我正在尝试使用最新的节点映像(节点版本:v13.10.1)在 Docker 容器中运行的 Python 3.6 客户端和节点服务器之间进行 DH 密钥交换。
我在 python 客户端使用cryptography.io (2.9.2) 库。客户端生成 DH 密钥并将十六进制编码的公钥发送到服务器。这是代码片段:
MODP15_HEX_PRIME = "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a93ad2caffffffffffffffff"
...
def generate_DH_key():
# MODP 15 -> generator=2, key_size=3072 https://www.rfc-editor.org/rfc/rfc3526.txt
dh_parameters = dh.DHParameterNumbers(p=int(MODP15_HEX_PRIME, 16), g=2).parameters(backend=default_backend())
client_private_dh_key = dh_parameters.generate_private_key()
return client_private_dh_key
def send_signed_dh_key(client_public_dh_key):
dh_key_bytes = client_public_dh_key.public_bytes(encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)
response = requests.post(CRYPTO_ORACLE_URL, headers=CRYPTO_ORACLE_HEADERS,
data=json.dumps({'key': dh_key_bytes.hex()))
if response.status_code != 200:
print('Something went wrong sending client signed DH: ' + response.reason)
exit(-1)
服务器使用加密库根据收到的 DH 密钥计算秘密。这是代码片段:
const generateSecret=(clientDHPublic)=>{
...
serverDH = crypto.getDiffieHellman("modp15");
serverDH.generateKeys();
console.log("server DH public:") …