Confused by CryptoAPI

I have been looking at the CryptoAPI for a while and remain a little
confused as to how it all plugs together. Basically, what I want to do
is:

1. Client asks in clear for a public key from server, and server sends
it
2. Client generates a symmetric key on a client, encrypts it with a
public key and send this to the server.
3. The server decrypts this, and signs the key with the private key,
and sends it back to the client.
4. The client verifies the signature.
5. Now client and server communicate over the symmetric key generated
in 2 above.

This seems pretty straightforward to me, however, the CryptoAPI seems
like a maze of complicated options. The functions I need are:

Generate a public key
CryptGenKey I believe
Get a clear representation of the key that can be loaded on the client
end
Seems to be CryptExportKey but not sure
Generate a symmetric key
CryptGenKey I think, but how does this differ from generating an
asymmetric key?
Encrypt data with a public key
CryptEncrypt I think, but I am not sure if it uses the symmetric key
or the asymmetric key
Sign data with private key
CryptSignHash
Verify data with public key
CryptVerifySignature
Encrypt and decrypt with symmetric key.
Again, not sure, is this CryptEncrpyt and CryptDecrypt -- which key
does it use?

Where my confusion is, is that the API seems to put asymmetric and
symmetric keys into one function, and I am not sure what does which.
For example, when I call CryptEncrypt does it encrypt with the
symmetric key or the public key? When looking at the service provider
types, each one specifies both asymmetric crypto and symmetric. Which
does it use?

MY head hurts, any help would be much appreciated.

.

Relevant Pages

  • [Full-disclosure] [GOATSE SECURITY] Clench: Goatses way to say "screw you" to certificate author
    ... Application layer authentication-inherent validation of public key ... Goatse Security’s new simple password-based authentication mechanism ... getting hundreds of thousands or millions of users to install a client ... client hashes locally and then sends the hash to the server. ...
    (Full-Disclosure)
  • Re: Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • [NT] Dark Age of Camelot Man-In-The-Middle
    ... use of RSA public key cryptography and an RC4 based symmetric algorithm. ... Seeing the imminent release of code for cracking the game client (which ... At the beginning of each TCP session, the server sends a 1536 bit RSA ... void bytes_out(unsigned char *data, int len) ...
    (Securiteam)
  • Re: Debian SSH server configuration
    ... I would like to configure a Debian server to only allow clients to ssh ... I don't want any client computers to be able to ssh into ... It sounds like what you are asking for is host based authentication, ... where the server check to make sure that it has the host public key ...
    (Debian-User)
  • Re: Basics of key authentication
    ... The public key gets copied to the server, ... and the client decrypts it with its private key to prove he is who he ... and the digital signature to the server. ...
    (comp.security.ssh)