Node.js ecdh.computeSecret() 方法
ecdh.computeSecret()方法是加密模块中 ECDH 类的内置应用程序编程接口,用于使用对方的公钥创建共享密钥。输入公钥和输出密钥的编码都可以使用各自的参数来指定。
当公钥位于椭圆曲线之外时,将引发ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY错误。
句法:
ecdh.computeSecret( otherPublicKey, inputEncoding, outputEncoding )
参数:此方法接受三个参数,如上所述,如下所述:
- otherPublicKey:是对方的公钥,根据该公钥生成共享密钥。
- inputEncoding:这是一个字符串值,指定对方公钥的编码。如果未指定此参数,则键应为 Buffer TypedArray 或 DataView。
- outputEncoding:这是一个字符串值,指定将生成的共享密钥的编码。
返回值:返回指定编码的椭圆曲线 DiffieHellman 共享密钥。未提供编码时,以 Buffer 形式返回,否则返回字符串。
以下示例演示了该方法:
示例 1:在此示例中,使用双方的密钥创建两个用户的共享密钥,然后比较它们是否相等。
Javascript
const crypto = require('crypto');
const geekA = crypto.createECDH('secp521r1');
// Generate keys for geekA
const geekAkey = geekA.generateKeys('base64');
const geekB = crypto.createECDH('secp521r1');
// Generate keys for geekB
const geekBkey = geekB.generateKeys('base64');
// Compute the secrets of both the geeks in base64
// based on the other party's key
let secretA = geekA.computeSecret(geekBkey, 'base64', 'base64');
let secretB = geekB.computeSecret(geekAkey, 'base64', 'base64');
console.log("Secret of A is:", secretA);
console.log("Secret of B is:", secretB);
// Check if the secrets match
console.log(secretA == secretB ?
"The secrets match!" :
"The secrets do not match")
Javascript
const crypto = require('crypto');
const geekOne = crypto.createECDH('secp521r1');
// Generate keys for geekOne
const geekOneKey = geekOne.generateKeys();
const geekTwo = crypto.createECDH('secp521r1');
// Generate keys for geekTwo
const geekTwoKey = geekTwo.generateKeys();
// Compute the secrets of both the geeks
// The input
let secretGeekOne =
geekOne.computeSecret(geekTwoKey, null, 'base64');
let secretGeekTwo =
geekTwo.computeSecret(geekOneKey, null, 'base64');
console.log("Secret of Geek One is:", secretGeekOne);
console.log("Secret of Geek Two is:", secretGeekTwo);
输出:
Secret of A is: Ac7p1CjFXyTrdcVxx0HIs0Jqjr3fGb7sUTxfgdUQ+xgXmpJgWKS9SECkFf3ehly+xyvE2MtWFcAxF2gq9F7k7tT5
Secret of B is: Ac7p1CjFXyTrdcVxx0HIs0Jqjr3fGb7sUTxfgdUQ+xgXmpJgWKS9SECkFf3ehly+xyvE2MtWFcAxF2gq9F7k7tT5
The secrets match!
示例 2:在此示例中, inputEncoding 参数作为null传递,因为 generateKeys() 方法在生成密钥时不会对密钥进行编码。
Javascript
const crypto = require('crypto');
const geekOne = crypto.createECDH('secp521r1');
// Generate keys for geekOne
const geekOneKey = geekOne.generateKeys();
const geekTwo = crypto.createECDH('secp521r1');
// Generate keys for geekTwo
const geekTwoKey = geekTwo.generateKeys();
// Compute the secrets of both the geeks
// The input
let secretGeekOne =
geekOne.computeSecret(geekTwoKey, null, 'base64');
let secretGeekTwo =
geekTwo.computeSecret(geekOneKey, null, 'base64');
console.log("Secret of Geek One is:", secretGeekOne);
console.log("Secret of Geek Two is:", secretGeekTwo);
输出:
Secret of Geek One is: ACc+SKe9XQMw5quzSEKs0Os+OhGKPRqHIwkW13+lxhs2HNwUEvbZdCEOE/PCzdNKk3v5zqdWSHO0kfRy1qBM8Kc6
Secret of Geek Two is: ACc+SKe9XQMw5quzSEKs0Os+OhGKPRqHIwkW13+lxhs2HNwUEvbZdCEOE/PCzdNKk3v5zqdWSHO0kfRy1qBM8Kc6
参考: https://nodejs.org/api/crypto.html#crypto_ecdh_computesecret_otherpublickey_inputencoding_outputencoding