我需要使用C#在ssh隧道中生成用于认证的密钥对。唯一的约束是应为Ed25519的密码。我能够生成有效的公钥,但not生成有效的私钥(或者可能只是格式)。我已经尝试过使用BouncyCastle和NSec库生成它们,但均未成功。
这是我的一些尝试:
#### NSec ####
var creationParameters = new KeyCreationParameters
{
ExportPolicy = KeyExportPolicies.AllowPlaintextArchiving
};
using (var key = Key.Create(SignatureAlgorithm.Ed25519, creationParameters))
{
var blob = key.Export(KeyBlobFormat.PkixPrivateKeyText);
result.PrivateKey = Convert.ToBase64String(blob);
blob = key.Export(KeyBlobFormat.PkixPublicKeyText);
result.PublicKey = string.Format("ssh-ed25519 {0} generated-key", Convert.ToBase64String(blob));
}
#### BouncyCastle ####
IAsymmetricCipherKeyPairGenerator gen;
KeyGenerationParameters param;
gen = new Ed25519KeyPairGenerator();
param = new Ed25519KeyGenerationParameters(new SecureRandom());
gen.Init(param);
AsymmetricCipherKeyPair pair = gen.GenerateKeyPair();
PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pair.Private);
result.PrivateKey = Convert.ToBase64String(pkInfo.GetDerEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pair.Public);
result.PublicKey = Convert.ToBase64String(info.GetDerEncoded());
更具体地说,我希望从cmd获得类似以下结果的结果:
ssh-keygen -t ed25519 -f ssh-ed25519-private-key.pem
生成公共密钥,如:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjTBKzEKElOtmjuYDaBsoF9UpsXUeLUmKuqiK86jv2A xxxxxx\xxxxxxx@xxxx
和私人喜欢:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAo0wSsxChJTrZo7mA2gbKBfVKbF1Hi1JirqoivOo79gAAAAKgLape6C2qX
ugAAAAtzc2gtZWQyNTUxOQAAACAo0wSsxChJTrZo7mA2gbKBfVKbF1Hi1JirqoivOo79gA
AAAECRX7SDurbmPZzRMqYwONep7gk4ZCFp1Uj6hTpVbGWi0CjTBKzEKElOtmjuYDaBsoF9
UpsXUeLUmKuqiK86jv2AAAAAJWNnLWNvbnRyb2xzLXJkXGFtZW5lZ2F0QFcwNTItQU1lbm
VnYXQ=
-----END OPENSSH PRIVATE KEY-----
谢谢,安德里亚
我能够生成有效的公共密钥,但不能生成有效的私有密钥(或者可能仅是格式)。
这没有道理。
公钥实际上是大小为y^2 = x^3 + 486662*x^2 + x的有限域上由57896044618658097711785492504343953926634992332820282019728792003956564819949定义的椭圆曲线上的point(X,Y坐标)
只能通过生成器点G (9 , 14781619447589544791020593568409986887264606134616475288964881837755586237401)的标量乘法来获得公钥>
大量。因此,私钥实际上只是一个256位整数,一个数字。
以最原始的形式,私钥是256位随机值,上面的OpenSSH格式是base64编码的值,包括其他组件,例如:
"openssh-key-v1"0x00 # NULL-terminated "Auth Magic" string 32-bit length, "none" # ciphername length and string 32-bit length, "none" # kdfname length and string 32-bit length, nil # kdf (0 length, no kdf) 32-bit 0x01 # number of keys, hard-coded to 1 (no length) 32-bit length, sshpub # public key in ssh format 32-bit length, keytype 32-bit length, pub0 32-bit length, pub1 32-bit length for rnd+prv+comment+pad 64-bit dummy checksum? # a random 32-bit int, repeated 32-bit length, keytype # the private key (including public) 32-bit length, pub0 # Public Key parts 32-bit length, pub1 32-bit length, prv0 # Private Key parts ... # (number varies by type) 32-bit length, comment # comment string padding bytes 0x010203 # pad to blocksize[我强烈建议您将switch设置为
libsodium,这是与curve25519交互的标准,或者是[Twisted Edwards]签名重点变体ed25519。