總市值:$00
API
TC
暗色
搜尋SSI/Mag7/Meme/ETF/幣種/指數/圖表/研報
00:00 / 00:00
查看
    市場
    指數
    資訊
    TokenBar®
    分析
    宏觀
    觀察列表
分享

JSON 與加密金鑰 — 天作之合

由AI翻譯
Prof Bill Buchanan OBE
3K字
2025年6月27日

JSON 與加密金鑰 — 天作之合

加密和簽署金鑰格式有多少種? 答案是 — 非常多。 為什麼? 嗯,現在我們可以使用 JSON 格式封裝加密金鑰,這提供了有關如何使用加密金鑰的額外資訊。

對於電腦來說,這些金鑰只是一堆 1 和 0,但對於人類來說,我們不太擅長解釋二進制。 兩種常見的格式是 DER(二進制)和 PEM (Base64)。 當解釋為十六進制時,DER 看起來像這樣 [here]:

PEM 格式的結構稍微多一些,帶有特殊的標頭和頁尾,並且中間帶有 Base64 文字:

這些檔案格式都沒有透露太多關於金鑰的詳細資訊,例如其識別碼、使用的加密類型等等。 因此,JSON 格式通常用於檢視金鑰,而 Google Tink 是一個檢視金鑰的好地方。 透過這種方式,我們可以定義一個對稱金鑰,並在其中提供金鑰和 ID,然後定義金鑰類型(因為我們可以使用一系列加密方法)。 在以下範例中,我們使用 AES GCM 金鑰:[link]

{
    "primaryKeyId": 1331912396,
    "key": [{
        "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
            "keyMaterialType": "SYMMETRIC",
            "value": "GhBpskWWTrE27e2w67X4TzfS"
        },
        "outputPrefixType": "TINK",
        "keyId": 1331912396,
        "status": "ENABLED"
    }]
}

金鑰是“GhBpskWWTrE27e2w67X4TzfS”。 十六進制格式為:

1A1069B245964EB136EDEDB0EBB5F84F37D2

它是 36 個十六進制字元,也就是 144 位元。 這為金鑰提供了 128 位元,並為某些參數提供了一些額外的位元。

對於 MAC(訊息驗證碼),我們使用共享密鑰,然後可以使用它來檢查訊息的簽名 [here]。 同樣,在這種情況下,我們正在產生一個 128-bit AES GCM 金鑰 [here]:

{
    "primaryKeyId": 1331912396,
    "key": [{
        "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
            "keyMaterialType": "SYMMETRIC",
            "value": "GhBpskWWTrE27e2w67X4TzfS"
        },
        "outputPrefixType": "TINK",
        "keyId": 1331912396,
        "status": "ENABLED"
    }]
}

在數位簽署中,我們使用金鑰對(公鑰和私鑰)。 私鑰用於簽署訊息,然後公鑰證明簽署者。 在這種情況下,我們在發送者端建立一個橢圓曲線金鑰對 [link]:

{
 “primaryKeyId”: 438545957,
 “key”: [{
 “keyData”: {
 “typeUrl”: “type.googleapis.com/google.crypto.tink.EcdsaPrivateKey”,
 “keyMaterialType”: “ASYMMETRIC_PRIVATE”,
 “value”: “Ek0SBggDEAIYAhohAP4v0pziVF9He/fn8BgApUHOu2Y1TkMcejrYC4U24M3xIiBAf0AIU72H5uVIP1S6ULGLaDf4td3/RIb4F58z2Md/khogJsuTDxaY/Q0CmENKlTQIOCXEZ+qvdAW0Rkvix6Wehl4=”
 },
 “outputPrefixType”: “TINK”,
 “keyId”: 438545957,
 “status”: “ENABLED”
 }]
}

然後,我們提取公鑰以證明簽名:

{
 “primaryKeyId”: 438545957,
 “key”: [{
 “keyData”: {
 “typeUrl”: “type.googleapis.com/google.crypto.tink.EcdsaPublicKey”,
 “keyMaterialType”: “ASYMMETRIC_PUBLIC”,
 “value”: “EgYIAxACGAIaIQD+L9Kc4lRfR3v35/AYAKVBzrtmNU5DHHo62AuFNuDN8SIgQH9ACFO9h+blSD9UulCxi2g3+LXd/0SG+BefM9jHf5I=”
 },
 “outputPrefixType”: “TINK”,
 “keyId”: 438545957,
 “status”: “ENABLED”
 }]
}

