Re: CryptoAPI Hard Coding Keys, Help

You can use RSA, DH/DSA or ECDSA - but you should first check what Windows
versions you need to support. (I think elliptic curves are not supported by
older CAPI versions) RSA is the most commonly used. (Just make sure you use
at least 1024-bit modulus size)

Laszlo Elteto
SafeNet, Inc.

"Colin" wrote:

What algorithm should I choose so that I can create a public private key pair
that I can export?

"lelteto" wrote:

RC4 key is SECRET key. You cannot export it as PRIVATEKEYBLOB.

Laszlo Elteto
Saf4eNet, Inc.

"Colin" wrote:

I get an error NTE_BAD_KEY with the following code:

void TestCase3()
{
// Declare and initialize variables.
HCRYPTPROV hCryptProv;
HCRYPTKEY hKey;
HCRYPTKEY hXchgKey;
BYTE pbData[1000]; // 1000 will hold the longest
// key container name.
DWORD cbData;

char msg1[] = "fuzzy wuzzy was a bear";
BYTE pbData2[2048];
DWORD bufLen, bufLen2;
BOOL fSuccess;


// if( CryptAcquireContext( &hCryptProv, NULL, NULL, PROV_RSA_FULL, 0) ==
false )
if( CryptAcquireContext( &hCryptProv, TEXT("RtsKeys"), NULL, PROV_RSA_FULL,
0) == false )
{
if (GetLastError() == 0x80090016 )
{
printf(" The default key container does not exist.\n");
printf(" Create a default container and generate keys \n");
printf(" Using the code in \n");
printf(" Example C Program: Creating a Key Container and "
"Generating Keys \n");
printf(" Before running this program. \n");
if( CryptAcquireContext( &hCryptProv, TEXT("RtsKeys"), NULL,
PROV_RSA_FULL, CRYPT_NEWKEYSET ) == false )
{
printf( "Failed to create new key container\n" );
exit(0);
}
// exit(0);
}
else
{
MyHandleError("A general error running "
"CryptAcquireContext.");
}
}

//if ( CryptGetUserKey( hCryptProv, AT_KEYEXCHANGE, &hXchgKey) == false )
//{
// ReportWinError( TEXT("Error during CryptGetUserKey exchange key.")
);
// exit( 1 );
//}

if( CryptGenKey( hCryptProv, CALG_RC4, 0x00800000 | CRYPT_EXPORTABLE,
&hKey) == false )
// if( CryptGenKey( hCryptProv, CALG_RC4, 0x00800000 | CRYPT_ARCHIVABLE,
&hKey) == false )
{
ReportWinError( TEXT("Error during CryptGenKey. \n") );
exit( 1 );
}

bufLen = sizeof( pbData );
// if ( CryptExportKey( hKey, hXchgKey, PRIVATEKEYBLOB, 0, &pbData[0],
&bufLen ) == false )
if ( CryptExportKey( hKey, NULL, PRIVATEKEYBLOB, 0, &pbData[0], &bufLen
) == false )
{
ReportWinError( TEXT("Error exporting key.\n") );
exit( 1 );
}

bufLen2 = strlen( ( char* )pbData );
if ( bufLen2 == bufLen )
printf( "Exported key is in text form\n" );
else
printf( "Exported key is binary: buflen is %d and strlen is %d\n",
bufLen, bufLen2 );

CryptReleaseContext( hCryptProv, 0 );


}


"Mark Pryor" wrote:

On Fri, 22 Dec 2006 13:30:00 -0800, Colin wrote:

I am trying to create a license scheme for my application. Part of my
implementation requires that I generate keys then export them, and then hard
code those values in my applicaiton.

Now please, I don't need a discussion on wether I should do that or not.

I am trying to generate keys and then export them using CryptExportKey. I
am using the RSA provider. Does anyone have an example program I can use
that will generate RSA keys, then export the private and public keys so that
I can then re-import them on another computer and test that an application on
two computers can encrypt and decrypt a license string or some other
encrypted data I pass between them.

I have tried several different test apps, I have experienced several
different problems, but basically, I can not get CryptExportKey to work with
RSA keys.

Colin,

You can export the whole container at once -- that's both sides of the key
pair -- using CryptExportKey() with dwBlobType=PRIVATEKEYBLOB.

If your container has valid RSA keys in the first place, CryptExportKey
should easily work. Instead of asking for new sample code, why not try and
troubleshoot your current code. Post any errors and relevant snips.

--
Mark





.

Relevant Pages

  • Re: A question about modular exponentiation
    ... > One can also compute the private exponent in a slightly different way: ... > I ran tests on this, generating primes to produce RSA keys ... Therefore, d is inverse of e both for mod lambda, and for phi. ...
    (sci.crypt)
  • Re: SSH keys: RSA vs DSA
    ... >> Ssh protocol version 2 can use RSA as well as DSA keys. ... > DSA is an old and fairly weak encryption, ...
    (comp.os.linux.security)
  • Re: CryptoAPI Hard Coding Keys, Help
    ... HCRYPTPROV hCryptProv; ... // key container name. ... printf(" Create a default container and generate keys \n"); ... "Generating Keys \n"); ...
    (microsoft.public.platformsdk.security)
  • Re: newbie Qs about RSA, OAEP
    ... > Are there recommended minimum/maximum lengths for RSA keys? ... RSA block, you encrypt the message with a block cipher, and encrypt only ... each protocol has its own way of indicating length. ...
    (sci.crypt)
  • Re: RSA CryptoAPI storage bin problem(?)
    ... I forgot to mention that I also set PersistKeyInCsp to false when I ... create the RSACryptoServiceProvider class. ... > 100+ paired sets of RSA keys. ...
    (microsoft.public.dotnet.languages.csharp)