndA, privA, pubA);
SecByteBlock privB(ecdhB.PrivateKeyLength());
SecByteBlock pubB(ecdhB.PublicKeyLength());
ecdhB.GenerateKeyPair(rndB, privB, pubB);
其次,设置共享秘密缓冲区:
SecByteBlock sharedA(ecdhA.AgreedValueLength());
SecByteBlock sharedB(ecdhB.AgreedValueLength());
三、执行协议协议:
if(!ecdhA.Agree(sharedA, privA, pubB))
throw std::runtime_error("Failed to reach shared secret (1)");
if(!ecdhB.Agree(sharedB, privB, pubA))
throw std::runtime_error("Failed to reach shared secret (2)");
最后,您可以检查密钥:
HexEncoder encoder(new FileSink(std::cout));
std::cout << "Shared secret (A): ";
StringSource(sharedA, sharedA.size(), true, new Redirector(encoder));
std::cout << std::endl;
std::cout << "Shared secret (B): ";
StringSource(sharedB, sharedB.size(), true, new Redirector(encoder));
std::cout << std::endl;
示例输出如下。
$ ./test.exe
Shared secret (A): B5C105BC3B685869AFBDFE64F15D27D6D0EAAA1A22F03B45B86E09FC76522450
Shared secret (B): B5C105BC3B685869AFBDFE64F15D27D6D0EAAA1A22F03B45B86E09FC76522450
"create some ephemeral keys..." 有很多人放弃了。您仍然需要将临时密钥的 public 部分发送给对方。并且发送给另一方的临时 public 密钥应该被签名,以便另一方知道它是真实的。
... to sign and verify...
这是您与 ed25519 signature scheme. ed25519 is Bernstein's signature scheme using curve25519. The sample code below was taken from the Crypto++ wiki 签约的方式。
首先,创建您的签名密钥:
ed25519::Signer signer;
signer.AccessPrivateKey().GenerateRandom(prng);
其次,保存您的签名密钥:
FileSink fs("private.key.bin");
signer.GetPrivateKey().Save(fs);
第三,使用您的私钥对消息进行签名:
AutoSeededRandomPool prng;
HexEncoder encoder(new FileSink(std::cout));
std::string message = "Yoda said, Do or do not. There is no try.";
std::string signature;
// Determine maximum signature size
size_t siglen = signer.MaxSignatureLength();
signature.resize(siglen);
// Sign, and trim signature to actual size
siglen = signer.SignMessage(prng, (const byte*)&message[0], message.size(), (byte*)&signature[0]);
signature.resize(siglen);
// Print signature to stdout
std::cout << "Signature: ";
StringSource(signature, true, new Redirector(encoder));
std::cout << "\n" << std::endl;
示例输出如下。
$ ./test.exe
Signature: B8EABDAA754BBCDC0B11ADE1FBA52CE39CD52FF42DE95E44CA6103652171468B63446
81DFB09F0D556EBF01BE43064D90C76711D9E1FF0FD3C41AF843DF17909
您可以使用以下代码保存您的 public 密钥。然后,将您的 public 钥匙交给其他人。
ed25519::Signer signer;
...
ed25519::Verifier verifier(signer);
FileSink fs("public.key.bin");
verifier.GetPublicKey().Save(fs);
... I thought I can combine this with HMAC, CMAC or another algorithm [for signing] ...