十六進制格式是 12060803100218021A2100FE2FD29CE2545F477BF7E7F01800A541CEBB66354E431C7A3AD80B8536E0CDF12220407F400853BD87E6E5483F54BA50B18B6837F8B5DDFF4486F8179F33D8C77F92,它是 154 個十六進制字元(616 位元 — 由一個 512-bit public key 和一些額外的位元組組成,用於定義金鑰的格式)。

在許多應用程式中,我們使用混合方法,其中我們可以使用金鑰對保護對稱金鑰。 在以下範例中,我們使用 ECIES 加密來保護我們建立的對稱金鑰,然後使用公鑰 [link]。 然後使用私鑰解密對稱金鑰:

{
 “primaryKeyId”: 1992984960,
 “key”: [{
 “keyData”: {
 “typeUrl”: “type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey”,
 “keyMaterialType”: “ASYMMETRIC_PUBLIC”,
 “value”: “EkQKBAgCEAMSOhI4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAEYARohAOaHVTjvjhpGaHv5mhuXz3Nc+Mb7RE5sMyAsv7YCB8UjIiAOaSLbqRE7ddVM14kWiNoPWB/U2MNluwLlAjw39zwAlw==”
 },
 “outputPrefixType”: “TINK”,
 “keyId”: 1992984960,
 “status”: “ENABLED”
 }]
}

有一種方法允許您使用其他資料(例如資料包的序列號或使用的 TCP 連接埠)驗證加密。 這被稱為帶有關聯資料的身份驗證加密 (AEAD),這是一個使用 AES-SIV 的金鑰範例 [here]:

{
    "primaryKeyId": 1428191678,
    "key": [{
        "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesSivKey",
            "keyMaterialType": "SYMMETRIC",
            "value": "EkAFkhmlhYkmClmpz/vGzojJVgA/IQIMSty7rL8TXxyu9m/W0ZtzCddmSLFj7r8V/R0CywJ89KxdMVzdR+GDQH2w"
        },
        "outputPrefixType": "TINK",
        "keyId": 1428191678,
        "status": "ENABLED"
    }]
}

所以,您可以在 JSON 中檢視您的加密金鑰。

幾乎所有您可以使用的金鑰

讓我們看看如何為 AES、DHKEM (Hybrid ML-KEM)、ECDSA、ECIES、Ed25519、HKDF、HMAC、JWT、RSA PKCS#1 v1.5、RSA PSS 和 XChaCha20 建立金鑰:

