Re: More CryptImportKey/NTE_BAD_KEY issues

From: Valery Pryamikov (valery_at_harper.no)
Date: 07/27/05


Date: Wed, 27 Jul 2005 09:41:03 +0200

Hi,
Sounds like you are using SIMPLEBLOB for your CryptExport/ImportKey (is it
correct?) .
If I'm wrong with my guess, then you can skip reading the rest of my post.
But if my guess is right, then the problem is that your "hardcoded master"
key is apparently a public key that correspond to private key stored on
computer A in a key container that you are opening with CryptAcquireContext
(I suspect you are using default container i.e. NULL in pszContainer
parameter).
Computer B has apparently different keypair in that key container and
attempt to import SIMPLEBLOB fails.
Check following msdn link for description of how you can exchange session
keys with CAPI:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/manual_session_key_exchanges.asp

(watch for line breaks)
-Valery.
http://www.harper.no/valery

"Cale" <Cale@discussions.microsoft.com> wrote in message
news:A65CACBC-9122-4BAD-B8DF-AF2253DE03BB@microsoft.com...
>I have a problem where I've created and stored a key through one machine,
>and
> I'm now trying to import that key on another machine. All of the code
> works
> fine on the first, but on the second I receive the NTE_BAD_KEY error.
>
> Or at least I assume so, as GetLastError shows me a code of 80090003,
> which
> is supposed to be the NTE_BAD_KEY error even though the CryptImportKey
> documentation does not show that as a possible error.
>
> I am using a hardcoded master key to export a 3DES encryption key into a
> file, which is then read to provide the encryption/decryption key for my
> application. Again, all of this code works fine on machine A but fails on
> machine B during the CryptImportKey routine.
>
> CryptAcquireContext works just fine on machine B, and the hardcoded master
> key imports without errors, and that machine can generate and export its
> own
> encryption keys with that master key, yet it still fails on the
> CryptImportKey routine even on keys that it generated itself.
>
> Further, I can take a key that was created and exported on machine B and
> get
> machine A to import it without problems. Both machines are running
> Windows
> 2000 professional and both have SP4 installed.
>
> What could be causing machine B to fail on the CryptImportKey routine even
> with keys that it generated itself?