我不确定如何处理您提出的方案,或 HMAC 和 CMAC 的使用。正如 @Maarten 在评论中指出的那样,您没有描述您正在尝试做什么或陈述算法。我将不理会它。
通常在您的用例中发生的情况是,您使用 Diffie-Hellman 获得共享密钥。然后,您为块密码或流密码和 MAC 派生了几个密钥。您通常使用 HDKF 之类的东西来执行此操作。最后,您键入密码和 mac,然后执行批量加密。
我会冒险提出一个建议,一旦你与 ecdhA.Agree(sharedA, privA, pubB) and/or ecdhB.Agree(sharedB, privB, pubA) 共享密钥,使用 HKDF 派生密钥,然后使用派生密钥来密钥 ChaCha20Poly1305 or XChaCha20Poly1305 (or another authenticated encryption 模式密码)
使用 ChaCha20Poly1305 or XChaCha20Poly1305 时,每条消息都应该(必须!)获得唯一的随机数。只需 运行 一个计数器并在每条消息后增加它。
终于在jww的解答下找到了解决办法。问题正如我在密钥生成中所预期的那样,可能是代码缺少密钥之间的约定部分,虽然我不确定如何解决以前的功能问题。
这里有一个使用 x25519 密钥交换实现 HMAC 签名的工作代码示例。
//g++ -g3 -ggdb -O0 Curve25519_HMAC_2.cpp -o Curve25519_HMAC_2.exe -lpthread -I/usr/local/include/cryptopp -L/usr/local/lib -l cryptopp
//g++ -DNDEBUG -g -g3 -O2 -Wall -Wextra -o Curve25519_HMAC_2 Curve25519_HMAC_2.cpp -I/usr/local/include/cryptopp -L/usr/local/lib -l cryptopp
#include "xed25519.h"
using CryptoPP::x25519;
#include "donna.h"
using CryptoPP::Donna::curve25519_mult;
using CryptoPP::Donna::ed25519_sign;
using CryptoPP::Donna::ed25519_sign_open;
using CryptoPP::Donna::ed25519_publickey;
#include "filters.h"
#include "osrng.h"
#include "cryptlib.h"
#include "files.h"
#include "hex.h"
#include "sha.h"
#include "hmac.h"
using namespace std;
static const int SECRET_KEYLENGTH=32;
static const int PRIVATE_KEYLENGTH=128;
static const int PUBLIC_KEYLENGTH=32;
#include <string>
#include <iostream>
int main(int argc, char* argv[])
{
using namespace CryptoPP;
AutoSeededRandomPool rndA, rndB;
x25519 ecdhA(rndA), ecdhB(rndB);
SecByteBlock privA(ecdhA.PrivateKeyLength());
SecByteBlock pubA(ecdhA.PublicKeyLength());
ecdhA.GenerateKeyPair(rndA, privA, pubA);
SecByteBlock privB(ecdhB.PrivateKeyLength());
SecByteBlock pubB(ecdhB.PublicKeyLength());
ecdhB.GenerateKeyPair(rndB, privB, pubB);
SecByteBlock sharedA(ecdhA.AgreedValueLength());
SecByteBlock sharedB(ecdhB.AgreedValueLength());
if(!ecdhA.Agree(sharedA, privA, pubB))
throw std::runtime_error("Failed to reach shared secret (1)");
if(!ecdhB.Agree(sharedB, privB, pubA))
throw std::runtime_error("Failed to reach shared secret (2)");
HexEncoder encoder(new FileSink(std::cout));
std::cout << "Shared secret (A): ";
StringSource(sharedA, sharedA.size(), true, new Redirector(encoder));
std::cout << std::endl;
std::cout << "Shared secret (B): ";
StringSource(sharedB, sharedB.size(), true, new Redirector(encoder));
std::cout << std::endl;
// We have two keys each.
string plain = "\n\nHMAC Test";
string mac, encoded;
/*********************************\
\*********************************/
cout << "plain text: " << plain << endl;
/*********************************\
\*********************************/
try
{
HMAC< SHA256 > hmac(sharedA, sharedA.size());
StringSource ss2(plain, true,
new HashFilter(hmac,
new StringSink(mac)
) // HashFilter
); // StringSource
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
exit(1);
}
/*********************************\
\*********************************/
// Pretty print
encoded.clear();
StringSource ss3(mac, true,
new HexEncoder(
new StringSink(encoded)
) // HexEncoder
); // StringSource
cout << "hmac: " << encoded << endl;
try
{
HMAC< SHA256 > hmac2(sharedB, sharedB.size());
const int flags = HashVerificationFilter::THROW_EXCEPTION | HashVerificationFilter::HASH_AT_END;
StringSource(plain + mac, true,
new HashVerificationFilter(hmac2, NULL, flags)
); // StringSource
cout << "Verified message" << endl;
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
}
return 0;
}
这是输出:
Shared secret (A): 284FE14022541BD8939C40249A3805DB6C4548B01FF0826253E6FAC53C489D46
Shared secret (B): 284FE14022541BD8939C40249A3805DB6C4548B01FF0826253E6FAC53C489D46
plain text:
HMAC Test
hmac: BCFEE5E6CCA6EB9818D961DA22545CE9989E799430AA54E9EDBEF35A244D4C77
Verified message
我正在我的一个项目中实施 Curve25519。我想我可以将它与 HMAC、CMAC 或其他算法结合起来进行签名和验证。问题是 Curve25519 没有生成相同的共享密钥。
我对密码学不太了解,我不知道是我做错了什么,还是我无法将 Curve25519 与 HMAC 结合使用。
这是我准备的测试代码。
#include "xed25519.h"
using CryptoPP::x25519;
#include "donna.h"
using CryptoPP::Donna::curve25519_mult;
using CryptoPP::Donna::ed25519_sign;
using CryptoPP::Donna::ed25519_sign_open;
using CryptoPP::Donna::ed25519_publickey;
#include "filters.h"
#include "osrng.h"
#include "cryptlib.h"
#include "files.h"
#include "hex.h"
#include "sha.h"
#include "hmac.h"
using namespace std;
static const int SECRET_KEYLENGTH=32;
static const int PRIVATE_KEYLENGTH=128;
static const int PUBLIC_KEYLENGTH=32;
#include <string>
#include <iostream>
int main(int argc, char* argv[])
{
using namespace CryptoPP;
AutoSeededRandomPool prng, prng2;
byte *aux ;// new byte[PRIVATE_KEYLENGTH];
byte privateKey[PUBLIC_KEYLENGTH];
byte publicKey[PUBLIC_KEYLENGTH];
// Node 1
x25519 x(privateKey, publicKey) ; //( const byte y[PUBLIC_KEYLENGTH],const byte x[SECRET_KEYLENGTH]
cout << "1- Generating private key " << endl;
aux = new byte;
x.GeneratePrivateKey(prng, privateKey);
Integer intPrvK(privateKey, sizeof(privateKey));
cout << "Private key created " << intPrvK << endl;
cout << "1- Generating public key " << endl;
//void GeneratePublicKey (RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
if(curve25519_mult(privateKey, publicKey) == 0 ){
Integer intPubK(publicKey, sizeof(publicKey));
cout << "1- Public key created " << intPubK << endl;
//cout << "1- The new public key is " << privateKey << endl;
}
else
cout << "curve25519_mult did not work " << endl;
//Node 2
byte privateKey2[PUBLIC_KEYLENGTH];
byte publicKey2[PUBLIC_KEYLENGTH];
x25519 y(privateKey2, publicKey2) ; //( const byte y[PUBLIC_KEYLENGTH],const byte x[SECRET_KEYLENGTH]
cout << "2- Generating private key " << endl;
aux = new byte;
y.GeneratePrivateKey(prng2, privateKey2);
Integer intPrvK2(privateKey2, sizeof(privateKey2));
cout << "2- Private key created " << intPrvK2 << endl;
cout << "2- Generating public key " << endl;
//void GeneratePublicKey (RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
if(curve25519_mult(privateKey2, publicKey2) == 0 ){
Integer intPubK2(publicKey2, sizeof(publicKey2));
cout << "2- Public key created " << intPubK2 << endl;
//cout << "2- The new public key is " << privateKey2 << endl;
}
else
cout << "2- curve25519_mult did not work " << endl;
cout << "\nGenerations of shared keys" << endl;
/*int curve25519_mult ( byte sharedKey[32],
const byte secretKey[32],
const byte othersKey[32]
) */
byte sharedKey1_2[PUBLIC_KEYLENGTH];
byte sharedKey2_1[PUBLIC_KEYLENGTH];
if( curve25519_mult(sharedKey1_2, privateKey, publicKey2) == 0){
Integer intSharedKey1_2(sharedKey1_2, sizeof(sharedKey1_2));
cout << "1- Shared key created " << intSharedKey1_2 << endl;
}
if( curve25519_mult(sharedKey2_1, privateKey2, publicKey) == 0){
Integer intSharedKey2_1(sharedKey2_1, sizeof(sharedKey2_1));
cout << "2- Shared key created " << intSharedKey2_1 << endl;
}
// We have two keys each.
