总市值:$00
API
ZH
暗色
搜索SSI/Mag7/Meme/ETF/币种/指数/图表/研报
00:00 / 00:00
查看
    市场
    指数
    资讯
    TokenBar®
    分析
    宏观
    观察列表
分享

JSON 和加密密钥——天作之合

由AI翻译
Prof Bill Buchanan OBE
3K字
2025年6月27日

JSON 和加密密钥 — 天作之合

有多少种加密和签名密钥格式? 答案是 — 非常多。 为什么? 好吧,现在我们可以使用 JSON 格式包装加密密钥,JSON 格式提供了有关如何使用加密密钥的附加信息。

对于计算机来说,这些密钥只是一堆 1 和 0,但对于人类来说,我们不太擅长解释二进制。 两种常见的格式是 DER(二进制)和 PEM (Base64)。 当解释为十六进制时,DER 看起来像这样 [here]:

PEM 格式的结构稍微复杂一些,具有特殊的标头和页脚,并且在两者之间包含 Base64 文本:

这些文件格式都没有过多地透露有关密钥的详细信息,例如其标识符、使用的加密类型等等。 因此,JSON 格式通常用于查看密钥,而 Google Tink 是查看密钥的好地方。 这样,我们可以定义一个对称密钥,并在其中提供密钥和 ID,然后定义密钥类型(因为我们可以使用一系列加密方法)。 在下面,我们使用 AES GCM 密钥:[link]

{
    "primaryKeyId": 1331912396,
    "key": [{
        "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
            "keyMaterialType": "SYMMETRIC",
            "value": "GhBpskWWTrE27e2w67X4TzfS"
        },
        "outputPrefixType": "TINK",
        "keyId": 1331912396,
        "status": "ENABLED"
    }]
}

密钥是“GhBpskWWTrE27e2w67X4TzfS”。 十六进制格式为:

1A1069B245964EB136EDEDB0EBB5F84F37D2

它是 36 个十六进制字符,也就是 144 位。 这为密钥提供了 128 位,为某些参数提供了一些额外的位。

对于 MAC(消息认证码),我们使用共享密钥,然后可以使用它来检查消息的签名 [here]。 同样,在这种情况下,我们生成一个 128 位的 AES GCM 密钥 [here]:

{
    "primaryKeyId": 1331912396,
    "key": [{
        "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
            "keyMaterialType": "SYMMETRIC",
            "value": "GhBpskWWTrE27e2w67X4TzfS"
        },
        "outputPrefixType": "TINK",
        "keyId": 1331912396,
        "status": "ENABLED"
    }]
}

在数字签名中,我们使用密钥对(公钥和私钥)。 私钥用于对消息进行签名,然后公钥证明签名者。 在这种情况下,我们在发送方创建椭圆曲线密钥对 [link]:

{
 “primaryKeyId”: 438545957,
 “key”: [{
 “keyData”: {
 “typeUrl”: “type.googleapis.com/google.crypto.tink.EcdsaPrivateKey”,
 “keyMaterialType”: “ASYMMETRIC_PRIVATE”,
 “value”: “Ek0SBggDEAIYAhohAP4v0pziVF9He/fn8BgApUHOu2Y1TkMcejrYC4U24M3xIiBAf0AIU72H5uVIP1S6ULGLaDf4td3/RIb4F58z2Md/khogJsuTDxaY/Q0CmENKlTQIOCXEZ+qvdAW0Rkvix6Wehl4=”
 },
 “outputPrefixType”: “TINK”,
 “keyId”: 438545957,
 “status”: “ENABLED”
 }]
}

然后,我们提取公钥来证明签名:

{
 “primaryKeyId”: 438545957,
 “key”: [{
 “keyData”: {
 “typeUrl”: “type.googleapis.com/google.crypto.tink.EcdsaPublicKey”,
 “keyMaterialType”: “ASYMMETRIC_PUBLIC”,
 “value”: “EgYIAxACGAIaIQD+L9Kc4lRfR3v35/AYAKVBzrtmNU5DHHo62AuFNuDN8SIgQH9ACFO9h+blSD9UulCxi2g3+LXd/0SG+BefM9jHf5I=”
 },
 “outputPrefixType”: “TINK”,
 “keyId”: 438545957,
 “status”: “ENABLED”
 }]
}

十六进制格式是 12060803100218021A2100FE2FD29CE2545F477BF7E7F01800A541CEBB66354E431C7A3AD80B8536E0CDF12220407F400853BD87E6E5483F54BA50B18B6837F8B5DDFF4486F8179F33D8C77F92,它是 154 个十六进制字符(616 位 - 由一个 512 位公钥和一些额外的字节组成,用于定义密钥的格式)。

在许多应用程序中,我们使用混合方法,可以使用密钥对保护对称密钥。 在下面,我们使用 ECIES 加密来保护我们创建的对称密钥,然后使用公钥 [link]。 然后使用私钥解密对称密钥:

{
 “primaryKeyId”: 1992984960,
 “key”: [{
 “keyData”: {
 “typeUrl”: “type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey”,
 “keyMaterialType”: “ASYMMETRIC_PUBLIC”,
 “value”: “EkQKBAgCEAMSOhI4CjB0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5jcnlwdG8udGluay5BZXNHY21LZXkSAhAQGAEYARohAOaHVTjvjhpGaHv5mhuXz3Nc+Mb7RE5sMyAsv7YCB8UjIiAOaSLbqRE7ddVM14kWiNoPWB/U2MNluwLlAjw39zwAlw==”
 },
 “outputPrefixType”: “TINK”,
 “keyId”: 1992984960,
 “status”: “ENABLED”
 }]
}

还有一种方法允许您使用附加数据(例如数据包的序列号或使用的 TCP 端口)来验证加密。 这被称为使用关联数据的身份验证加密 (AEAD),这是一个使用 AES-SIV 的密钥示例 [here]:

{
    "primaryKeyId": 1428191678,
    "key": [{
        "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesSivKey",
            "keyMaterialType": "SYMMETRIC",
            "value": "EkAFkhmlhYkmClmpz/vGzojJVgA/IQIMSty7rL8TXxyu9m/W0ZtzCddmSLFj7r8V/R0CywJ89KxdMVzdR+GDQH2w"
        },
        "outputPrefixType": "TINK",
        "keyId": 1428191678,
        "status": "ENABLED"
    }]
}

所以,这就是你可以用 JSON 格式查看加密密钥的方式。

几乎所有你可以使用的密钥

让我们看看如何为 AES、DHKEM (Hybrid ML-KEM)、ECDSA、ECIES、Ed25519、HKDF、HMAC、JWT、RSA PKCS#1 v1.5、RSA PSS 和 XChaCha20 创建密钥:

  • AES: AES128_EAX AES128_EAX_RAW AES128_GCM, AES128_GCM_HKDF_1MB AES128_GCM_HKDF_4KB AES128_GCM_RAW, AES256_CMAC AES256_CMAC_PRF AES256_CMAC_RAW, AES256_CTR_HMAC_SHA256 AES256_CTR_HMAC_SHA256_1MB, AES256_CTR_HMAC_SHA256_4KB AES256_CTR_HMAC_SHA256_RAW, AES256_EAX AES256_EAX_RAW AES256_GCM AES256_GCM_HKDF_1MB, AES256_GCM_HKDF_4KB AES256_GCM_RAW AES256_SIV, AES256_SIV_RAW AES_CMAC AES_CMAC_PRF CHACHA20_POLY1305 CHACHA20_POLY1305_RAW
  • DHKE: MDHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_128_GCM, DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW, DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_256_GCM, DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_128_GCM, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_128_GCM_RAW, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_256_GCM, DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_256_GCM_RAW, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_128_GCM, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_128_GCM_RAW, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_256_GCM, DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_256_GCM_RAW, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY130, DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW ECDSA_P256 ECDSA_P256_IEEE_P1363
  • ECDSA_P256_IEEE_P1363_WITHOUT_PREFIX ECDSA_P256_RAW, ECDSA_P384 ECDSA_P384_IEEE_P1363 ECDSA_P384_SHA384, ECDSA_P384_SHA512 ECDSA_P521 ECDSA_P521_IEEE_P1363,
  • ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256_RAW, ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM, ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM_RAW, ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256, ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256_RAW, ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM, ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM_COMPRESSED_WITHOUT_PREFIX ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM_RAW
  • ED25519 ED25519WithRawOutput ED25519_RAW
  • HKDF_SHA256HKDF_SHA256_DERIVES_AES128_GCM, HKDF_SHA256_DERIVES_AES256_GCM, HKDF_SHA256_DERIVES_AES256_GCM_HKDF_1MB, HKDF_SHA256_DERIVES_AES256_SIV, HKDF_SHA256_DERIVES_ED25519, HKDF_SHA256_DERIVES_HMAC_SHA256_128BITTAG, HKDF_SHA256_DERIVES_HMAC_SHA256_PRF, HKDF_SHA256_DERIVES_XCHACHA20_POLY1305, HMAC_SHA256_128BITTAG HMAC_SHA256_128BITTAG_RAW, HMAC_SHA256_256BITTAG HMAC_SHA256_256BITTAG_RAW, HMAC_SHA256_PRF HMAC_SHA512_128BITTAG, HMAC_SHA512_128BITTAG_RAW HMAC_SHA512_256BITTAG, HMAC_SHA512_256BITTAG_RAW HMAC_SHA512_512BITTAG, HMAC_SHA512_512BITTAG_RAW HMAC_SHA512_PRF JWT_ES256
  • JWT_ES256_RAW JWT_ES384 JWT_ES384_RAW JWT_ES512, JWT_ES512_RAW JWT_HS256 JWT_HS256_RAW JWT_HS384, JWT_HS384_RAW JWT_HS512 JWT_HS512_RAW JWT_PS256_2048_F4, JWT_PS256_2048_F4_RAW JWT_PS256_3072_F4, JWT_PS256_3072_F4_RAW JWT_PS384_3072_F4, JWT_PS384_3072_F4_RAW JWT_PS512_4096_F4, JWT_PS512_4096_F4_RAW JWT_RS256_2048_F4, JWT_RS256_2048_F4_RAW JWT_RS256_3072_F4, JWT_RS256_3072_F4_RAW JWT_RS384_3072_F4, JWT_RS384_3072_F4_RAW JWT_RS512_4096_F4, JWT_RS512_4096_F4_RAW RSA_SSA_PKCS1_3072_SHA256_F4
  • RSA_SSA_PKCS1_3072_SHA256_F4_RAW, RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX, RSA_SSA_PKCS1_4096_SHA512_F4, RSA_SSA_PKCS1_4096_SHA512_F4_RAW RSA_SSA_PSS_3072_SHA256_F4 RSA_SSA_PSS_3072_SHA256_F4_RAW, RSA_SSA_PSS_3072_SHA256_SHA256_32_F4, RSA_SSA_PSS_4096_SHA512_F4 RSA_SSA_PSS_4096_SHA512_F4_RAW, RSA_SSA_PSS_4096_SHA512_SHA512_64_F4
  • XCHACHA20_POLY1305, XCHACHA20_POLY1305_RAW

    • 为此,我们可以使用 tinkey 运行:

    $ java -jar "tinkey_deploy.jar" create-keyset - key-template AES128_EAX - out-format JSON - out 1.json
    $ cat 1.json
    {"primaryKeyId":2180785869,"key":
    [{"keyData":{
    "typeUrl":"type.googleapis.com_google.crypto.tink.AesEaxKey",
    "value":"EgIIEBoQkkUmFOG1mkQFBTuuLyy6Mw==",
    "keyMaterialType":"SYMMETRIC"},
    "status":"ENABLED",
    "keyId":2180785869,
    "outputPrefixType":"TINK"}]
    }

    代码在这里:

    Google Tink with Go (PRF)
    A PRF (Pseudo Random Function) takes inputs and compute an output that will look random. In this case, we will use the…asecuritysite.com

    对于 AES_EAX [here]:

    {
      "primaryKeyId": 1396503152,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.AesEaxKey",
            "value": "EgIIEBoQ6RkAIuX/Atj/SkqcpswobA==",
            "keyMaterialType": "SYMMETRIC"
          },
          "status": "ENABLED",
          "keyId": 1396503152,
          "outputPrefixType": "TINK"
        }
      ]
    }

    对于 ChaCha20 [here]:

    {
      "primaryKeyId": 1961123280,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.ChaCha20Poly1305Key",
            "value": "EiBGO18rw7WEmiWmDhWtdeLh9yifxqh8ZiRkEc+w0Axaxw==",
            "keyMaterialType": "SYMMETRIC"
          },
          "status": "ENABLED",
          "keyId": 1961123280,
          "outputPrefixType": "TINK"
        }
      ]
    }

    对于 DH-ML-KEM [here]:

    {
      "primaryKeyId": 471886363,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.HpkePrivateKey",
            "value": "EksSBggCEAEYARpBBEPwo/feGpb3vlP+PqHmfNcyx4MFiUhmgI6UTlYeOE3CuPlPEr29y10xpEnU7Rbz/68rC/DKtIQgj9wxSqy2jIAaINRX8U+vDAMHohP7pB0eL4APBLGucNXmrNQ/LlKTXMde",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 471886363,
          "outputPrefixType": "TINK"
        }
      ]
    }

    对于 ECDSA [here]:

    {
      "primaryKeyId": 1264604753,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey",
            "value": "Ek4SBggDEAIYAhohADjXTBYypwLxLyv16U1Cjc65bOThbbuy6fLUW/KRPW2+IiEAeNVl+SBSsCTcan65Ak/INw0LxdA7QjxYjhlUwV9jv18aIQDt6E9K9l2uTaMqrptTL+fwMsy4jErqNQrzTLsYB242GQ==",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 1264604753,
          "outputPrefixType": "TINK"
        }
      ]
    }

    对于 Ed25519 [here]:

    {
      "primaryKeyId": 548270440,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.Ed25519PrivateKey",
            "value": "EiBgPvg/MifqxLPxSSJNDX2sVf1vmsXTqA+adiDVHI5LaBoiEiBN/JwLTuGB1fan3TCMBLXPx6aeMhNQ7t/tpJXltxpZiQ==",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 548270440,
          "outputPrefixType": "TINK"
        }
      ]
    }

    对于 RSA PSS [here]:

    {
      "primaryKeyId": 744063254,
      "key": [
        {
          "keyData": {
            "typeUrl": "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey",
            "value": "EpEDEgYIAxADGCAagQMAgP3p3Y+/Ymgcjp70eaGg6GjsKWRm4GcuBFH8o4hotVVO0p3MJ2aFBoidMQZpfw8osi4ATZ629A9p1TDu2G58vBKyQVe12kTZ7DP1v5nHspembu9bn9AClUd90CvpHTs7enXHdBMvj/A27qNrD6HD4HWIyMOfHEdjbgAXe3vkB8IAzNDGwmkSEWI10aUyOw63c9/TVRLCmAwBH3b0Nbmx2fJddHfVPLpvlHbErAhFICGr8hI87pBTkh6VWylNWK1hVbAfOnDyw+wKTPBL7ailqkGBT1pj7Sos3zjtswQcCwfbxVOHYhy82tS1DMSW2GztsT2x1tJ3XjMZK7BrvHjOdl2E8q5IgiuEByx8rZWyp69IIfiPgi9hWpsH4Eiq+HUXHJU9YGWHbblpQ/DWQaqBod3nBEQaeiMD1kbtj3UHJaSzeWBh46SSLEBEyThZtpcLd7564FkKb9ZFN8iMezSH/KS9S9SF1Dia5oheWztzkEtQKNhuIsaeMCjaiPuJv+6zIgMBAAEagAM7mJSfaBWtWpqvDiO3uoREPI24Bgo97Y3mMxb9Wz29Yd+cEYnMPmKBhUbS6rp9GLzdrcE4G3c9xY1JEWWYm1uH7T9sTyDW6m6g4dTNpDgOfGBJ6s6zRICdBb3MGy2F8uLlDluLdn3IC9zlXp1NSJjeMI906mStxRHcNbCjvba6GtkRx/e8xJyzaWOiK6fMf10k7SmPqa48X3d5WRU1aUkRgBfLgr4DY8O/nSv6q4t8b/IoUmLSed4SqYyp5Kg2q0uedOC7S4eQ4QZ5Mqo5ckVQwWjnF4rdRtRxI3osjppBbhX9btRAlpsgOMqtjzxqDWI5evUKgEv5K7vJ2x7oAVgkqVt21ha3g4z5AFauM4442Bs+QAxBZLrSAq8mSSVpKDkpaiLSukIb1Pelg/zJPKnibWyGwgfWLLmX8HUdpc6qiRUBZK3X6MC5uo4pXhtGwe3QjmGp3Qw9tizz+Kf9E2IhhbOcTFp8jFHTB50C5IhLkAKDiU2MwPsZHG+8vxaJKAEiwQEA0oxucFs9LOLievcyX2MoEJEGE/7zOBKyCqyc362yshHKKtUT8HiZHZlUz4enIBfkVnG1//yF1aQgg03nTfOB2bBIx0eeQi2i7yVj7uCTVIufikz2KdL+lOwqH++do8b5owN+6z6h+ljvrecdNptywnGAnrqT98kM2BvGHZkQJttVjd5zAc1DiS6culxLc8blgd+6z5XzP3vqhRGgp/NEJASbVh4kLz79xCgZFXdY9BUAib4bi8ig5YQIRL0vtSwBKsEBAJzWZ4/N55rEiup5PoTOc01jU54JZ5YXRVRD+6th64HlYCkENQCchjrATTi7fr7v36g/sunbH0lNiEGEZ+EN8WTnvZNa/AKkYdINz/iCpOoHEo1g45LgQrBUpzXXI8AGL2KPwU7Z9+O/aKWw09e8JnXqIVqeEuOtX1f5WNHAzj/HsDJ2TCZG3r5MmFu6PWn9jbziPX0rtU1mWIyjSipCWHFRo1eXxM1SkjDhcPQl7obNYQiX/hwkC5id90NH/NoqszLBAQC59XRZYgw/B8jWqFviKbaqIxyGLqhsfv6nNNt9J3HrmpC/keCBhFJf9RwWC47NZqyyuM3xYPxnvAVHU1gW3hpyxSMSdyvM8Xe11oVT5x/ZDVSElwLX39YgfBGckUre6w9zLdQ8O95eOYy/QJ/pqhQKrqrWBp5HvFfOy4EIhTbhytjea3mSPtQGZpfgdUHi6Omt8oeRbrQf/vccPnxxugcV9MepoQd+fxks1emJrxZuxdnqznCP3kxVSm7vH1TypAE6wAEHvAsfbGgfmdG//nq20feduWhGQvB41mz02uVubkXPAiDb5Pk4Ln/wJcupIJX/lJTTF1Ebd1Lzqn8tu/njf2yILWWL/tCu0KyCT2wSNV8sq2yezEhs1eJ0D7ivTwzUS3nKwowl91niQW5HvZC08vJynjlG3sTPtZ0eGY3nyjphqtdlpa/bs2MIv35EB8s/juGOjxm5Mo6eYo27YdImg18ZN412pGVwOsI65uNLJxO8UiSW5+gAO0bXH/MxvjsaB0FCwAEyhCrbfvq0CLRYbb9ja7PLwVMVJ6KvCgnWO4k3LbWXa6EsAfSxM4/PNTh4SoDuf0VJI4e0MRlBVWeGt8MetVkXdpqFhUdtIRqVEZ0LC2/Mn7jqAJhAytr9dPL+92G0RF14I8AFUm5S7KXwcSDoj88qQ+NOjkAANtvzxT7eWP3kNlL1G/r2aPJkHNYsj/qhcVLg2YdQogkITgdDOLcePaFRITQQXXEF8r+Z1IXWeaIr2cTNsw8RZ9ykweje5g3GNCs=",
            "keyMaterialType": "ASYMMETRIC_PRIVATE"
          },
          "status": "ENABLED",
          "keyId": 744063254,
          "outputPrefixType": "TINK"
        }
      ]
    }
    10s 洞悉市场
    协议隐私政策白皮书官方验证Cookie博客
    sha512-gmb+mMXJiXiv+eWvJ2SAkPYdcx2jn05V/UFSemmQN07Xzi5pn0QhnS09TkRj2IZm/UnUmYV4tRTVwvHiHwY2BQ==
    sha512-kYWj302xPe4RCV/dCeCy7bQu1jhBWhkeFeDJid4V8+5qSzhayXq80dsq8c+0s7YFQKiUUIWvHNzduvFJAPANWA==