如何获取用于哈希的公钥值(PyKCS11)
[英]How to get value of public key for hashing (PyKCS11)
问题描述
While using PyKCS11, I extracted a public key from a smartcard. 
在使用PyKCS11时,我从智能卡中提取了一个公钥。 Now, I need to hash that key with sha256. 现在,我需要使用sha256对该密钥进行哈希处理。 However, the public key object contains a lot of values: 但是,公钥对象包含许多值:
CKA_ALWAYS_SENSITIVE: True
CKA_CLASS: CKO_PUBLIC_KEY
CKA_DECRYPT: False
CKA_DERIVE: False
CKA_ENCRYPT: False
(...)
CKA_KEY_TYPE: CKK_RSA
CKA_MODIFIABLE: False
CKA_MODULUS: (200, 163, 157, 146, 3, (...))
To hash the key (using hashlib) it is required only one of the attributes (it doesn't accept iterables). 要散列密钥(使用hashlib),只需要其中一个属性(它不接受可迭代对象)。
What attribute should I use? 我应该使用什么属性? I was thinking about CK_VALUE or CK_MODULUS, but the documentation on PyKCS11 doesn't make it very clear which one is correct. 我在考虑CK_VALUE或CK_MODULUS,但是PyKCS11上的文档并不清楚哪个是正确的。
Thanks 谢谢
1 个解决方案
解决方案1
1 2018-01-27 17:26:56
What you need to hash depends on what you require. 您需要散列的内容取决于您的要求。
Generally the modulus is hashed, not the encoding of the entire key. 通常,模数是散列的,而不是整个密钥的编码。 Hashing the modulus will result in the same value for both the public and private key so that you can identify both as being from the same pair. 散列模数将导致公用密钥和专用密钥的值相同,以便您可以将它们标识为来自同一对。 The result or the leftmost bytes of the result are often used as key check value or KCV. 结果或结果的最左边的字节通常用作键校验值或KCV。
The modulus should be unique for each key pair. 每个密钥对的模数应该唯一。 If it isn't your random number generator is likely broken or not well seeded (it can't hurt to check this if you generate multiple keys). 如果不是,则您的随机数生成器可能已损坏或种子设定不正确(如果您生成多个密钥,则对此进行检查不会很麻烦)。 So a hash over the modulus will uniquely identify your public key, even if the exponent wasn't hashed. 因此,即使未对指数进行哈希计算,模数上的哈希也将唯一地标识您的公钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.