BouncyCastle ECDSA证书包括顺序、生成器(未压缩)、余因数和种子x509字段？

Question

这些字段(Order、Generator、Cofactor、.etc)在写入Org.BouncyCastle.X509.X509Certificate.GetEncoded()文件时包含在哪些字段中？它们看起来是畸形的吗？输出的证书和私钥PEM文件匹配。

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        be:d0:a2:d6:d8:08:6b:16:99:02:fa:fd:ed:21:1d
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: CN=TestCertificate
    Validity
        Not Before: Dec 17 19:39:54 2019 GMT
        Not After : Dec 17 19:39:54 2030 GMT
    Subject: CN=TestCertificate
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub:
                04:19:1c:31:a8:b9:d9:9f:05:6e:d4:85:25:53:c0:
                ca:a9:44:05:f6:13:ee:6e:eb:86:f5:44:b6:90:96:
                de:02:d0:41:fc:80:c5:26:23:d7:e9:4c:d3:cd:aa:
                57:80:c6:69:8d:5f:e8:ae:39:12:53:e1:1d:b3:fb:
                98:89:2e:8c:f6
            Field Type: prime-field
            Prime:
                00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                ff:ff:ff
            A:   
                00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
                00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
                ff:ff:fc
            B:   
                5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
                bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
                60:4b
            Generator (uncompressed):
                04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
                40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
                98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
                7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
                68:37:bf:51:f5
            Order: 
                00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
                ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
                63:25:51
            Cofactor:  1 (0x1)
    X509v3 extensions:
        X509v3 Certificate Policies: critical
            Policy: 1.3.5.1.4.1.41779.1.1

        X509v3 Key Usage: critical
            Digital Signature
Signature Algorithm: ecdsa-with-SHA256
     30:45:02:20:7f:6d:1c:25:ec:26:73:d9:07:ae:87:37:5a:02:
     db:00:aa:6f:a8:ec:db:a4:44:73:7a:3b:ba:05:ee:09:f1:5c:
     02:21:00:ed:c8:57:cb:07:a0:54:2c:84:90:f3:59:be:3d:ec:
     2c:63:fd:be:f9:92:3d:9a:15:0a:e1:87:97:9a:7a:73:d5

以下是用于生成密钥的代码：

     var keys = GenerateEcKeyPair("secp256r1");
        AsymmetricKeyParameter privateKey = keys.Private;

        var signatureFactory = new Asn1SignatureFactory(
            X9ObjectIdentifiers.ECDsaWithSha256.ToString(),
            privateKey);

...key方法

        static AsymmetricCipherKeyPair GenerateEcKeyPair(string curve = "secp256r1")
    {
        
        var prime256v1OID = SecObjectIdentifiers.SecP256r1;
        X9ECParameters ecParam = SecNamedCurves.GetByOid(prime256v1OID);

        //ECDomainParameters ecDomain = new ECDomainParameters(ecParam.Curve, ecParam.G, ecParam.N);
        ECDomainParameters ecDomain= new ECDomainParameters(ecParam.Curve, ecParam.G, ecParam.N, ecParam.H, ecParam.GetSeed());
        ECKeyGenerationParameters keygenParam = new ECKeyGenerationParameters(ecDomain, _SecureRandom);

        ECKeyPairGenerator keyGenerator = new ECKeyPairGenerator("ECDSA");
        keyGenerator.Init(keygenParam);

        var keyPair = keyGenerator.GenerateKeyPair();

        var privateKey = keyPair.Private as ECPrivateKeyParameters;
        var publicKey = keyPair.Public as ECPublicKeyParameters;

        Console.WriteLine($"Private key: {BitConverter.ToString(privateKey.D.ToByteArrayUnsigned()).Replace(" - ", "")}");
        Console.WriteLine($"Public key: {BitConverter.ToString(publicKey.Q.GetEncoded()).Replace(" - ", "")}");

        return keyPair;
    }

^不确定ECDomainParameters ecDomain= ...要使用哪个构造函数？

..。然后是证书：

Org.BouncyCastle.X509.X509Certificate newCert = gen.Generate(signatureFactory);

如何获得类似以下内容的输出：

Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub:
                04:64:d5:81:e2:60:68:b7:64:58:ba:87:8c:ec:0b:
                3d:8c:3c:d0:e3:0f:27:72:18:e1:69:bc:6a:27:c6:
                14:ec:86:93:3c:ed:6d:b0:4d:f9:da:38:f1:7c:e0:
                79:60:13:ec:ec:d0:84:7b:47:52:39:45:7a:65:25:
                98:ea:64:90:ff
            ASN1 OID: prime256v1
            NIST CURVE: P-256
    X509v3 extensions:

不包含任何“额外”内容(生成器、质数a、b等)，并且包含以下字段：

ASN1 OID: prime256v1
NIST CURVE: P-256

Answer 1

结果我不知道我在做什么(如果这不是显而易见的话)……为ECKeyPairGenerator创建ECKeyGenerationParameters实例可以像这样简单地完成(不确定是否正确，但它可以工作，并且我的要求不需要超级安全性)：

static AsymmetricCipherKeyPair GenerateEcKeyPair(string curve = "secp256r1")
    {

        DerObjectIdentifier ecParam = SecObjectIdentifiers.SecP256r1;
        ECKeyPairGenerator keyGenerator = new ECKeyPairGenerator();
        keyGenerator.Init(new ECKeyGenerationParameters(ecParam, new
        SecureRandom()));

        var keyPair = keyGenerator.GenerateKeyPair();

        var privateKey = keyPair.Private as ECPrivateKeyParameters;
        var publicKey = keyPair.Public as ECPublicKeyParameters;

        Console.WriteLine($"Private key: {BitConverter.ToString(privateKey.D.ToByteArrayUnsigned()).Replace(" - ", "")}");
        Console.WriteLine($"Public key: {BitConverter.ToString(publicKey.Q.GetEncoded()).Replace(" - ", "")}");

        return keyPair;
    }

x509输出：

 Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub:
                04:33:d4:49:7f:e2:b1:4f:65:8f:dd:70:dc:4d:55:
                36:d7:ea:55:78:61:39:8e:88:93:70:b6:bd:2b:2d:
                38:62:bd:8a:83:f1:c4:9e:c8:6c:83:48:09:c7:a3:
                8c:fa:52:d5:d1:46:7f:db:58:11:f8:b0:88:51:50:
                61:d0:32:91:5e
            ASN1 OID: prime256v1
            NIST CURVE: P-256