string plain = "\n\nHMAC Test";
string mac, encoded;
/*********************************\
\*********************************/
cout << "plain text: " << plain << endl;
/*********************************\
\*********************************/
try
{
HMAC< SHA256 > hmac(sharedKey1_2, PUBLIC_KEYLENGTH);
StringSource ss2(plain, true,
new HashFilter(hmac,
new StringSink(mac)
) // HashFilter
); // StringSource
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
exit(1);
}
/*********************************\
\*********************************/
// Pretty print
encoded.clear();
StringSource ss3(mac, true,
new HexEncoder(
new StringSink(encoded)
) // HexEncoder
); // StringSource
cout << "hmac: " << encoded << endl;
try
{
HMAC< SHA256 > hmac2(sharedKey2_1, PUBLIC_KEYLENGTH);
const int flags = HashVerificationFilter::THROW_EXCEPTION | HashVerificationFilter::HASH_AT_END;
StringSource(plain + mac, true,
new HashVerificationFilter(hmac2, NULL, flags)
); // StringSource
cout << "Verified message" << endl;
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
}
return 0;
}
编辑:这是这段代码的输出:
1- Generating private key
Private key created 3951427468589058657788500055898583055730859037456996206614247149081707227760.
1- Generating public key
1- Public key created 2713877106980505211026290261997698325438191786766062178625865092937394618368.
2- Generating private key
2- Private key created 58089620826126204922773651760985512282935010454438059044416143831910823682427.
2- Generating public key
2- Public key created 1185077373537344710091841384487531087158005785833397747712.
Generations of shared keys
1- Shared key created 32717475549536125870454478996763331991259932599267432219938737089203052157444.
2- Shared key created 83438083910146518364399797164490155462911710345063602550172142504835353991253.
plain text:
HMAC Test
hmac: 27C84FED802319639DF86D36E43090666D6CB20F556778B90819087BC55C2249
HashVerificationFilter: message hash or MAC not valid
希望大家能给我解释一下
提前致谢!!
The problem is that Curve25519 is not generating the same shared keys...
curve25519 描述了底层字段。 x25519 是该领域的关键协议。协议的每个 运行 都会产生一个新的共享秘密。那是因为每次协议 运行 都会使用一组新的随机参数。
以下是您如何与 x25519. x25519 is Bernstein's key agreement scheme using curve25519. The sample code below was taken from the Crypto++ wiki 执行密钥协议。
首先,创建一些临时密钥:
AutoSeededRandomPool rndA, rndB;
x25519 ecdhA(rndA), ecdhB(rndB);
SecByteBlock privA(ecdhA.PrivateKeyLength());
SecByteBlock pubA(ecdhA.PublicKeyLength());
ecdhA.GenerateKeyPair(rndA, privA, pubA);
SecByteBlock privB(ecdhB.PrivateKeyLength());
SecByteBlock pubB(ecdhB.PublicKeyLength());
ecdhB.GenerateKeyPair(rndB, privB, pubB);
其次,设置共享秘密缓冲区:
SecByteBlock sharedA(ecdhA.AgreedValueLength());
SecByteBlock sharedB(ecdhB.AgreedValueLength());
三、执行协议协议:
if(!ecdhA.Agree(sharedA, privA, pubB))
throw std::runtime_error("Failed to reach shared secret (1)");
if(!ecdhB.Agree(sharedB, privB, pubA))
throw std::runtime_error("Failed to reach shared secret (2)");
最后,您可以检查密钥:
HexEncoder encoder(new FileSink(std::cout));
std::cout << "Shared secret (A): ";
StringSource(sharedA, sharedA.size(), true, new Redirector(encoder));
std::cout << std::endl;
std::cout << "Shared secret (B): ";
StringSource(sharedB, sharedB.size(), true, new Redirector(encoder));
std::cout << std::endl;
示例输出如下。
$ ./test.exe
Shared secret (A): B5C105BC3B685869AFBDFE64F15D27D6D0EAAA1A22F03B45B86E09FC76522450
Shared secret (B): B5C105BC3B685869AFBDFE64F15D27D6D0EAAA1A22F03B45B86E09FC76522450
"create some ephemeral keys..." 有很多人放弃了。您仍然需要将临时密钥的 public 部分发送给对方。并且发送给另一方的临时 public 密钥应该被签名,以便另一方知道它是真实的。
... to sign and verify...
