代码之家  ›  专栏  ›  技术社区  ›  Steven Liekens

在不知道primes p或q的情况下从jwks创建RSA实例

  •  1
  • Steven Liekens  · 技术社区  · 6 年前

    我正在尝试创建 System.Security.Cryptography.RSA 来自包含一些RSA密钥的JSON Web密钥集(JWK),但只包括它们的模(N)、公共指数(E)和秘密指数(D),而不是密钥生成过程中使用的素数(P和Q)。

    这是包含私钥(当然是测试密钥)的JWK: https://belgianmobileid.github.io/slate/private_jwks.json

    using System.Linq;
    using System.Net;
    using System.Security.Cryptography;
    using Microsoft.IdentityModel.Tokens;
    
    class Program
    {
        static void Main(string[] args)
        {
            var jwks = new WebClient().DownloadString("https://belgianmobileid.github.io/slate/private_jwks.json");
            var webKeySet = JsonWebKeySet.Create(jwks);
    
            // signing key has kid "s1"
            var signingkey = webKeySet.Keys.Single(key => key.KeyId == "s1");
    
            // throws System.Security.Cryptography.CryptographicException:
            // 'The specified RSA parameters are not valid; both Exponent and Modulus are required fields.'
            var rsa = RSA.Create(
                new RSAParameters
                {
                    Modulus = Base64UrlEncoder.DecodeBytes(signingkey.N),
                    Exponent = Base64UrlEncoder.DecodeBytes(signingkey.E),
                    D = Base64UrlEncoder.DecodeBytes(signingkey.D),
                    P = null, // unknown
                    Q = null  // unknown
                });
        }
    }
    

    我当然不是密码专家,我只是想把JWK解析成我可以在代码中使用的东西。在不知道p或q的情况下,这是可能的吗?

    1 回复  |  直到 6 年前
        1
  •  1
  •   Spomky-Labs    6 年前

    p q 以及 dp , dq qi )不强制执行签名/加密操作。 但它们大大加快了计算过程(速度快了10倍以上)。

    您可以从 n , e d .

    您还将发现一个PHP实现 in this project .

    如果您安装了带有gmp和json扩展的php 7.1,可以尝试以下命令:

    curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar
    curl -OL https://github.com/web-token/jwt-app/raw/gh-pages/jose.phar.pubkey
    chmod +x jose.phar
    
    ./jose.phar key:optimize '{"kty":"RSA","d":"FVSxl…96w"}'
    

    例如,使用您指出的链接中的以下键:

    {"kty":"RSA","d":"FVSxlyJTtDwWxAkAIxexpZTaDd3EsiCTcjF9h5Ciu0fcZujvX7i-qC1Nhzxk5ScQ36j0vduDymsW4uTehJKmcIZAnw_oMtX9ikn85KiUGGVzoUu4TyaUGmoGmDGUIrqtKhXbhoFXmFrQrtMSjy-1V2J-I0nX7s-fqS3c2MPtmnPEMXkLpxHr2hStRiIQFIf3T7Dv4aX5-2o00JViEM-cXTQZJerkDjSgj7KhGP7EKnkTfV7sBAiuRnbtOFqrNNMjXpGWJQSPbof1_6oo3_R9Jw7TYTNMzIyXWDmpam_Zf_iPFltFRWTh9nUygCAvpnPXRgFkgJN2JuS6olrig hsq”,“e”:“aqab”,“use”:“sig”,“kid”:“s1”,“alg”:“rs256”,“n”:“pjadu0nyhcr9xirt42v6yqqaenabggo006hkw86wyjhpywuxuyx44mo8iqjkh5npkcadn90rh0joxyee1pes5c3lqntc0map6bwoqmhy8g4p2ejvyjcpazw0vp6e5kx847dbvhme8wy8wy8wywywwwwwwwwwwwwwwyv7v7r2w7r2k948zlmjjjjjjbjjjjj欷jcktbs_8nzlxdqo8gtstdhr_oubxyybjm66sua8kxwv6ng0zubniywxhiwlu938gdptnfumk78f78ipyfuopz2dtb6z7op7wzb06erv41i_ds0zh-skkhrpuyxrf6vroou96w“

