堆栈内存溢出
  简体   繁体   English

Android Pay:生成公钥和私钥对(带有NISTP-256的椭圆曲线)

[英]Android Pay: Public, Private Key Pair generation (Elliptic Curve with NISTP-256)

 原文  2016-03-30 21:35:44       java/ android/ android-pay

问题描述

Android Pay Issue Android Pay问题

In Android Pay the process to generate a token from a credit card is as follows: 在Android Pay中,从信用卡生成令牌的过程如下:

Generate a public and private key (the calls below return the keys using an Elliptic Curve with NISTP-256 algorithm) 生成公钥和私钥(下面的调用使用带有NISTP-256算法的椭圆曲线返回密钥)

To do this I call ... 为此,我打电话给... 

public static KeyPair generateKeyPair() {
  KeyPair pair =null;
  try {
    ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("prime256v1");
    java.security.KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
    g.initialize(ecGenSpec, new SecureRandom());
    pair = g.generateKeyPair();
    pair.getPrivate();
    pair.getPublic();
  }catch (Throwable e ){
    e.printStackTrace();
  }
  return pair;
}

… This successfully returns the public and private key, but I am not sure what the format/encoding of the keys is in. I could not find any documentation on this. …这成功返回了公钥和私钥,但是我不确定密钥的格式/编码是什么。在此上找不到任何文档。

Question 1: Is this the right way to generate a public and private key for Android Pay? 问题1:这是为Android Pay生成公钥和私钥的正确方法吗?

Pass the public key in base64 encoded format to the Android Pay createMaskedWalletRequet method (details of this are in the Android Pay documentation) 将以base64编码格式的公钥传递给Android Pay createMaskedWalletRequet方法(其详细信息在Android Pay文档中) 

String publicKey = String (Base64.encodeBase64(pair.getPublic().getEncoded()));

PaymentMethodTokenizationParameters parameters = PaymentMethodTokenizationParameters.newBuilder().setPaymentMethodTokenizationType(PaymentMethodTokenizationType.NETWORK_TOKEN).addParameter("publicKey", publicKey).build();

Here I get the following exception: 在这里,我得到以下异常:

03-30 17:02:06.459 3786-15263/? 03-30 17:02:06.459 3786-15263 /? E/WalletClient: Error validating MaskedWalletRequest.paymentMethodTokenizationParameters: first byte of parameter "publicKey" must be 0x04 (which indicates uncompressed point format) E / WalletClient:验证MaskedWalletRequest.paymentMethodTokenizationParameters时出错:参数“ publicKey”的第一个字节必须为0x04(指示未压缩的点格式)

Question 2: Can you please help me understand what I am doing wrong. 问题2:能否请您帮助我了解我在做什么错。 I think this may be related to a format mismatch, but not sure, and not sure how to fix it. 我认为这可能与格式不匹配有关,但不确定,也不确定如何解决。

Appreciate your help!! 感谢你的帮助!!

2 个解决方案

解决方案1
 5  2016-04-07 09:32:03

Answer 1: 答案1:

According to Android Pay document you can generate public key by OpenSSL like this: https://developers.google.com/android-pay/integration/gateway-processor-integration#example-using-openssl-to-generate-and-format-a-public-key enter link description here 根据Android Pay文档,您可以像这样通过OpenSSL生成公钥: https : //developers.google.com/android-pay/integration/gateway-processor-integration#example-using-openssl-to-generate-and-format -a-public-key 在此处输入链接描述

Then generate private key use 然后生成私钥使用 

openssl pkcs8 -topk8 -inform PEM -outform PEM -in merchant-key.pem -nocrypt

Or you can use a shell script file.(example: genkey.sh in Android pay quickstart ) 或者,您可以使用Shell脚本文件。(例如: Android pay的quickstart中的 genkey.sh)
Use the following code(copy code to .sh file and double click) you can get private key. 使用以下代码(将代码复制到.sh文件并双击),您可以获得私钥。 

#!/bin/bash

# Generate key.pem file:
openssl ecparam -name prime256v1 -genkey -noout -out key.pem

# Print public and private key in hex form:
openssl ec -in key.pem -text -noout

openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -nocrypt

sleep 2m

Then copy pub string in terminal and replace in this code then save this code to create .sh file again 然后在终端中复制pub字符串并替换为此代码,然后保存此代码以再次创建.sh文件 

#!/bin/bash

KEY="04:a9:9b:54:81:b0:67:0d:d3:50:84:e0:d4:d2:29:
    a5:3a:d6:5c:21:ae:5e:dd:58:75:f0:27:63:44:e8:
    a9:86:8d:cf:17:64:63:96:54:34:ed:16:37:c4:37:
    e6:b7:27:ad:06:af:b0:07:d1:b5:66:0a:2a:85:c0:
    71:9e:cc:39:54"

echo $KEY | xxd -r -p | base64
sleep 2m

Then get public key. 然后获取公钥。

Answer 2: You can test by these keys: 答案2:您可以通过以下按键进行测试:

Public Key: BKmbVIGwZw3TUITg1NIppTrWXCGuXt1YdfAnY0ToqYaNzxdkY5ZUNO0WN8Q35rcnrQavsAfRtWYKKoXAcZ7MOVQ= 公钥:BKmbVIGwZw3TUITg1NIppTrWXCGuXt1YdfAnY0ToqYaNzxdkY5ZUNO0WN8Q35rcnrQavsAfRtWYKKoXAcZ7MOVQ =

(This public key can pass as a string to MaskedWalletRequet directly) (此公钥可以作为字符串直接传递给MaskedWalletRequet)

Private Key: MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTA/wqrlbeVddorTlaT1AqhALrIBwS+DUdV3N1K1gImqhRANCAASpm1SBsGcN01CE4NTSKaU61lwhrl7dWHXwJ2NE6KmGjc8XZGOWVDTtFjfEN+a3J60Gr7AH0bVmCiqFwHGezDlU 私钥:MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTA / wqrlbeVddorTlaT1AqhALrIBwS + DUdV3N1K1gImqhRANCAASpm1SBsGcN01CE4NTSKaUiLhCA7PM7KJF7KJF1CJ7KJF1CJ7KJF1CJ7KJF1CJ7KJF1CJ7KJ2KJ1J1J

解决方案2
 0  2016-05-11 09:52:47

The problem is in generating the keys. 问题在于生成密钥。 I had faced a similar issue. 我曾经遇到过类似的问题。 To resolve this I'm calling shell commands from java code to generate keys. 为了解决这个问题,我从Java代码中调用Shell命令来生成密钥。 PFB. PFB。 

String pemPath = "/path for storing pem path";

//To generate pem file
executeSH("openssl ecparam -name prime256v1 -genkey -noout -out "+pemPath+"key.pem",true);

//To obtain publicKeyString from pem file
String publicKeyString = executeSH(new String[]{"/bin/sh", "-c", "openssl ec -in key.pem -pubout -text -noout | grep -A5 pub: | tail -5 | xxd -r -p | base64"},false);

//To obtain privateKeyString from pem file
String privateKeyString = executeSH("openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -nocrypt",false);
privateKeyString=privateKeyString.substring(27, 211);

//Deleteing PEM file
executeSH("rm "+ pemPath+"key.pem",false);

//executeSH function overload this function with commands[] parameter
private String executeSH(String command, boolean waitFor) throws IOException, InterruptedException {
        Process process = null;
        InputStream inputStream = null;
        InputStreamReader inputStreamReader = null;
        BufferedReader bufferedReader = null;
        String line,output="";
        try {
            Runtime runtime = Runtime.getRuntime();
            process = runtime.exec(command);
            inputStream = process.getInputStream();
            inputStreamReader = new InputStreamReader(inputStream);
            bufferedReader = new BufferedReader(inputStreamReader);

            while((line=bufferedReader.readLine())!=null){
                output += line;
            }
            if(waitFor){
                process.waitFor();
            }
            return output;
        } finally {
            if(bufferedReader!=null) bufferedReader.close();
            if(inputStreamReader!=null) inputStreamReader.close();
            if(inputStream!=null) inputStream.close();
            if(process!=null) process.destroy();
        }
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Android上使用椭圆曲线键对 - Using Elliptic Curve Key Pair on Android 公钥生成和签名计算的椭圆曲线是否相同? - Should elliptic curve for public key generation and signature computation be the same? 存储/检索椭圆曲线加密 (ECC) 公钥和私钥 - Store/Retrieve Elliptic Curve Cryptography (ECC) public key and private key 椭圆曲线密码学 (ECDSA) 私钥匹配公钥 (Java - Bouncy Castle) - Elliptic Curve Cryptography (ECDSA) Private Key Matches Public Key (Java - Bouncy Castle) 使用给定私钥在椭圆曲线算法中生成公钥的代码 - Codes to generate a public key in an elliptic curve algorithm using a given private key Java中的椭圆曲线私钥长度 - Elliptic Curve Private Key Length in Java 使用 openssh 公钥 (ecdsa-sha2-nistp256) 和 Java 安全 - Using openssh public key (ecdsa-sha2-nistp256) with Java Security 从曲线 secp256k1 的原生 Java 中的私钥字符串派生 EC 公钥 - Derive EC public key from private key string in native Java for curve secp256k1 从证书的给定公钥生成 AsymmetricCipherKeyPair 椭圆曲线 - Generate AsymmetricCipherKeyPair elliptic curve from a given public key of a ceritificate 使用 BouncyCastle 从文件中读取椭圆曲线私钥 - Reading elliptic curve private key from file with BouncyCastle
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM