java EC客户端和服务器共享密钥不匹配（可能是由于生成服务器shs时客户端发布密钥的格式不正确）

1 周，5 日 Questions & Answers 638

我试图使用EC命名曲线生成共享机密，并发现客户端与服务器共享机密不匹配

安全。addProvider（新org.bouncycastle.jce.provider.BouncyCastleProvider（））

//客户端

    KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC");  
    ECGenParameterSpec ecGenParameterSpec = new ECGenParameterSpec(ecCurveName);  
    kpg.initialize(ecGenParameterSpec, new SecureRandom());  
    ECPublicKey ephemeralPublicKey = (ECPublicKey) kpg.generateKeyPair().getPublic();  
    ECPrivateKey clientEphemeralPrivateKey =(ECPrivateKey) kpg.generateKeyPair().getPrivate();  

    BigInteger  pointx = ephemeralPublicKey.getW().getAffineX();  
    BigInteger  pointy = ephemeralPublicKey.getW().getAffineY();  
    String eCClientEphemeralPublicKeyString = ("04"+pointx.toString(16)+pointy.toString(16)).toUpperCase();  

    byte[] remoteECCPkBytes = DatatypeConverter.parseBase64Binary(remoteECCPkBase64);  

    KeyFactory keyFactory= KeyFactory.getInstance("EC","BC");  
    X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(remoteECCPkBytes);  
    PublicKey serverECCPublicKey = keyFactory.generatePublic(pkSpec);  

    KeyAgreement ka = KeyAgreement.getInstance("ECDH","BC");  
    ka.init(clientEphemeralPrivateKey);  
    ka.doPhase(serverECCPublicKey, true);  
    SecretKey agreedKey = ka.generateSecret("AES[256]");  
    byte[] sharedSecret  = agreedKey.getEncoded();

//服务器

    String clientEphemeralPKBase64  = java.util.Base64.getEncoder().encodeToString(new BigInteger(eCClientEphemeralPublicKeyString, 16).toByteArray());  
    byte[] clientECPublicKeybytes = DatatypeConverter.parseBase64Binary(clientEphemeralPKBase64);  



    ECParameterSpec ecParameterSpec = ECNamedCurveTable.getParameterSpec(ecCurveName);  
    ECCurve curve = ecParameterSpec.getCurve();  
    ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(curve.decodePoint(clientECPublicKeybytes), ecParameterSpec);  
    KeyFactory kf = KeyFactory.getInstance("EC","BC");  
    ECPublicKey ecClientPublicKey = (ECPublicKey)kf.generatePublic(pubKeySpec);  

    PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.decodeBase64(serverprivateKeyBase64));  
    PrivateKey ecServerPrivateKey = kf.generatePrivate(privateKeySpec);  


    KeyAgreement ka = KeyAgreement.getInstance("ECDH","BC");  
    ka.init(ecServerPrivateKey);  
    ka.doPhase(ecClientPublicKey, true);  
    SecretKey agreedKey = ka.generateSecret("AES[256]");  
    byte[] sharedSecret  = agreedKey.getEncoded();

KeyPair clientEphemeralKeyPair = kpg.generateKeyPair(); ECPublicKey clientEphemeralPublicKey = (ECPublicKey) clientEphemeralKeyPair.getPublic(); ECPrivateKey clientEphemeralPrivateKey = (ECPrivateKey) clientEphemeralKeyPair.getPrivate();

共 (1) 个答案

# 1 楼答案

这当然是致命的：

ECPublicKey ephemeralPublicKey = (ECPublicKey) kpg.generateKeyPair().getPublic();  
ECPrivateKey clientEphemeralPrivateKey =(ECPrivateKey) kpg.generateKeyPair().getPrivate();

如果调用generateKeyPair两次，您的公钥和私钥将不是同一密钥对的一部分

您需要创建两个密钥对，一个用于服务器，一个用于客户端，然后通信公钥。创建公钥并立即丢弃私钥除了以迂回的方式检索域参数之外，没有任何用处

相反，你应该：

KeyPair clientEphemeralKeyPair = kpg.generateKeyPair(); ECPublicKey clientEphemeralPublicKey = (ECPublicKey) clientEphemeralKeyPair.getPublic(); ECPrivateKey clientEphemeralPrivateKey = (ECPrivateKey) clientEphemeralKeyPair.getPrivate();

Python中文网

有 Java 编程相关的问题?

java EC客户端和服务器共享密钥不匹配（可能是由于生成服务器shs时客户端发布密钥的格式不正确）

共 (1) 个答案

# 1 楼答案