    与素数相同的键将是:

    {"kty":"RSA","d":"FVSxlyJTtDwWxAkAIxexpZTaDd3EsiCTcjF9h5Ciu0fcZujvX7i-qC1Nhzxk5ScQ36j0vduDymsW4uTehJKmcIZAnw_oMtX9ikn85KiUGGVzoUu4TyaUGmoGmDGUIrqtKhXbhoFXmFrQrtMSjy-1V2J-I0nX7s-fqS3c2MPtmnPEMXkLpxHr2hStRiIQFIf3T7Dv4aX5-2o00JViEM-cXTQZJerkDjSgj7KhGP7EKnkTfV7sBAiuRnbtOFqrNNMjXpGWJQSPbof1_6oo3_R9Jw7TYTNMzIyXWDmpam_Zf_iPFltFRWTh9nUygCAvpnPXRgFkgJN2JuS6olrig hsq”,“e”:“aqab”,“use”:“sig”,“kid”:“s1”,“alg”:“rs256”,“n”:“pjadu0nyhcr9xirt42v6yqqaenabggo006hkw86wyjhpywuxuyx44mo8iqjkh5npkcadn90rh0joxyee1pes5c3lqntc0map6bwoqmhy8g4p2ejvyjcpazw0vp6e5kx847dbvhme8wy8wy8wywywwwwwwwwwwwwwwyv7v7r2w7r2k948zlmjjjjjjbjjjjj欷jcktbs_8nzlxdqo8gtstdhr_oubxyybjm66sua8kxwv6ng0zubniywxhiwlu938gdptnfumk78f78iPyfuoPz2dTb6Z7OP7WZb06eRv41i_dS0Zh-sKKHrpUYXRf6VrOoU96w","p":"yFRFPKiUCelQ2c-vfy_09Ckd3TnGWFExHoiG7lOoRDxIWZjHy5ApSZ1S5Hx8pLcmJltpn3ad5LcgVv1hHUmcfw4NuyY1mduC4HUNKb6sZWQZJKDss1mJFFmL3Yg026Sy-_cK2wp0AP2nMqZ3JT3Pm6PsLn6VqKFNqAZNbnp4wrM","q":"0ktANeYxLEB1uEDkSQgQ6pSppBnNMHishDZPjLNuy2AzfP5tP1sqsg0Xbyr1gtJX9mccz3BwpmQCNZiWWhmLepvERK1gEb97eEmqVK1RwbRU0_z4osZcxudZxhI3QdyTOXYfp3n0SuIb4W-MWy8X4yZsiRf7K1eCJm1THcSUU-k","dp":"XxhRvZewnnvY22xRPKkBOJ4EBS4Vz3rLPFlG4_9mUu3i0lVKEoGed8lsvfWyHWarf23JV98w2I9tlJ226fY1icKcFgjvTNf86pvl4bkXkRHRNagGdKS-A6D2WfT8Un9-T0lYJ95wbr_6DHsk99K9qH5J8VA5rtDTUj2bqCQPCy0","dq":"dzTM-0C3kxwfHwk53uRBopgO6cTueZGOSYv34Aw-u-6WgT5Ac2-cbj3ZkNzLOxM9ZaHhxP05_jgmwHb0k7JzTFdMFJorISRoZOZGW6LutsR6Od3UrberHx7R1UOwixCJBB-FroelWxC3BG74FX7R-U myakylzly-osxkhc-3pte“,“qi”,“qi”:“sosz”Zjimz6abac-u i8xjmvbq8w08nl1dhxjxjxjxjxjxxjjxxjxqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqJ8aumqay“