如何使用EdDSA/Ed448签名算法重新生成私钥?
How to regenerate private key using EdDSA/Ed448 signature algorithm?
这是我生成密钥对的方式:
var keyPairGenerator = KeyPairGenerator.getInstance("Ed448");
keyPairGenerator.initialize(448, SecureRandom.getInstanceStrong());
var keyPair = keyPairGenerator.generateKeyPair();
var privateKey = keyPair.getPrivate();
var publicKey = keyPair.getPublic();
byte[] privateKeyBytes = privateKey.getEncoded();
byte[] publicKeyBytes = publicKey.getEncoded();
但是,当我再次尝试重新生成密钥时,出现异常:
var keyFactory = KeyFactory.getInstance("EdDSA");
var edECPoint = byteArrayToEdPoint(publicKeyBytes);
var edECPublicKeySpec = new EdECPublicKeySpec(new NamedParameterSpec("Ed448"), edECPoint);
var publicKey = keyFactory.generatePublic(edECPublicKeySpec);
var edECPrivateKeySpec = new EdECPrivateKeySpec(new NamedParameterSpec("Ed448"), privateKeyBytes);
var privateKey = keyFactory.generatePrivate(edECPrivateKeySpec); // generatePrivate() throws exception
异常堆栈跟踪:
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: key length is 73, key length must be 57
at jdk.crypto.ec/sun.security.ec.ed.EdDSAKeyFactory.engineGeneratePrivate(EdDSAKeyFactory.java:129)
at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
at io.fouad.Main.main(Main.java:48)
Caused by: java.security.InvalidKeyException: key length is 73, key length must be 57
at jdk.crypto.ec/sun.security.ec.ed.EdDSAPrivateKeyImpl.checkLength(EdDSAPrivateKeyImpl.java:84)
at jdk.crypto.ec/sun.security.ec.ed.EdDSAPrivateKeyImpl.<init>(EdDSAPrivateKeyImpl.java:61)
at jdk.crypto.ec/sun.security.ec.ed.EdDSAKeyFactory.generatePrivateImpl(EdDSAKeyFactory.java:171)
at jdk.crypto.ec/sun.security.ec.ed.EdDSAKeyFactory.engineGeneratePrivate(EdDSAKeyFactory.java:127)
... 2 more
这是我从 OpenJDK repo:
复制的一些实用程序
private static EdECPoint byteArrayToEdPoint(byte[] arr)
{
byte msb = arr[arr.length - 1];
boolean xOdd = (msb & 0x80) != 0;
arr[arr.length - 1] &= (byte) 0x7F;
reverse(arr);
BigInteger y = new BigInteger(1, arr);
return new EdECPoint(xOdd, y);
}
private static void reverse(byte [] arr)
{
int i = 0;
int j = arr.length - 1;
while(i < j)
{
swap(arr, i, j);
i++;
j--;
}
}
private static void swap(byte[] arr, int i, int j)
{
byte tmp = arr[i];
arr[i] = arr[j];
arr[j] = tmp;
}
由于 privateKey.getEncoded(实例将是 EdDSAPrivateKeyImpl 类型)将 return PKCS8 格式的密钥,您应该使用 PKCS8EncodedKeySpec :
var keyFactory = KeyFactory.getInstance("EdDSA");
var pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
var privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
否则您将不得不自己解包序列并获得 PrivateKey(这是 OctetString),如 RFC5958-section2 中所述。然后你可以使用 EdECPrivateKeySpec.
这是我生成密钥对的方式:
var keyPairGenerator = KeyPairGenerator.getInstance("Ed448");
keyPairGenerator.initialize(448, SecureRandom.getInstanceStrong());
var keyPair = keyPairGenerator.generateKeyPair();
var privateKey = keyPair.getPrivate();
var publicKey = keyPair.getPublic();
byte[] privateKeyBytes = privateKey.getEncoded();
byte[] publicKeyBytes = publicKey.getEncoded();
但是,当我再次尝试重新生成密钥时,出现异常:
var keyFactory = KeyFactory.getInstance("EdDSA");
var edECPoint = byteArrayToEdPoint(publicKeyBytes);
var edECPublicKeySpec = new EdECPublicKeySpec(new NamedParameterSpec("Ed448"), edECPoint);
var publicKey = keyFactory.generatePublic(edECPublicKeySpec);
var edECPrivateKeySpec = new EdECPrivateKeySpec(new NamedParameterSpec("Ed448"), privateKeyBytes);
var privateKey = keyFactory.generatePrivate(edECPrivateKeySpec); // generatePrivate() throws exception
异常堆栈跟踪:
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: key length is 73, key length must be 57
at jdk.crypto.ec/sun.security.ec.ed.EdDSAKeyFactory.engineGeneratePrivate(EdDSAKeyFactory.java:129)
at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
at io.fouad.Main.main(Main.java:48)
Caused by: java.security.InvalidKeyException: key length is 73, key length must be 57
at jdk.crypto.ec/sun.security.ec.ed.EdDSAPrivateKeyImpl.checkLength(EdDSAPrivateKeyImpl.java:84)
at jdk.crypto.ec/sun.security.ec.ed.EdDSAPrivateKeyImpl.<init>(EdDSAPrivateKeyImpl.java:61)
at jdk.crypto.ec/sun.security.ec.ed.EdDSAKeyFactory.generatePrivateImpl(EdDSAKeyFactory.java:171)
at jdk.crypto.ec/sun.security.ec.ed.EdDSAKeyFactory.engineGeneratePrivate(EdDSAKeyFactory.java:127)
... 2 more
这是我从 OpenJDK repo:
复制的一些实用程序private static EdECPoint byteArrayToEdPoint(byte[] arr)
{
byte msb = arr[arr.length - 1];
boolean xOdd = (msb & 0x80) != 0;
arr[arr.length - 1] &= (byte) 0x7F;
reverse(arr);
BigInteger y = new BigInteger(1, arr);
return new EdECPoint(xOdd, y);
}
private static void reverse(byte [] arr)
{
int i = 0;
int j = arr.length - 1;
while(i < j)
{
swap(arr, i, j);
i++;
j--;
}
}
private static void swap(byte[] arr, int i, int j)
{
byte tmp = arr[i];
arr[i] = arr[j];
arr[j] = tmp;
}
由于 privateKey.getEncoded(实例将是 EdDSAPrivateKeyImpl 类型)将 return PKCS8 格式的密钥,您应该使用 PKCS8EncodedKeySpec :
var keyFactory = KeyFactory.getInstance("EdDSA");
var pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
var privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
否则您将不得不自己解包序列并获得 PrivateKey(这是 OctetString),如 RFC5958-section2 中所述。然后你可以使用 EdECPrivateKeySpec.