简体繁体 English

从 JavaCard 中的私钥计算 ECC 公钥

[英]Computing ECC public key from a private key in JavaCard

原文 2017-07-11 03:05:26 9 1 smartcard/ javacard/ elliptic-curve

With Java Card APIs, which "support" Elliptic curves, how do I compute a public key given a known secret key.使用“支持”椭圆曲线的 Java Card API，我如何在给定已知密钥的情况下计算公钥。

Following a DH shared secret negotiation I'm interested in deriving common shared keys.在 DH 共享秘密协商之后，我对派生公共共享密钥很感兴趣。 According to TR-03111 and X9.63 the shared secret from the DH ECC key agreement should not be used but, according to my understanding, the affine representation of the x-coordinate (The x component of the public key associated with the shared secret as a private key) is to be used.根据 TR-03111 和 X9.63，不应使用 DH ECC 密钥协议的共享秘密，但根据我的理解，x 坐标的仿射表示（与共享秘密相关联的公钥的 x 分量作为私钥）将被使用。

With BigInteger arithmetic or ECPoint.multiply() this easy, but no such APIs exist in Java Card.使用 BigInteger 算术或 ECPoint.multiply() 这很容易，但 Java Card 中不存在此类 API。

1 个解决方案

This multiplication isn't directly available for Java Card.此乘法不能直接用于 Java Card。 Basically Java Card hides low level operations for you.基本上 Java Card 为您隐藏了低级操作。

However, if you have a relatively new Java Card you may get away with this by using a KeyAgreement instance created using ALG_EC_SVDP_DH_PLAIN_XY .但是，如果您有一个相对较新的 Java Card，则可以通过使用ALG_EC_SVDP_DH_PLAIN_XY创建的KeyAgreement实例来解决这个问题。 What you can do is to create a ECPublicKey where the public key point is simply set to point G. This base point G is part of the domain parameters.您可以做的是创建一个ECPublicKey ，其中公钥点被简单地设置为点 G。这个基点 G 是域参数的一部分。 The private key should of course be set to your value.私钥当然应该设置为您的值。

Then all it comes down to is to perform a key agreement;然后归结为执行密钥协议； the result of the agreement will be the points X and Y of the public key.协议的结果将是公钥的 X 点和 Y 点。

Note that support of any algorithm constant depends on the card implementation.请注意，对任何算法常量的支持取决于卡的实现。 The constant will be there - if the implemented API is new enough - but the algorithm may not be implemented.常量将在那里 - 如果实现的 API 足够新 - 但算法可能不会实现。