问题描述
我想从后端(Java)使用我的 EC 私钥和公钥创建 secretKey(对称密钥) 并使用该密钥解密消息。如何实现这一目标?这是实现:
这是后端创建共享密钥的方式:
KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH","BC");
keyAgreement.init(privateKey);
keyAgreement.doPhase(publicKey,true);
return keyAgreement.generateSecret("AES");
iOS 创建 sharedSecret->SymmetricKey 的方式 不确定这是否正确,因为将 secretKeys 与后端我的密钥进行比较是不同的(根据 ECDH 的定义应该是相同的)
let serverPubKey = try P256.KeyAgreement.PublicKey(pemRepresentation: serverPublicKeyPEM)
let shared = try privateKey.sharedSecretFromKeyAgreement(with: serverPubKey)
let symetricKey = shared.hkdfDerivedSymmetricKey(using: SHA256.self,salt: "".data(using: .utf8)!,sharedInfo: Data(),outputByteCount: 32)
这里是后端加密的方式
byte[] plain = Base64.getEncoder().encodetoString(plainString.getBytes(StandardCharsets.UTF_8)).getBytes();
SecretKey key = generateSharedSecret(decodePrivateKey(sessionKey),decodePublicKey( devicePublicKey));
Cipher encryptor = Cipher.getInstance("AES/CTR/nopadding",BouncyCastleProvider.PROVIDER_NAME);
IvParameterSpec ivSpec = new IvParameterSpec(INITIALIZATION_VECTOR);
encryptor.init(Cipher.ENCRYPT_MODE,key,ivSpec);
return Base64.getEncoder().encodetoString(encryptor.doFinal(plain,plain.length));
这是 iOS 尝试解密的方式
guard let payloadData = Data(base64Encoded: payload) else { return }
do {
//I kNow that sealedBox is wrong,should be just Box? I'm not sure of this step
let sealedBox = try AES.GCM.SealedBox(combined: payloadData)
let decrypted = try AES.GCM.open(sealedBox,using: symmetricKey)
//here I'm getting authenticationFailure
} catch {
print("error: \(error)")
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)