javascript - 使用 Elliptic JS 库从公钥生成共享密钥
问题描述
我正在尝试使用Elliptic JS库来生成一个可以在两个人之间使用的共享密钥(来自他们的示例)。
问题是该示例每次都会生成一个新的密钥对 - 我想让一个人使用他们自己的私钥,而另一个人使用公钥。
这是我到目前为止所拥有的:
var EC = require('elliptic').ec;
var ec = new EC('curve25519');
var key1 = ec.keyFromPrivate('BLAHBLAHBLAH1');
var publicKey1 = key1.getPublic();
///// HOW DO I START WITH KEY2 BEING THE PUBLIC KEY, NOT KEYFROMPRIVATE? /////
var key2 = ec.keyFromPrivate('BLAHBLAHBLAH2');
var publicKey2 = key2.getPublic();
var shared1 = key1.derive(publicKey2);
var shared2 = key2.derive(publicKey1);
console.log(shared1.toString(16));
console.log(shared2.toString(16));
任何想法都会非常有帮助!
解决方案
So maybe it's better to explain this a little.
With Elliptic curve crypto, the private key is just a number (a big one).
The public key is actually a point on the curve (like actually x, y).
You must generate a private key first in order to obtain the corresponding public key coordinate, as you may know, the trap door function in ECC is predicated upon not being able to deduce a private key from a public key point.
The public key is obtained by scalar multiplication of the private key by a special point on the curve called the generator point.
So... that said, the only way to start with a public key that you know, would be to have (at some point previous), generated and stored the private key, calculated the corresponding public key by using the standard methods (which FYI, is actually a process where one scalar multiplies a private key number by a known generator (special publicly known x,y point) on the curve, and then store the public key for future use.
One last thing, what you're doing here (you may already know) is ECDH (Elliptic curve Diffie Hellman), generating a shared secret using the Diffie Hellman protocol.
In that protocol, generally you use ephemeral (temporary) key pairs every time. That way each session has a new session key, meaning forward secrecy isn't predicated upon one single private key.
Additionally remember that a derived ECDH secret is not ready to use as a symmetric key. It should be passed through a HKDF (key derivation function), as random secret != uniform secret suitable for cryptographic use.
Any questions pls ask below, great explanation as to why it's important to use ephemeral keys in ECDH here from @Maarten.
Please let me know if this is not clear.
推荐阅读
- mysql - 完整性约束瓶
- java - JPA 保存多个实体在 Spring @Transactional 中不回滚并启用 Exception.class 回滚
- r - 如何使用 plot_ly 绘制 3d 曲面?
- laravel - Validator.php 第 2631 行中的 ErrorException:strpos() 期望参数 1 为字符串,给定对象
- android - 使用正确的上下文
- javascript - JavaScript:获取回调函数的对象引用
- gis - 使用 Presto 进行地理空间聚类
- c# - 无法使用 Serilog MongoDb 接收器进行记录
- java - 理解 ArrayList 中 clear() 背后的逻辑
- javascript - 从源代码中删除所有 aria-hidden="true"