Re: .NET CryptoAPITransform and KeyHandle interop
From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 12/19/03
- Next message: Umer Mian: "Refreshing User Access Token Without Logging Off"
- Previous message: Chaitanya D. Upadhyay [MS]: "Re: Authorization Manager Interop availability (azroles)"
- In reply to: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
- Next in thread: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
- Reply: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Dec 2003 16:22:01 -0500
If one invokes CryptGetKeyParam() on CryptoAPITransform.KeyHandle
with KP_PERMISSIONS, the result DOES indicate that the key is exportable.
Also, all other parameters returned by this function are exactly what one expects
for the .NET provider with default constructor TripleDESCryptoServiceProvider().
However, when that KeyHandle is passed to CryptExportKey() via Pinvoke,
with SIMPLEBLOB, the result fails as below with Bad Key 0x80004005.
The exchange key is successfully obtained with no problem via:
Win32.CryptAcquireContext(ref hProv, null, MS_ENHANCED_PROV, PROV_RSA_FULL, 0)
Win32.CryptGetUserKey(hProv, AT_KEYEXCHANGE, ref hXchgKey)
Is there a potential problem because there are actually 2 instances of CSP involved,
one via .NET and one via CryptAcquireContext ??
If I use CryptGenKey() (instead of using CryptoAPITransform.KeyHandle) to get
a symmetric key, the handle returned *can* be successfully exported with CryptExportKey().
Any ideas?
- Mitch
"Ivan Medvedev [MS]" <ivanmed@online.microsoft.com> wrote in message
news:OEAPBOexDHA.3224@tk2msftngp13.phx.gbl...
> Michel -
> it depends on the version. In Whidbey (tech preview was made available at
> the PDC) this will be specified with CspProviderFlags.
> --Ivan
> http://blogs.dotnetthis.com/ivan
>
> "Michel Gallant" <neutron@NOSPAMistar.ca> wrote in message
> news:OX0YyZXxDHA.3220@tk2msftngp13.phx.gbl...
> > I understand that CryptoAPITransform.KeyHandle returns a
> > handle to the native symmetric key handle (for underlying capi
> > CSP like RC2, TripleDES etc..)
> >
> > There is no problem acquiring such a keyhandle in managed code:
> >
> > CryptoAPITransform capitrans = (CryptoAPITransform) encryptor ;
> > IntPtr hsymkey = capitrans.KeyHandle ; //native key handle
> >
> > but this keyhandle fails when supplied to CryptoAPI functions via Pinvoke
> > (typically with Bad Key error).
> > Anyone with experience here?
> >
> > Is the underlying SymmetricAlgorithm keyhandle marked as "Exportable" in
> > capi? SymmetricAlgorithm classes don't seem to have properties that allow
> > controlling some dwFlags that CryptoGenKey() does.
> >
> > Thanks,
> > - Mitch Gallant
> > MVP Security
> >
> >
>
>
- Next message: Umer Mian: "Refreshing User Access Token Without Logging Off"
- Previous message: Chaitanya D. Upadhyay [MS]: "Re: Authorization Manager Interop availability (azroles)"
- In reply to: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
- Next in thread: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
- Reply: Ivan Medvedev [MS]: "Re: .NET CryptoAPITransform and KeyHandle interop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
