从Python中加载Hex的公共密钥(DER格式)
我有一个公共密钥原始数据(它是从机器可读文档的NFC芯片中提取的。
下图显示了使用Python的加密库的加载实现。
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_der_public_key
_pub_key="6F81E03081DD300...."
pub_key_bytes = bytes.fromhex(_pub_key)
print(pub_key_bytes)
load_der_public_key(data = pub_key_bytes,backend=default_backend())
引发错误;
ValueError: Could not deserialize key data.
与此相对应(在他们的
Raised when an operation or function receives an argument that has the right type but an inappropriate value, and the situation is not described by a more precise exception such as IndexError
也 我知道公共密钥的格式是正确的(至少在开始时),因为第一个字节为0/,这是DER格式所需的魔术字节。
我也知道公钥长454个字符,而RSA公共键的长度为256个字节(等于512个十六进制字符。)
尝试添加正确的填充物以将密钥完成为512个字符,为:
_pub_key = _pub_key+f"{'0'*(512-len(_pub_key))}"
我 还导致相同的错误。
PS:我知道密钥是有效的,因为在成功完成微处理器中的身份验证(符号 +验证)中。
I have a public key raw data (Which is extracted from NFC Chip of a machine readable travelling document.) However I want to execute the active authentication on cloud as well as the internal IC chip.
The snippet below shows the loading implementation with python's cryptography library.
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_der_public_key
_pub_key="6F81E03081DD300...."
pub_key_bytes = bytes.fromhex(_pub_key)
print(pub_key_bytes)
load_der_public_key(data = pub_key_bytes,backend=default_backend())
Which throws the error;
ValueError: Could not deserialize key data.
Which corresponds to this (in their documentation.)
Raised when an operation or function receives an argument that has the right type but an inappropriate value, and the situation is not described by a more precise exception such as IndexError
Also;
I know the public key is in the correct format (at least on the beginning) since first byte is 0/, which is the required magic byte for DER formats.
I'm also aware of public key being 454 characters long, whereas RSA public keys have 256 bytes in length, (Which is equal to 512 hex characters.)
I tried adding right padding in order to complete the key to 512 characters as:
_pub_key = _pub_key+f"{'0'*(512-len(_pub_key))}"
Which also resulted in the same error.
PS: I know the key is valid because in successfully completes the authentication (sign + verify) in the microprocessor.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您必须删除数据的前三个字节,即0x6f81e0。其余的,即0x3081dd ... 010001是实际键(der编码,x.509/spki格式,1536位)。您可以使用ASN.1解析器进行检查,例如 https://lapo.it/asn1js/ 。
为了完整性:RSA密钥的大小对应于模量的大小。出于安全原因,今天的RSA键应至少为2048位。除模量外,RSA密钥还具有其他参数,例如公共密钥公共指数。
RSA键可以以不同的格式封装,例如,已发布的密钥是ASN.1/der编码的公共密钥x中.509/spki格式。由于具有附加参数和格式依赖性元数据,因此这样的键大于模量的大小。
ASN.1/der编码的密钥通常不以0x00开头。但是,ASN.1/der编码规则可能会导致数据中发生的0x00值(当然,关键参数本身也可以包含0x00值)。
You have to remove the first three bytes of the data i.e. 0x6F81E0. The rest, i.e. 0x3081DD...010001 is the actual key (DER encoded, X.509/SPKI format, 1536 bits). You can check this with an ASN.1 parser, e.g. https://lapo.it/asn1js/.
For completeness: The size of an RSA key corresponds to the size of the modulus. For security reasons, RSA keys today should be at least 2048 bits in size. In addition to the modulus, an RSA key has other parameters, e.g. for a public key the public exponent.
RSA keys can be encapsulated in different formats, e.g. the posted key is an ASN.1/DER encoded public key in X.509/SPKI format. Such a key is larger than the size of the modulus because of the additional parameters and the format-dependent metadata.
ASN.1/DER encoded keys generally do not start with 0x00. However, the ASN.1/DER encoding rules can result in 0x00 values occurring within the data (of course, the key parameters themselves can also contain 0x00 values).