在Go语言中如何进行确定性RSA加密?

huangapple go评论186阅读模式
英文:

How do I do deterministic RSA in Go

问题

我有两个Go服务,我们称它们为A和B。B拥有一个RSA密钥对,而A只知道公钥。我希望它们能够知道是否在某个值V上达成一致。

我想通过让B使用公钥对V进行加密,并让A进行比较来实现这一点,但是所有的crypto/rsa函数都需要一个RNG(随机数生成器),它会增加熵并使得每个V的哈希值都不同。这意味着我无法比较哈希值。

Go标准库中是否有一个可以确定性地对V进行哈希的函数?

注意:我可以通过使用每次哈希V时都使用相同值进行种子化的新RNG来实现这一点,但我希望能够从其他语言计算这个哈希值,而这将使我依赖于Go的RNG。

英文:

I have two go services, let's call them A and B. B holds an RSA key pair, while A only knows the public key. I want them to know if they agree on some value V.

I want to do this by having B encrypt encrypt V using the public key and have A do a comparison, but all the crytpo/rsa functions take an RNG which adds entropy and makes each hash of V different. That means I can't compare the hashes.

Is there a function in the go standard library that will deterministicly hash V?

Note: I can achieve this by using a fresh RNG seeded with the same value everytime I hash V, but I want to be able to compute this hash from other languages and that would tie me to Go's RNG.

答案1

得分: 1

我想通过使用公钥,让B对V进行加密,并让A进行比较来实现这个目标。

你使用的原语不正确。

如果你想让私钥的所有者证明他们拥有某些数据,让他们对该数据进行签名。接收方可以使用公钥验证该签名。

使用SignPSS和VerifyPSS方法来实现这一点。签名不需要是确定性的,但这并不重要——接收方仍然能够验证它。

英文:

> I want to do this by having B encrypt encrypt V using the public key and have A do a comparison…

You're using the wrong primitive.

If you want the owner of a private key to prove that they have some data, have them Sign that data. The recipient can Verify that signature using the public key.

Use the SignPSS and VerifyPSS methods to do this. The signature will not be deterministic, but it doesn't need to be -- the recipient will still be able to verify it.

答案2

得分: 0

请查看EncryptOAEP的文档:

random参数用作熵的来源,以确保对相同的消息进行两次加密不会产生相同的密文。

因此,随机数据不会影响读者只使用公钥解密消息的能力。每次加密相同的值时,密文字节都会不同,这是一件好事。

请查看文档中Encrypt/Decrypt OAEP的示例。这应该足以让您朝着正确的方向前进。

英文:

Take a look at the docs for EncryptOAEP:

> The random parameter is used as a source of entropy to ensure that encrypting the same message twice doesn't result in the same ciphertext.

So the random data does not affect the reader's ability to decrypt the message with only the public key. The cipher text bytes will be different each time you encrypt the same value, which is a good thing.

Take a look at the examples on Encrypt/Decrypt OAEP in those docs. It should be sufficient to get you moving the right direction.

huangapple
  • 本文由 发表于 2017年5月5日 11:36:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/43796080.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定