使用 pycryptodome 从 EC 生成共享密钥
Shared key generation from EC with pycryptodome
我目前正在做一个项目,我需要计算一个 hkdf 对称密钥。
为此,我需要从私钥和临时 public 密钥生成共享密钥。
在我剩下的工作中,我确实使用了 pycryptodome but i can't find in the doc if it allow generation of shared secret. I saw in the futur plan their intention to add Elliptic Curves (ECIES, ECDH),因为 ecdh 是基于共享密钥的,如果尚未实现共享密钥生成,也不会令人惊讶。
我也尝试使用加密库,但无法加载我的临时密钥。
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec
def __compute_shared_secret(ephemeral_public_key: bytearray) -> bytes:
client_public_key = serialization.load_der_public_key(ephemeral_public_key)
server_private_key = serialization.load_der_private_key(b"my_private", password=None)
shared_secret = server_private_key.exchange(ec.ECDH(), client_public_key)
return shared_secret
Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
ephemeral_public_key 是 base64 编码并由 gpay api.
给出
我想知道我是否可以使用 pycryptodome 来做到这一点,如果不能,是否只对这部分使用加密库是个好主意。
在@Topaco 的帮助下,我最终实现了这个功能:
from cryptography.hazmat.primitives.asymmetric.ec import ECDH
from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1
from cryptography.hazmat.primitives.serialization import load_pem_private_key
def __compute_shared_secret(ephemeral_public_key: bytearray) -> bytes:
curve = SECP256R1()
public_key = EllipticCurvePublicKey.from_encoded_point(curve, bytes(ephemeral_public_key))
server_private_key = load_pem_private_key(b'<private_key>', password=None)
shared_secret = server_private_key.exchange(ECDH(), public_key)
return shared_secret
它工作得很好
我目前正在做一个项目,我需要计算一个 hkdf 对称密钥。 为此,我需要从私钥和临时 public 密钥生成共享密钥。
在我剩下的工作中,我确实使用了 pycryptodome but i can't find in the doc if it allow generation of shared secret. I saw in the futur plan their intention to add Elliptic Curves (ECIES, ECDH),因为 ecdh 是基于共享密钥的,如果尚未实现共享密钥生成,也不会令人惊讶。
我也尝试使用加密库,但无法加载我的临时密钥。
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec
def __compute_shared_secret(ephemeral_public_key: bytearray) -> bytes:
client_public_key = serialization.load_der_public_key(ephemeral_public_key)
server_private_key = serialization.load_der_private_key(b"my_private", password=None)
shared_secret = server_private_key.exchange(ec.ECDH(), client_public_key)
return shared_secret
Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
ephemeral_public_key 是 base64 编码并由 gpay api.
给出我想知道我是否可以使用 pycryptodome 来做到这一点,如果不能,是否只对这部分使用加密库是个好主意。
在@Topaco 的帮助下,我最终实现了这个功能:
from cryptography.hazmat.primitives.asymmetric.ec import ECDH
from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1
from cryptography.hazmat.primitives.serialization import load_pem_private_key
def __compute_shared_secret(ephemeral_public_key: bytearray) -> bytes:
curve = SECP256R1()
public_key = EllipticCurvePublicKey.from_encoded_point(curve, bytes(ephemeral_public_key))
server_private_key = load_pem_private_key(b'<private_key>', password=None)
shared_secret = server_private_key.exchange(ECDH(), public_key)
return shared_secret
它工作得很好