ECDsaCng elliptic curve class exception on import of private key



Hello everybody,

I was playing around with the new ECDsaCng elliptic curve class of the
System.Security.Cryptography namespace and have encountered a problem with
importing a previously exported private key. The strange thing is that
importing a public key works fine, but importing a private key always fails
with a cryptographic exception, although I am calling the import function
properly, as far as I can tell.

Before this drives me nuts, I thought I should post the code here - maybe
someone can have a look at it and check whether I am missing something, or
whether this is a bug within the ECDsaCng class itself.

Here's the VB2008 code - the section where the error occurs is marked
(bottom of function)

----------------- Code starts

Public Function CreateSignature(ByVal strString As String) As Boolean

'The exception occurs in the 'objCngKey = CngKey.Import' line on the
bottom

Dim data() As Byte
Dim bSignature() As Byte
Dim sSignature As String
Dim objCngKey As CngKey
Dim keyName As String = "ECDSA Key"
Dim publicKeyBytes(), privateKeyBytes() As Byte

'Check if CngKey exists - if so, delete it, if not create a new pair
of keys
If (CngKey.Exists(keyName)) Then
objCngKey = CngKey.Open(keyName)
objCngKey.Delete()
Else
Dim creationParameters = New CngKeyCreationParameters()
creationParameters.ExportPolicy =
CngExportPolicies.AllowPlaintextExport
objCngKey = CngKey.Create(CngAlgorithm.ECDsaP256, keyName,
creationParameters)
End If

'Export the public and the private key to byte arrays
publicKeyBytes = objCngKey.Export(CngKeyBlobFormat.EccPublicBlob)
privateKeyBytes = objCngKey.Export(CngKeyBlobFormat.EccPrivateBlob)

'Convert String to be signed to a byte array
data = System.Text.Encoding.Default.GetBytes(strString)

'Create a ECDsaCng Object
Dim ecdsa As ECDsaCng = New ECDsaCng(objCngKey)

'Sign the string
bSignature = ecdsa.SignData(data)

'Convert Signature to Base64 string for better reading
sSignature = Convert.ToBase64String(bSignature)

'Destroy Keypair
objCngKey.Delete()
objCngKey.Dispose()
ecdsa = Nothing

'Re-Import the keys created above
'Actually the code below was part of another function, to which I
pass the private key which was created by the code above
'The purpose of this was to sign another string with the same
private key

'Re-Import the previously exported public key - that works fine.
objCngKey = CngKey.Import(publicKeyBytes,
CngKeyBlobFormat.EccPublicBlob) 'That works fine
'NOW, here's the problem:
'>>>>>>>>>>
objCngKey = CngKey.Import(privateKeyBytes,
CngKeyBlobFormat.EccPrivateBlob)

'Here a cryptographic exception occurs
'>>>>>>>>>>
'Although I am re-importing the key exactly as exported above, a
cryptographic exception occurs.
'What am I doing wrong? Importing the public key works fine,
importing the private key fails...
'I also tried to only import the private key, without importing the
public key, but that does not help either ...
'Is this a bug in the ECDsaCng function, or am I doing anything wrong?

End Function

----------------- Code ends
.



Relevant Pages

  • Re: Encryption
    ... If I encrypt a folder on the copied-to machine, ... I tried all options when importing the key and ... The private key import for W2k I do not clearly recall at ...
    (microsoft.public.win2000.security)
  • Re: Encryption
    ... If I encrypt a folder on the copied-to machine, ... I tried all options when importing the key and ... The private key import for W2k I do not clearly recall at ...
    (microsoft.public.win2000.security)
  • Re: Issues with SSL on Win CE 5.0
    ... the certificate context after importing the certificate and the private key. ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.windowsce.embedded)
  • Re: Encryption
    ... I tried all options when importing the key and still ... the case for your copied-to machine, but then that would break things.) ... The private key import for W2k I do not clearly recall at ... I encrypted a folder and copied it to another computer. ...
    (microsoft.public.win2000.security)
  • Re: Sign hash with public key
    ... You can encrypt with public key and decrypt with private. ... You can sign with private key and verify with public. ... Dim AlgHash As HashAlgorithm = HashAlgorithm.Create ...
    (microsoft.public.dotnet.security)