将 base-64 spki 字符串转换为 public 密钥
convert base-64 spki string into public key
我正在尝试找到一个 python 与此 js 函数等效的函数:
/**
* Generating the shared secret with the merchant private key and the ephemeral public key(part of the payment token data)
* using Elliptic Curve Diffie-Hellman (id-ecDH 1.3.132.1.12).
* As the Apple Pay certificate is issued using prime256v1 encryption, create elliptic curve key instances using the package - https://www.npmjs.com/package/ec-key
*/
sharedSecret (privatePem) {
const prv = new ECKey(privatePem, 'pem') // Create a new ECkey instance from PEM formatted string
const publicEc = new ECKey(this.ephemeralPublicKey, 'spki') // Create a new ECKey instance from a base-64 spki string
return prv.computeSecret(publicEc).toString('hex') // Compute secret using private key for provided ephemeral public key
}
public 我尝试转换的密钥:
(应该是 base-64 spki 字符串?)
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYtpZKqPDqavs4KzNnMoxWdIThKe/ErKMI/l34Y9/xVkt4DU4BrCaQnGLlRGx+Pn/WHPkQg3BYoRH4xUWswNhEA==
我设法做到的:
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, EllipticCurvePublicKey, ECDH
from cryptography.hazmat.primitives.serialization import load_pem_private_key
def __compute_shared_secret(ephemeral_public_key: str) -> bytes:
curve = SECP256R1()
key = base64.b64decode(ephemeral_public_key)
public_key = EllipticCurvePublicKey.from_encoded_point(curve, key) # problem here
server_private_key = load_pem_private_key(<private_key>, password=None)
shared_secret = server_private_key.exchange(ECDH(), public_key)
return shared_secret
ValueError: Unsupported elliptic curve point type
据我了解,在 EllipticCurvePublicKey 中使用它之前,我需要将 public 密钥转换为某些内容,但我不知道应该进行哪种类型的转换。
根据 JavaScript 库的 documentation 行
const publicEc = new ECKey(this.ephemeralPublicKey, 'spki')
导入 Base64 编码的 X.509/SPKI DER 密钥。
在 Python 中,这可以通过密码学库的 load_der_public_key() 完成,如下所示:
from cryptography.hazmat.primitives.serialization import load_der_public_key
import base64
...
public_key = load_der_public_key(base64.b64decode(ephemeral_public_key))
这里,ephemeral_public_key是Base64编码的X.509/SPKI DER密钥。
通过更改 Python 代码,可以确定共享秘密。
我正在尝试找到一个 python 与此 js 函数等效的函数:
/**
* Generating the shared secret with the merchant private key and the ephemeral public key(part of the payment token data)
* using Elliptic Curve Diffie-Hellman (id-ecDH 1.3.132.1.12).
* As the Apple Pay certificate is issued using prime256v1 encryption, create elliptic curve key instances using the package - https://www.npmjs.com/package/ec-key
*/
sharedSecret (privatePem) {
const prv = new ECKey(privatePem, 'pem') // Create a new ECkey instance from PEM formatted string
const publicEc = new ECKey(this.ephemeralPublicKey, 'spki') // Create a new ECKey instance from a base-64 spki string
return prv.computeSecret(publicEc).toString('hex') // Compute secret using private key for provided ephemeral public key
}
public 我尝试转换的密钥: (应该是 base-64 spki 字符串?)
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYtpZKqPDqavs4KzNnMoxWdIThKe/ErKMI/l34Y9/xVkt4DU4BrCaQnGLlRGx+Pn/WHPkQg3BYoRH4xUWswNhEA==
我设法做到的:
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, EllipticCurvePublicKey, ECDH
from cryptography.hazmat.primitives.serialization import load_pem_private_key
def __compute_shared_secret(ephemeral_public_key: str) -> bytes:
curve = SECP256R1()
key = base64.b64decode(ephemeral_public_key)
public_key = EllipticCurvePublicKey.from_encoded_point(curve, key) # problem here
server_private_key = load_pem_private_key(<private_key>, password=None)
shared_secret = server_private_key.exchange(ECDH(), public_key)
return shared_secret
ValueError: Unsupported elliptic curve point type
据我了解,在 EllipticCurvePublicKey 中使用它之前,我需要将 public 密钥转换为某些内容,但我不知道应该进行哪种类型的转换。
根据 JavaScript 库的 documentation 行
const publicEc = new ECKey(this.ephemeralPublicKey, 'spki')
导入 Base64 编码的 X.509/SPKI DER 密钥。
在 Python 中,这可以通过密码学库的 load_der_public_key() 完成,如下所示:
from cryptography.hazmat.primitives.serialization import load_der_public_key
import base64
...
public_key = load_der_public_key(base64.b64decode(ephemeral_public_key))
这里,ephemeral_public_key是Base64编码的X.509/SPKI DER密钥。
通过更改 Python 代码,可以确定共享秘密。