  • AES: AES128_EAX AES128_EAX_RAW AES128_GCM, AES128_GCM_HKDF_1MB AES128_GCM_HKDF_4KB AES128_GCM_RAW, AES256_CMAC AES256_CMAC_PRF AES256_CMAC_RAW, AES256_CTR_HMAC_SHA256 AES256_CTR_HMAC_SHA256_1MB, AES256_CTR_HMAC_SHA256_4KB AES256_CTR_HMAC_SHA256_RAW, AES256_EAX AES256_EAX_RAW AES256_GCM AES256_GCM_HKDF_1MB, AES256_GCM_HKDF_4KB AES256_GCM_RAW AES256_SIV, AES256_SIV_RAW AES_CMAC AES_CMAC_PRF CHACHA20_POLY1305 CHACHA20_POLY1305_RAW
  • DHKE: MDHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_128_GCM, DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW, DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_256_GCM, DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_128_GCM, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_128_GCM_RAW, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_256_GCM, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_256_GCM_RAW, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_128_GCM, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_128_GCM_RAW, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_256_GCM, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_256_GCM_RAW, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY130, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW ECDSA_P256 ECDSA_P256_IEEE_P1363
  • ECDSA_P256_IEEE_P1363_WITHOUT_PREFIX ECDSA_P256_RAW, ECDSA_P384 ECDSA_P384_IEEE_P1363 ECDSA_P384_SHA384, ECDSA_P384_SHA512 ECDSA_P521 ECDSA_P521_IEEE_P1363,
  • ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256_RAW, ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM, ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM_RAW, ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256_RAW, ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM, ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM_COMPRESSED_WITHOUT_PREFIX ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM_RAW
  • ED25519 ED25519WithRawOutput ED25519_RAW
  • HKDF_SHA256HKDF_SHA256_DERIVES_AES128_GCM, HKDF_SHA256_DERIVES_AES256_GCM, HKDF_SHA256_DERIVES_AES256_GCM_HKDF_1MB, HKDF_SHA256_DERIVES_AES256_SIV, HKDF_SHA256_DERIVES_ED25519, HKDF_SHA256_DERIVES_HMAC_SHA256_128BITTAG, HKDF_SHA256_DERIVES_HMAC_SHA256_PRF, HKDF_SHA256_DERIVES_XCHACHA20_POLY1305, HMAC_SHA256_128BITTAG HMAC_SHA256_128BITTAG_RAW, HMAC_SHA256_256BITTAG HMAC_SHA256_256BITTAG_RAW, HMAC_SHA256_PRF HMAC_SHA512_128BITTAG, HMAC_SHA512_128BITTAG_RAW HMAC_SHA512_256BITTAG, HMAC_SHA512_256BITTAG_RAW HMAC_SHA512_512BITTAG, HMAC_SHA512_512BITTAG_RAW HMAC_SHA512_PRF JWT_ES256
  • JWT_ES256_RAW JWT_ES384 JWT_ES384_RAW JWT_ES512, JWT_ES512_RAW JWT_HS256 JWT_HS256_RAW JWT_HS384, JWT_HS384_RAW JWT_HS512 JWT_HS512_RAW JWT_PS256_2048_F4, JWT_PS256_2048_F4_RAW JWT_PS256_3072_F4, JWT_PS256_3072_F4_RAW JWT_PS384_3072_F4, JWT_PS384_3072_F4_RAW JWT_PS512_4096_F4, JWT_PS512_4096_F4_RAW RSA_SSA_PKCS1_3072_SHA256_F4
  • RSA_SSA_PKCS1_3072_SHA256_F4_RAW, RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX, RSA_SSA_PKCS1_4096_SHA512_F4, RSA_SSA_PKCS1_4096_SHA512_F4_RAW RSA_SSA_PSS_3072_SHA256_F4 RSA_SSA_PSS_3072_SHA256_F4_RAW, RSA_SSA_PSS_3072_SHA256_SHA256_32_F4, RSA_SSA_PSS_4096_SHA512_F4 RSA_SSA_PSS_4096_SHA512_F4_RAW, RSA_SSA_PSS_4096_SHA512_SHA512_64_F4
  • XCHACHA20_POLY1305, XCHACHA20_POLY1305_RAW

    • 為此,我們可以使用 tinkey 執行:

    $ java -jar "tinkey_deploy.jar" create-keyset - key-template AES128_EAX - out-format JSON - out 1.json
    $ cat 1.json
    {"primaryKeyId":2180785869,"key":
    [{"keyData":{
    "typeUrl":"type.googleapis.com_google.crypto.tink.AesEaxKey",
    "value":"EgIIEBoQkkUmFOG1mkQFBTuuLyy6Mw==",
    "keyMaterialType":"SYMMETRIC"},
    "status":"ENABLED",
    "keyId":2180785869,
    "outputPrefixType":"TINK"}]
    }

    程式碼在這裡:

    Google Tink with Go (PRF)
    A PRF (Pseudo Random Function) takes inputs and compute an output that will look random. In this case, we will use the…asecuritysite.com

    對於 AES_EAX [here]:

    {
      "primaryKeyId": 1396503152,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesEaxKey",
            "value": "EgIIEBoQ6RkAIuX/Atj/SkqcpswobA==",
            "keyMaterialType": "SYMMETRIC"
          },
          "status": "ENABLED",
          "keyId": 1396503152,
          "outputPrefixType": "TINK"
        }
      ]
    }

    對於 ChaCha20 [here]:

