如何在.net框架4.7及以上中用ECDH实现重新计算对称密钥？

Question

1. 甲方拥有ECC证书(连同其私钥)
2. 甲方将此证书寄给乙方
3. 乙方从本证书中计算ECDiffieHellmanPublicKey var cert = new X509Certificate2(certBytes)；var bytesWithFormatIndicator = cert.PublicKey.EncodedKeyValue.RawData；var bytesWithoutFormatIndicator = bytesWithFormatIndicator.Skip(1).ToArray()；var preBytes = "45434b3120000000".HexToBytes()；//前8个字节是椭圆曲线P-256 var rawBytes = bytesWithoutFormatIndicator；var fullBytes = new bytepreBytes.Length + rawBytes.Length；Buffer.BlockCopy(preBytes，0，fullBytes，0，rawBytes.Length)；preBytes(，0，)；en25#=##en26)；
4. 乙方创建ECDH实现(即短暂的公钥和私钥对) var ecdhReceiver =ecdhReceiver
5. 乙方使用上述ECDH实现以及甲方ECC证书公钥(以及一些预置和附加字节)并计算对称密钥 var prependBytes = "00000001".HexToBytes()；var appendBytes = "00000002".HexToBytes()；var derivedSymmetricKey = HashAlgorithmName.SHA256，prependBytes，appendBytes)；
6. 乙方将临时公钥(从上述ECDH实施)发送给甲方 var ephemeralKeyBytesWithoutFormat =ephemeralKeyBytesWithoutFormat
7. 甲方现在的目标是使用乙方的临时公钥和甲方的ECC证书(及其私钥)计算相同的对称密钥。

我被困在(7)了。任何帮助都是非常感谢的。

谢谢。

Answer 1

事实证明这比我想象的要容易得多：

( 1)甲方可以从打开的ssl命令中转储私钥和公钥信息。

    openssl ec -in chris\key.pem -text -noout

( 2)甲方获得如下产出。

    Private-Key: (256 bit)
    priv:
        36:aa:94:67:66:2c:c5:3a:6b:44:da:af:2b:af:69:
        eb:83:e1:f6:b2:43:52:b5:b4:82:4f:bb:a7:64:71:
        68:3f
    pub:
        04:e7:b2:14:ce:a1:66:0a:2f:1f:3d:5e:af:95:be:
        e4:4b:00:27:fd:1a:06:f7:14:10:88:2a:ed:2c:51:
        1b:54:13:16:3e:05:f5:5b:bc:48:30:4a:49:32:46:
        7f:ca:fe:cc:b1:a0:09:91:6b:fd:8f:01:7f:41:ba:
        35:50:6e:a4:da
    ASN1 OID: prime256v1
    NIST CURVE: P-256

3)甲方使用上述信息构建ECDH实现(公钥中的前导字节0x04是格式指示符，忽略它)：

    var ecParamsReceiver = new ECParameters
    {
        Curve = ECCurve.NamedCurves.nistP256,
        D = "36aa9467662cc53a6b44daaf2baf69eb83e1f6b24352b5b4824fbba76471683f".HexToBytes(),
        Q = new ECPoint()
        {
            X = "e7b214cea1660a2f1f3d5eaf95bee44b0027fd1a06f71410882aed2c511b5413".HexToBytes(),
            Y = "163e05f55bbc48304a4932467fcafeccb1a009916bfd8f017f41ba35506ea4da".HexToBytes(),
        }
    };
    ecParamsReceiver.Validate();
    var receiverEcdh = ECDiffieHellman.Create(ecParamsReceiver);

(四)甲方从乙方临时公钥中构建乙方公钥

    var senderEphemeralPublicKey = ephemeralKeyBytesWithoutFormat;
    var ecParams = new ECParameters
    {
        Curve = ECCurve.NamedCurves.nistP256,
        Q = new ECPoint()
        {
            X = senderEphemeralPublicKey.Take(senderEphemeralPublicKey.Length / 2).ToArray(),
            Y = senderEphemeralPublicKey.Skip(senderEphemeralPublicKey.Length / 2).Take(senderEphemeralPublicKey.Length / 2).ToArray(),
        }
    };
    ecParams.Validate();
    var senderEcdh = ECDiffieHellman.Create(ecParams);

( 5)甲方使用相同的预置字节和附加字节计算相同的对称密钥

    var prependBytes = "00000001".HexToBytes();
    var appendBytes = "00000002".HexToBytes();
    var derivedSymmetricKey = receiverEcdh.DeriveKeyFromHash(senderEcdh.PublicKey, HashAlgorithmName.SHA256, prependBytes, appendBytes);