这是您与 ed25519 signature scheme. ed25519 is Bernstein's signature scheme using curve25519. The sample code below was taken from the Crypto++ wiki 签约的方式。
首先,创建您的签名密钥:
ed25519::Signer signer;
signer.AccessPrivateKey().GenerateRandom(prng);
其次,保存您的签名密钥:
FileSink fs("private.key.bin");
signer.GetPrivateKey().Save(fs);
第三,使用您的私钥对消息进行签名:
AutoSeededRandomPool prng;
HexEncoder encoder(new FileSink(std::cout));
std::string message = "Yoda said, Do or do not. There is no try.";
std::string signature;
// Determine maximum signature size
size_t siglen = signer.MaxSignatureLength();
signature.resize(siglen);
// Sign, and trim signature to actual size
siglen = signer.SignMessage(prng, (const byte*)&message[0], message.size(), (byte*)&signature[0]);
signature.resize(siglen);
// Print signature to stdout
std::cout << "Signature: ";
StringSource(signature, true, new Redirector(encoder));
std::cout << "\n" << std::endl;
示例输出如下。
$ ./test.exe
Signature: B8EABDAA754BBCDC0B11ADE1FBA52CE39CD52FF42DE95E44CA6103652171468B63446
81DFB09F0D556EBF01BE43064D90C76711D9E1FF0FD3C41AF843DF17909
您可以使用以下代码保存您的 public 密钥。然后,将您的 public 钥匙交给其他人。
ed25519::Signer signer;
...
ed25519::Verifier verifier(signer);
FileSink fs("public.key.bin");
verifier.GetPublicKey().Save(fs);
... I thought I can combine this with HMAC, CMAC or another algorithm [for signing] ...
我不确定如何处理您提出的方案,或 HMAC 和 CMAC 的使用。正如 @Maarten 在评论中指出的那样,您没有描述您正在尝试做什么或陈述算法。我将不理会它。
通常在您的用例中发生的情况是,您使用 Diffie-Hellman 获得共享密钥。然后,您为块密码或流密码和 MAC 派生了几个密钥。您通常使用 HDKF 之类的东西来执行此操作。最后,您键入密码和 mac,然后执行批量加密。
我会冒险提出一个建议,一旦你与 ecdhA.Agree(sharedA, privA, pubB) and/or ecdhB.Agree(sharedB, privB, pubA) 共享密钥,使用 HKDF 派生密钥,然后使用派生密钥来密钥 ChaCha20Poly1305 or XChaCha20Poly1305 (or another authenticated encryption 模式密码)
使用 ChaCha20Poly1305 or XChaCha20Poly1305 时,每条消息都应该(必须!)获得唯一的随机数。只需 运行 一个计数器并在每条消息后增加它。
终于在jww的解答下找到了解决办法。问题正如我在密钥生成中所预期的那样,可能是代码缺少密钥之间的约定部分,虽然我不确定如何解决以前的功能问题。
这里有一个使用 x25519 密钥交换实现 HMAC 签名的工作代码示例。
//g++ -g3 -ggdb -O0 Curve25519_HMAC_2.cpp -o Curve25519_HMAC_2.exe -lpthread -I/usr/local/include/cryptopp -L/usr/local/lib -l cryptopp
//g++ -DNDEBUG -g -g3 -O2 -Wall -Wextra -o Curve25519_HMAC_2 Curve25519_HMAC_2.cpp -I/usr/local/include/cryptopp -L/usr/local/lib -l cryptopp
#include "xed25519.h"
using CryptoPP::x25519;
#include "donna.h"
using CryptoPP::Donna::curve25519_mult;
using CryptoPP::Donna::ed25519_sign;
using CryptoPP::Donna::ed25519_sign_open;
using CryptoPP::Donna::ed25519_publickey;
#include "filters.h"
#include "osrng.h"
#include "cryptlib.h"
#include "files.h"
#include "hex.h"
#include "sha.h"
#include "hmac.h"
using namespace std;
static const int SECRET_KEYLENGTH=32;
static const int PRIVATE_KEYLENGTH=128;
static const int PUBLIC_KEYLENGTH=32;
#include <string>
#include <iostream>
int main(int argc, char* argv[])
{
using namespace CryptoPP;
AutoSeededRandomPool rndA, rndB;
x25519 ecdhA(rndA), ecdhB(rndB);
SecByteBlock privA(ecdhA.PrivateKeyLength());
SecByteBlock pubA(ecdhA.PublicKeyLength());
ecdhA.GenerateKeyPair(rndA, privA, pubA);
SecByteBlock privB(ecdhB.PrivateKeyLength());
SecByteBlock pubB(ecdhB.PublicKeyLength());
ecdhB.GenerateKeyPair(rndB, privB, pubB);
SecByteBlock sharedA(ecdhA.AgreedValueLength());
SecByteBlock sharedB(ecdhB.AgreedValueLength());
if(!ecdhA.Agree(sharedA, privA, pubB))
throw std::runtime_error("Failed to reach shared secret (1)");
if(!ecdhB.Agree(sharedB, privB, pubA))
throw std::runtime_error("Failed to reach shared secret (2)");
HexEncoder encoder(new FileSink(std::cout));
std::cout << "Shared secret (A): ";
StringSource(sharedA, sharedA.size(), true, new Redirector(encoder));
std::cout << std::endl;
std::cout << "Shared secret (B): ";
StringSource(sharedB, sharedB.size(), true, new Redirector(encoder));
std::cout << std::endl;
// We have two keys each.
string plain = "\n\nHMAC Test";
string mac, encoded;
/*********************************\
\*********************************/
cout << "plain text: " << plain << endl;
/*********************************\
\*********************************/
try
{
HMAC< SHA256 > hmac(sharedA, sharedA.size());
StringSource ss2(plain, true,
new HashFilter(hmac,
new StringSink(mac)
) // HashFilter
); // StringSource
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
exit(1);
}
/*********************************\
\*********************************/
// Pretty print
encoded.clear();
StringSource ss3(mac, true,
new HexEncoder(
new StringSink(encoded)
) // HexEncoder
); // StringSource
cout << "hmac: " << encoded << endl;
try
{
HMAC< SHA256 > hmac2(sharedB, sharedB.size());
const int flags = HashVerificationFilter::THROW_EXCEPTION | HashVerificationFilter::HASH_AT_END;
StringSource(plain + mac, true,
new HashVerificationFilter(hmac2, NULL, flags)
); // StringSource
cout << "Verified message" << endl;
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
}
return 0;
}
这是输出:
Shared secret (A): 284FE14022541BD8939C40249A3805DB6C4548B01FF0826253E6FAC53C489D46
Shared secret (B): 284FE14022541BD8939C40249A3805DB6C4548B01FF0826253E6FAC53C489D46
plain text:
HMAC Test
hmac: BCFEE5E6CCA6EB9818D961DA22545CE9989E799430AA54E9EDBEF35A244D4C77
Verified message