使用加密模块从 node.js 中的 Curve25519(或 X25519)非对称密钥对生成共享密钥
[英]Generate shared secret key from Curve25519 (or X25519) asymmetric key pairs in node.js using crypto module
问题描述
I am trying to create a shared secret key between Curve25519 (or X25519) asymmetric key pairs using key exchange algorithms just like Diffie Hellman key exchange .
我正在尝试使用密钥交换算法在Curve25519(或 X25519)非对称密钥对之间创建共享密钥,就像Diffie Hellman key exchange一样。 Diffie Hellman key exchange can be be done in node.js using crypto module in the following code : Diffie Hellman密钥交换可以在 node.js 中使用以下代码中的加密模块完成:
const crypto = require('crypto');
// Generate Alice's keys...
const alice = crypto.createDiffieHellman(2048);
const aliceKey = alice.generateKeys(); // Returns public key
// Generate Bob's keys...
const bob = crypto.createDiffieHellman(alice.getPrime(), alice.getGenerator());
const bobKey = bob.generateKeys(); // Returns public key
// Exchange and generate the secret...
const aliceSecret = alice.computeSecret(bobKey);
const bobSecret = bob.computeSecret(aliceKey);
// Should be equal
console.log(aliceSecret === bobSecret)
X25519 asymmetric keys can be generated using the following code :可以使用以下代码生成X25519 非对称密钥:
const crypto = require('crypto');
const { publicKey, privateKey } = crypto.generateKeyPairSync('x25519', {
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem',
}
});
The keys are generated without any issue but I don't know how to generate a shared secret key.生成的密钥没有任何问题,但我不知道如何生成共享密钥。 I tried converting X25519 keys to Diffie Hellman keys using the folowing code:我尝试使用以下代码将 X25519 密钥转换为Diffie Hellman密钥:
...
const dhKey= crypto.createDiffieHellman(2048);
// privateKey => Generated in the above code
dhKey.setPrivateKey(privateKey)
// publicKey => Generated in the above code
dhKey.setPublicKey(publicKey)
...
When using the above code when two dhKey are generated and key exchange is performed, it is giving the following error:在生成两个 dhKey 并执行密钥交换时使用上述代码时,会出现以下错误:
Error: Supplied key is too large
Is there any way the shared secret can be generated?有什么方法可以生成共享秘密? Thanks in advance.提前致谢。
1 个解决方案
解决方案1
3 已采纳 2020-05-20 13:36:09
The documentation for this sub API is unfortunately a little thin.不幸的是,这个子 API 的文档有点薄。 I cobbled together an example but without better documentation I'm not sure it's useful.我拼凑了一个示例,但没有更好的文档,我不确定它是否有用。
const crypto = require('crypto');
const aliceKeyPair = crypto.generateKeyPairSync('x25519');
const alicePubExport = aliceKeyPair.publicKey.export(
{type: 'spki', format: 'pem'}
);
const bobKeyPair = crypto.generateKeyPairSync('x25519');
const bobPubExport = bobKeyPair.publicKey.export(
{type: 'spki', format: 'pem'}
);
const bobKeyAgree = crypto.diffieHellman({
publicKey : crypto.createPublicKey(alicePubExport),
privateKey: bobKeyPair.privateKey
});
const aliceKeyAgree = crypto.diffieHellman({
publicKey : crypto.createPublicKey(bobPubExport),
privateKey: aliceKeyPair.privateKey
});
console.log(bobKeyAgree.toString('hex'));
console.log(aliceKeyAgree.toString('hex'));
This is missing authentication and therefore is not secure without adding that piece.这缺少身份验证,因此如果不添加该部分是不安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.