Re: HMAC TLS 1.0

From: John Banes [MS] (jbanes_at_online.microsoft.com)
Date: 01/09/04 

Date: Thu, 8 Jan 2004 19:53:49 -0800

The CryptoAPI interface isn't well suited for the complex sort of crypto
involved in performing TLS key derivation operations. In fact, I doubt that
it's possible short of using an "schannel" CSP.

Have you looked at using SSPI (InitializeSecurityContext, etc) for
performing TLS operations?

Regards,
John Banes
[Microsoft Security Developer]
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

"Bong Valdoz" <anonymous@discussions.microsoft.com> wrote in message
news:00fe01c3d4e3$4105cdf0$a001280a@phx.gbl...
> Hello Everyone!
>
> I'm currently developing a TLS 1.0 module using CryptoAPI.
> However, I'm having difficulty in setting the keys for
> the HMAC hash algorithm.
>
> The TLS specification mentions the PRF function which
> does the following:
> 1. Divide the pre-master secret key into two, S1
> (first half) and S2 (second half).
> 2. Use S1 to compute the HMAC of a chunk of data
> using MD5 algorithm.
> 3. Use S2 to compute the HMAC of the same chunk
> of data but this time using SHA-1.
> 4. Get the result from XORing the result of #2
> with the result of #3.
>
> The problem with #1 is, how can I divide the keys handled
> by HCRYPTKEY into two?
>
> And suppose that I have a plain text form of the pre-
> master secret key (64 bytes or longer),
> and I was able to divide them into two halves, how then
> can I insert each half of plain text keys
> into an HCRYPTKEY data type?
>
> Can anybody please enlighten me with my problem?
> Any kind of help will be appreciated.
>
> Thank you!
>
> Bong

Relevant Pages

  • RE: Thanks and a follow-up question on private keys
    ... Basically keys are stored within Crypto Service Providers. ... CSP stores keys is CSP implementation dependant and of course possibly ... to request authentication before exercising the private keys and may never ... CryptoAPI through the same interface. ...
    (Focus-Microsoft)
  • Re: AT_SIGNATURE
    ... They refer to MS properties associated with RSA keypairs in CryptoAPI keycontainers. ... They are used within CryptoAPI by applications to control what keys can/can't do. ... the private key has their keypair marked as SIGNATURE or EXCHANGE. ...
    (microsoft.public.platformsdk.security)
  • Re: OpenNETCF Cryptography questions - using RSA for licensing strategy
    ... that is in bits (not characters). ... the CryptoAPI on some CE devices will support 16K bit key sizes ... ... >keys, in which case I think generating 1024 character keys would be very ... >> public and private keys are just long numbers, ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Encrypton/decryption Keys
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > use somwhere in the structure of CryptoAPI. ... > Is there a way to keep these keys secret and not allow other application ...
    (microsoft.public.security)