Re: Using CryptoAPI to do a DH key exchange with OpenSSL

Endianness aside, what about the blob header, etc.? After calling
CryptExportKey() I get 144 bytes. I'm expecting 128. I tried
discarding the first 16 bytes. But what do I do with the 128 bytes
returned from the other side. Calling CryptImportKey likely won't work
because it is expecting a blob in MS CryptoAPI format (whatever that
is). I saw some docs regarding PUBLICKEYBLOB, but not sure what to
enter for the headers. Then I started wondering how WinInet is able to
do a DH key exchange when doing an SSL connection to an OpenSSL server,
for example.

Ed

lelteto wrote:
The public key (blob) format in MS CAPI is completely different than in other
crypt libs. Moreover ENDIANNESS is different, too: CAPI uses little endian
byte order, other libs (Cryptoki, OpenSSL, etc) are using the big endian =
network byte order. You would need to convert between the two formats.

Laszlo Elteto
SafeNet, Inc.

"edchan" wrote:

Hi there,

I'm trying to perform a DH key exchange between 2 parties. I can do it
if both ends are using the same crypto lib. But if one end is MS
CryptoAPI and the other is say OpenSSL, then I have problems. OpenSSL
<-> RSA BSAFE is ok, as is any other combination of OpenSSL, RSA,
Certicom. It's only CryptoAPI that I am having problems. The problem
seems to lie in that when I export the public key using
CryptExportKey(), i am getting a PUBLICKEYBLOB of 16 bytes more than
the other end's public key. I figured this 16 bytes might be some blob
header, so I strip that out. But when I get the 128 byte public key
from the end and try to import that, I think the CryptImportKey is
expecting a blob with a header? Is that correct? So I tried setting
the same header from my public key blob to see what would happen. Of
course that didn't work.

Can anybody give me some info or point me to some docs about how to get
CryptoAPI to play nice with other libs for DH? Since the 3 other libs
I've tried seem to be inter-operable, I assume there is something
non-standard that CryptoAPI is doing? Or there is an additional step I
am missing?

Thanks,
Ed



.

Relevant Pages

  • Re: Using CryptoAPI to do a DH key exchange with OpenSSL
    ... I was just trying to see what's available in the DH key blob and in the DH ... That's all in the wincrypt.h header files. ... Maybe somebody from MS can give more info on the DH public key. ... But so far, CryptoAPI has gotten ...
    (microsoft.public.platformsdk.security)
  • Re: Using CryptoAPI to do a DH key exchange with OpenSSL
    ... a struct for the OpenSSL DH key blob format? ... But so far, CryptoAPI has gotten ... start to figure out what's the data difference between CAPI and OpenSSL ... the DH public key format in CAPI. ...
    (microsoft.public.platformsdk.security)
  • Re: Using CryptoAPI to do a DH key exchange with OpenSSL
    ... So I figured out the format. ... And the first 16 bytes is header info. ... to cryptoapi obviously doesn't include the blob header info. So I ... the DH public key format in CAPI. ...
    (microsoft.public.platformsdk.security)
  • Re: Using CryptoAPI to do a DH key exchange with OpenSSL
    ... But so far, CryptoAPI has gotten ... start to figure out what's the data difference between CAPI and OpenSSL ... to cryptoapi obviously doesn't include the blob header info. So I ... the DH public key format in CAPI. ...
    (microsoft.public.platformsdk.security)
  • Re: Using CryptoAPI to do a DH key exchange with OpenSSL
    ... a struct for the OpenSSL DH key blob format? ... But so far, CryptoAPI has gotten ... start to figure out what's the data difference between CAPI and OpenSSL ... the DH public key format in CAPI. ...
    (microsoft.public.platformsdk.security)