Re: Strange NTE_BAD_KEY returned from CryptDecrypt

From: greatx (x_at_greatx.net)
Date: 02/21/05 

Date: 20 Feb 2005 20:19:45 -0800

Could any one find the solution to this?

I am having the same problem.

Eugene Gershnik [SDK MVP] wrote:
> Hi,
>
> I have an x509 certificate, a piece of data and a signature for it
created
> with the certificate's private key (rsa over sha1). I have a problem
trying
> to validate the signature using CryptVerifySignature (which always
returns
> 'bad signature') so I decided to try to decrypt the signature to see
the
> hash. However CryptDecrypt always returns NTE_BAD_KEY. The
certificate is
> valid and the context returned by CertCreateCertificateContext is ok
since I
> validate it just before use. CryptImportPublicKeyInfoEx also has no
> problems. What am I doing wrong? The relevant part of the code is as
> follows. All the calls succeed except CryptDecrypt. I am on XP SP1.
>
> HCRYPTPROV hProv;
> PCCERT_CONTEXT pContext;
> HCRYPTKEY hCryptKey;
> PCERT_PUBLIC_KEY_INFO pPublicKey;
>
> bres = CryptAcquireContext(&hProv,
> 0,
> MS_ENHANCED_PROV,
> PROV_RSA_FULL,
> CRYPT_MACHINE_KEYSET |
> CRYPT_SILENT); /*I am doing it from a service*/
> if (!bres)
> goto cleanup;
>
> pContext = CertCreateCertificateContext(X509_ASN_ENCODING,
> (const BYTE *)pcertificate,
> cert_size);
> if (!pContext)
> goto cleanup;
>
> pPublicKey = &(pContext->pCertInfo->SubjectPublicKeyInfo);
>
> bres = CryptImportPublicKeyInfoEx(hProv,
> X509_ASN_ENCODING,
> pPublicKey,
> CALG_RSA_SIGN, /*I tried KEYX too and it didn't help */
> 0,
> 0,
> &hCryptKey);
> if (!bres)
> goto cleanup;
>
> bres = CryptDecrypt(hCryptKey,
> 0,
> TRUE,
> 0,
> (BYTE *)psignature,
> &signature_size);
>
>
> Thanks,
> Eugene

Relevant Pages

  • Re: Soft signatures
    ... now, digital signature, typically just represents that you (in ... For some time there were arguments that if a certificate contained the ... certificate with your public key and the non-repudiation flag in it. ... for a number of different business purposes. ...
    (sci.crypt)
  • Re: electronic signature in Microsoft Word
    ... you need a digital certificate. ... status bar with a tooltip that says "This document has been digitally ... Double-clicking the icon opens the Digital Signature dialog again. ... but be asked for a password before inserting ...
    (microsoft.public.word.docmanagement)
  • Re: Verifying a Signed Executable before running it on a remote machine.
    ... At the very top of the Digital Signature Details property dialog I see ... If I had hacked a certificate generator and entered your name ... Is there a way to verify the actual root ... > Therefore, technically, the signature and cert (according to default Microsoft Authenticode ...
    (microsoft.public.platformsdk.security)
  • RE: Signing before Encryption and Signing after Encryption
    ... verisign certificate calling myself Bill Gates. ... Electronic Communications Act, 2000 Germany Signature ... Norwich University program offers unparalleled Infosec management ... Planning, Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: Security flaw in how Outlook verifies digital signatures
    ... I use my own Verisign digital certificate to sign an email. ... I then alter the from in the email to make it appear from Microsoft. ... Microsoft, digitally signed, with a valid signature, but unfortunately he's ... certificate (if he had only used Mozilla or Outlook Express he'd see flags ...
    (microsoft.public.outlook)