    {
      "primaryKeyId": 1961123280,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.ChaCha20Poly1305Key",
            "value": "EiBGO18rw7WEmiWmDhWtdeLh9yifxqh8ZiRkEc+w0Axaxw==",
            "keyMaterialType": "SYMMETRIC"
          },
          "status": "ENABLED",
          "keyId": 1961123280,
          "outputPrefixType": "TINK"
        }
      ]
    }

    對於 DH-ML-KEM [here]:

    {
      "primaryKeyId": 471886363,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.HpkePrivateKey",
            "value": "EksSBggCEAEYARpBBEPwo/feGpb3vlP+PqHmfNcyx4MFiUhmgI6UTlYeOE3CuPlPEr29y10xpEnU7Rbz/68rC/DKtIQgj9wxSqy2jIAaINRX8U+vDAMHohP7pB0eL4APBLGucNXmrNQ/LlKTXMde",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 471886363,
          "outputPrefixType": "TINK"
        }
      ]
    }

    對於 ECDSA [here]:

    {
      "primaryKeyId": 1264604753,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey",
            "value": "Ek4SBggDEAIYAhohADjXTBYypwLxLyv16U1Cjc65bOThbbuy6fLUW/KRPW2+IiEAeNVl+SBSsCTcan65Ak/INw0LxdA7QjxYjhlUwV9jv18aIQDt6E9K9l2uTaMqrptTL+fwMsy4jErqNQrzTLsYB242GQ==",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 1264604753,
          "outputPrefixType": "TINK"
        }
      ]
    }

    對於 Ed25519 [here]:

    {
      "primaryKeyId": 548270440,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.Ed25519PrivateKey",
            "value": "EiBgPvg/MifqxLPxSSJNDX2sVf1vmsXTqA+adiDVHI5LaBoiEiBN/JwLTuGB1fan3TCMBLXPx6aeMhNQ7t/tpJXltxpZiQ==",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 548270440,
          "outputPrefixType": "TINK"
        }
      ]
    }

    對於 RSA PSS [here]:

    {
      "primaryKeyId": 744063254,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey",
            "value": "EpEDEgYIAxADGCAagQMAgP3p3Y+/Ymgcjp70eaGg6GjsKWRm4GcuBFH8o4hotVVO0p3MJ2aFBoidMQZpfw8osi4ATZ629A9p1TDu2G58vBKyQVe12kTZ7DP1v5nHspembu9bn9AClUd90CvpHTs7enXHdBMvj/A27qNrD6HD4HWIyMOfHEdjbgAXe3vkB8IAzNDGwmkSEWI10aUyOw63c9/TVRLCmAwBH3b0Nbmx2fJddHfVPLpvlHbErAhFICGr8hI87pBTkh6VWylNWK1hVbAfOnDyw+wKTPBL7ailqkGBT1pj7Sos3zjtswQcCwfbxVOHYhy82tS1DMSW2GztsT2x1tJ3XjMZK7BrvHjOdl2E8q5IgiuEByx8rZWyp69IIfiPgi9hWpsH4Eiq+HUXHJU9YGWHbblpQ/DWQaqBod3nBEQaeiMD1kbtj3UHJaSzeWBh46SSLEBEyThZtpcLd7564FkKb9ZFN8iMezSH/KS9S9SF1Dia5oheWztzkEtQKNhuIsaeMCjaiPuJv+6zIgMBAAEagAM7mJSfaBWtWpqvDiO3uoREPI24Bgo97Y3mMxb9Wz29Yd+cEYnMPmKBhUbS6rp9GLzdrcE4G3c9xY1JEWWYm1uH7T9sTyDW6m6g4dTNpDgOfGBJ6s6zRICdBb3MGy2F8uLlDluLdn3IC9zlXp1NSJjeMI906mStxRHcNbCjvba6GtkRx/e8xJyzaWOiK6fMf10k7SmPqa48X3d5WRU1aUkRgBfLgr4DY8O/nSv6q4t8b/IoUmLSed4SqYyp5Kg2q0uedOC7S4eQ4QZ5Mqo5ckVQwWjnF4rdRtRxI3osjppBbhX9btRAlpsgOMqtjzxqDWI5evUKgEv5K7vJ2x7oAVgkqVt21ha3g4z5AFauM4442Bs+QAxBZLrSAq8mSSVpKDkpaiLSukIb1Pelg/zJPKnibWyGwgfWLLmX8HUdpc6qiRUBZK3X6MC5uo4pXhtGwe3QjmGp3Qw9tizz+Kf9E2IhhbOcTFp8jFHTB50C5IhLkAKDiU2MwPsZHG+8vxaJKAEiwQEA0oxucFs9LOLievcyX2MoEJEGE/7zOBKyCqyc362yshHKKtUT8HiZHZlUz4enIBfkVnG1//yF1aQgg03nTfOB2bBIx0eeQi2i7yVj7uCTVIufikz2KdL+lOwqH++do8b5owN+6z6h+ljvrecdNptywnGAnrqT98kM2BvGHZkQJttVjd5zAc1DiS6culxLc8blgd+6z5XzP3vqhRGgp/NEJASbVh4kLz79xCgZFXdY9BUAib4bi8ig5YQIRL0vtSwBKsEBAJzWZ4/N55rEiup5PoTOc01jU54JZ5YXRVRD+6th64HlYCkENQCchjrATTi7fr7v36g/sunbH0lNiEGEZ+EN8WTnvZNa/AKkYdINz/iCpOoHEo1g45LgQrBUpzXXI8AGL2KPwU7Z9+O/aKWw09e8JnXqIVqeEuOtX1f5WNHAzj/HsDJ2TCZG3r5MmFu6PWn9jbziPX0rtU1mWIyjSipCWHFRo1eXxM1SkjDhcPQl7obNYQiX/hwkC5id90NH/NoqszLBAQC59XRZYgw/B8jWqFviKbaqIxyGLqhsfv6nNNt9J3HrmpC/keCBhFJf9RwWC47NZqyyuM3xYPxnvAVHU1gW3hpyxSMSdyvM8Xe11oVT5x/ZDVSElwLX39YgfBGckUre6w9zLdQ8O95eOYy/QJ/pqhQKrqrWBp5HvFfOy4EIhTbhytjea3mSPtQGZpfgdUHi6Omt8oeRbrQf/vccPnxxugcV9MepoQd+fxks1emJrxZuxdnqznCP3kxVSm7vH1TypAE6wAEHvAsfbGgfmdG//nq20feduWhGQvB41mz02uVubkXPAiDb5Pk4Ln/wJcupIJX/lJTTF1Ebd1Lzqn8tu/njf2yILWWL/tCu0KyCT2wSNV8sq2yezEhs1eJ0D7ivTwzUS3nKwowl91niQW5HvZC08vJynjlG3sTPtZ0eGY3nyjphqtdlpa/bs2MIv35EB8s/juGOjxm5Mo6eYo27YdImg18ZN412pGVwOsI65uNLJxO8UiSW5+gAO0bXH/MxvjsaB0FCwAEyhCrbfvq0CLRYbb9ja7PLwVMVJ6KvCgnWO4k3LbWXa6EsAfSxM4/PNTh4SoDuf0VJI4e0MRlBVWeGt8MetVkXdpqFhUdtIRqVEZ0LC2/Mn7jqAJhAytr9dPL+92G0RF14I8AFUm5S7KXwcSDoj88qQ+NOjkAANtvzxT7eWP3kNlL1G/r2aPJkHNYsj/qhcVLg2YdQogkITgdDOLcePaFRITQQXXEF8r+Z1IXWeaIr2cTNsw8RZ9ykweje5g3GNCs=",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 744063254,
          "outputPrefixType": "TINK"
        }
      ]
    }
    10s 洞悉市場
    協定隱私政策白皮書官方驗證Cookie部落格
    sha512-gmb+mMXJiXiv+eWvJ2SAkPYdcx2jn05V/UFSemmQN07Xzi5pn0QhnS09TkRj2IZm/UnUmYV4tRTVwvHiHwY2BQ==
    sha512-kYWj302xPe4RCV/dCeCy7bQu1jhBWhkeFeDJid4V8+5qSzhayXq80dsq8c+0s7YFQKiUUIWvHNzduvFJAPANWA==