如何在 C# 中加载私有 ecdsa 密钥 es256?
[英]How to load private ecdsa key es256 in c#?
问题描述
I've used following commands to generate private and public ES256 keys:
我使用以下命令生成私有和公共 ES256 密钥:
Create private key: openssl ecparam -genkey -name prime256v1 -noout -out private.pem
Create public key: openssl ec -in private.pem -pubout -out public.pem
Now I got following private key:现在我得到了以下私钥:
-----BEGIN EC PRIVATE KEY----- MHcCAQEEIFkxqdXoVAGSSc55u0muepwVRr3ARWzLMO0ywW7qhEeIoAoGCCqGSM49 AwEHoUQDQgAEFXuuZeDJN9dvjCwKy40/coi3NVto97qELhiRSObbhX3mUSvxpPeK fVv3/fVCjt9CeGuwYvkQPHmRfx0EFjAI8A== -----END EC PRIVATE KEY-----
And following public key:以及以下公钥:
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFXuuZeDJN9dvjCwKy40/coi3NVto 97qELhiRSObbhX3mUSvxpPeKfVv3/fVCjt9CeGuwYvkQPHmRfx0EFjAI8A== -----END PUBLIC KEY-----
I want to load these keys into ecdsa instance in c#.我想将这些密钥加载到 c# 中的 ecdsa 实例中。 I do that with following code:我使用以下代码执行此操作:
public ECDsaSecurityKey LoadPrivateKey()
{
byte[] privateKey = Convert.FromBase64String(PRIVATE_KEY);
try
{
ECDsa? privateKeyEcDsa = ECDsa.Create();
if (privateKeyEcDsa == null)
{
throw new CryptographicException(message: "Key not created");
}
privateKeyEcDsa.ImportPkcs8PrivateKey(source: privateKey, bytesRead: out _);
return new ECDsaSecurityKey(privateKeyEcDsa);
}
catch (CryptographicException exception)
{
throw;
}
}
And public key:和公钥:
public ECDsaSecurityKey LoadPublicKey()
{
byte[] publicKey = Convert.FromBase64String(PUBLIC_KEY);
try
{
ECDsa? publicKeyEcDsa = ECDsa.Create();
if (publicKeyEcDsa == null)
{
throw new CryptographicException(message: "Key not created");
}
publicKeyEcDsa.ImportSubjectPublicKeyInfo(source: publicKey, bytesRead: out _);
return new ECDsaSecurityKey(publicKeyEcDsa);
}
catch (CryptographicException exception)
{
this._logger.LogError("Something went wrong while loading EcDsa public key: " + exception.Message);
throw;
}
}
When I run unit test, thing doesn't work, throws an error:当我运行单元测试时,事情不起作用,引发错误:
I am not sure why is this not working?我不确定为什么这不起作用? Is the openssl command generating correct keypair type? openssl 命令是否生成正确的密钥对类型?
EDIT: On this website when I select ES256 private key is different: https://kjur.github.io/jsjws/tool_jwt.html编辑:在这个网站上,当我选择 ES256 私钥是不同的: https ://kjur.github.io/jsjws/tool_jwt.html
Example:例子:
-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEbVzfPnZPxfAyxqE ZV05laAoJAl+/6Xt2O4mOB611sOhRANCAASgFTKjwJAAU95g++/vzKWHkzAVmNMI tB5vTjZOOIwnEb70MsWZFIyUFD1P9Gwstz4+akHX7vI8BH6hHmBmfeQl -----END PRIVATE KEY-----
And my private key generated with OpenSSL add two equals in the end:我用 OpenSSL 生成的私钥最后添加了两个相等:
-----BEGIN EC PRIVATE KEY----- MHcCAQEEIFkxqdXoVAGSSc55u0muepwVRr3ARWzLMO0ywW7qhEeIoAoGCCqGSM49 AwEHoUQDQgAEFXuuZeDJN9dvjCwKy40/coi3NVto97qELhiRSObbhX3mUSvxpPeK fVv3/fVCjt9CeGuwYvkQPHmRfx0EFjAI8A== -----END EC PRIVATE KEY-----
So I guess I am doing something wrong with open ssl.所以我想我在使用 open ssl 时做错了什么。
1 个解决方案
解决方案1
1 2020-11-20 17:48:21
The private key has the SEC1 format and not the PKCS#8 format, ie the import must be done via ImportECPrivateKey() .私钥具有 SEC1 格式而不是 PKCS#8 格式,即必须通过ImportECPrivateKey()完成导入。
The public key is an X.509/SPKI key, so ImportSubjectPublicKeyInfo() is correct.公钥是 X.509/SPKI 密钥,因此ImportSubjectPublicKeyInfo()是正确的。
Both methods expect a DER encoded key, ie without header and footer and Base64 decoded body.这两种方法都需要 DER 编码的密钥,即没有页眉和页脚以及 Base64 解码的正文。
If this is taken into account, the code works (at least on my machine).如果考虑到这一点,代码就可以工作(至少在我的机器上)。
The methods are available in .NET Core 3.x and .NET 5.0.这些方法在 .NET Core 3.x 和 .NET 5.0 中可用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.