Re: CAPI - crypt and decrypt using public/private key pairs
From: Sergio Dutra [MS] (sergiod_at_online.microsoft.com)
Date: 10/28/03
- Previous message: Sergio Dutra [MS]: "Re: Can't disable "Trusted" for Certificates Issued by MS Certificate Server"
- In reply to: Panga Tc: "CAPI - crypt and decrypt using public/private key pairs"
- Next in thread: Panga Tc: "Re: CAPI - crypt and decrypt using public/private key pairs"
- Reply: Panga Tc: "Re: CAPI - crypt and decrypt using public/private key pairs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Oct 2003 09:16:53 -0800
For the license generator you shouldn't need to import the private key all
the time. Just generate the key on the machine and leave it there, and
secure the machine. Then you can export the public key and use that to
hard-code into the license client.
The client, having the public key hard-coded, should be able to acquire a
context with the CRYPT_VERIFYCONTEXT flag and import the public key with
which to perform the decryption/signature verification.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Panga Tc" <panga@freemail.hu> wrote in message news:n2Imb.5471$vL1.99703@news.chello.at... > Hi all! > > I need to deliver license information in a textfile. The amount of data > to be encrypted is small. I decided to use public/private keypairs with > CAPI. > > After got the keys I want to > 1) reload the private key blob into the license generation program at later > time > to generate new license content > 2) load the public key blob on the user's machine (hardcoded into the > executable) > and encrypt license contents. > > I did it in the following way: > > // export keypair to blob > CryptAcquireContext(&hProv, "dummy", MS_DEF_PROV, PROV_RSA_FULL, ...); > CryptGenKey(hProv, AT_KEYEXCHANGE, 0x02000000|CRYPT_EXPORTABLE, > &hPrivateKey); > CryptExportKey(hPrivateKey, 0, PRIVATEKEYBLOB, ...); > CryptExportKey(hPrivateKey, 0, PUBLICKEYBLOB, ...); > > // Now I got the two blobs stored on disk. Later I import private blob > // and do the encrypting -- this is in the license generator > CryptImportKey(hProv, pbBlob, cbBlob, 0, CRYPT_EXPORTABLE, &hKey)) > CryptEncrypt(hKey, NULL, TRUE, 0, pbBuf, &cbBuf, ...) > > // Import public key and decode the message (license) with it > CryptImportKey(hProv, pbPublic, cbPublic, 0, 0, &hPrivateKey); > CryptDecrypt(hPrivateKey, 0, TRUE, 0, (PUCHAR)pbBuf, &cbBuf); > > My questions are (I'm really newbie to CAPI): > Q1: Is it good or there is a much better way? > Q2: Will I be able to load these blobs on another machine? > > Thanks in advance, > Panga > >
- Previous message: Sergio Dutra [MS]: "Re: Can't disable "Trusted" for Certificates Issued by MS Certificate Server"
- In reply to: Panga Tc: "CAPI - crypt and decrypt using public/private key pairs"
- Next in thread: Panga Tc: "Re: CAPI - crypt and decrypt using public/private key pairs"
- Reply: Panga Tc: "Re: CAPI - crypt and decrypt using public/private key pairs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
