在 Java 中,我有一个以字节数组形式发送的 ECDH 公钥。
收到字节数组后,如何将其转回公钥?
我正在使用 Bouncy Castle,但 Java 解决方案同样有用。
谢谢
【问题讨论】:
标签: java encryption bouncycastle elliptic-curve
ECDH 密钥的原始字节是如何格式化的?你从哪里得到原始字节?
通常,使用适当的 *Spec 类将原始密钥材料转换为 Key,但 ECPublicKeySpec 和 DHPublicKeySpec 类不接受原始字节数组。
【讨论】:
当您获得编码密钥后,假设您使用了默认的“[your keyPair].getPublic().getEncoded()”方法,这将起作用。
X509EncodedKeySpec ks = new X509EncodedKeySpec(pubKeyByteString.toByteArray());
KeyFactory kf;
try {
kf = java.security.KeyFactory.getInstance("ECDH");
} catch (NoSuchAlgorithmException e) {
log.error("Cryptography error: could not initialize ECDH keyfactory!", e);
return;
}
ECPublicKey remotePublicKey;
try {
remotePublicKey = (ECPublicKey)kf.generatePublic(ks);
} catch (InvalidKeySpecException e) {
log.warn("Received invalid key specification from client",e);
return;
} catch (ClassCastException e) {
log.warn("Received valid X.509 key from client but it was not EC Public Key material",e);
return;
}
【讨论】:
我发现@LaceCard 的上述解决方案对我不起作用。一般来说,这并不明显,但密码学中也没有什么是;)
String key = "MihU9ztW9sEvkBL6BxyaOMgkSbodNS8yoHaHcio+WE...blahblah"
byte[] keyBytes = Base64.decode(key);
//If using Android and Spongycastle provider should be "SC"
KeyFactory kf = KeyFactory.getInstance("ECDH", "BC");
//CURVE_NAME e.g prime192v1
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE_NAME);
ECPoint point = ecSpec.getCurve().decodePoint(keyBytes);
ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, ecSpec);
ECPublicKey myECPublicKey = (ECPublicKey) kf.generatePublic(pubSpec);
注意:您需要适当地处理潜在的异常
【讨论】: