RE: export keys



is this->m_hCryptProvider == hProv? You need a context returned from
CryptAcquireContext with a container which already have the key pair.
Alternatively, if you only have the public key, you would
1. CryptAcquireContext(CRYPT_VERIFYCONTEXT) => hProv
2. CryptImportKey(hProv, public key blob) => hXchgKey
(and in this case, of course, you don't need CryptGetUserKey because you
already have the key handle from CryptImportKey)

Laszlo Elteto
SafeNet, Inc.

"mohitanchlia@xxxxxxxxx" wrote:

I generate keys using following function:

//
*******************************************************************************
// Key & Password member functions
//
*******************************************************************************
HCRYPTKEY CEncrypt::GetKeyFromHashedPassword(HCRYPTPROV hProv, LPSTR
pPassword)
{
HCRYPTKEY hKey = (HCRYPTKEY)NULL;
HCRYPTKEY hHash;

// Create a hash object.
if (::CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
{
// Hash in the password data.
if (::CryptHashData(hHash, (PBYTE)pPassword, strlen(pPassword), 0))
{
// Derive a session key from the hash object.
if (!::CryptDeriveKey(hProv, ENCRYPT_ALGORITHM, hHash, 0, &hKey))
{
hKey = (HCRYPTKEY)NULL;
}
}
}

// Destroy the hash object.
::CryptDestroyHash(hHash);

// return hashed key
return(hKey);
}

---
ENCRYPT_ALGORITHM is RC4. I am trying to export the keys to a file
using following function:

int CEncrypt::PutKeyBlobToFile(FILE * hDestination, HCRYPTKEY hKey)
{
HCRYPTKEY hXchgKey = 0;
PBYTE pbKeyBlob = NULL;
DWORD dwKeyBlobLen;
int iReturnCode = ENCRYPT_SUCCESS;

// Get handle to key exchange public key.
if(!::CryptGetUserKey(this->m_hCryptProvider, AT_KEYEXCHANGE,
&hXchgKey))
{
iReturnCode = ENCRYPT_CRYPTAPIERROR;
this->m_dwLastError = GetLastError();
WhatIsError(TRUE, 0, "CryptGetUserKey Error");
goto done;
}

// Determine size of the key blob and allocate memory.
if(!::CryptExportKey(hKey, hXchgKey, SIMPLEBLOB, 0, NULL,
&dwKeyBlobLen))
{
iReturnCode = ENCRYPT_CRYPTAPIERROR;
this->m_dwLastError = GetLastError();
WhatIsError(TRUE, 0, "Error computing blob length");
goto done;
}
pbKeyBlob = new BYTE [dwKeyBlobLen + 1];
if (pbKeyBlob == NULL)
{
iReturnCode = ENCRYPT_RESOURCEERROR;
this->m_dwLastError = GetLastError();
WhatIsError(TRUE, 0, "Error out of memory");
goto done;
}

// Export session key into a simple key blob.
if(!::CryptExportKey(hKey, hXchgKey, SIMPLEBLOB, 0, pbKeyBlob,
&dwKeyBlobLen))
{
iReturnCode = ENCRYPT_CRYPTAPIERROR;
this->m_dwLastError = GetLastError();
WhatIsError(TRUE, 0, "CryptExportKey Error");
goto done;
}


// Write size of key blob to destination file.
fwrite(&dwKeyBlobLen, sizeof(DWORD), 1, hDestination);
if(ferror(hDestination))
{
iReturnCode = ENCRYPT_RESOURCEERROR;
this->m_dwLastError = GetLastError();
WhatIsError(TRUE, 0, "Error writing header");
goto done;
}

// Write key blob to destination file.
fwrite(pbKeyBlob, 1, dwKeyBlobLen, hDestination);
if(ferror(hDestination))
{
iReturnCode = ENCRYPT_RESOURCEERROR;
this->m_dwLastError = GetLastError();
WhatIsError(TRUE, 0, "Error writing header");
goto done;
}

done:
// Release key exchange key handle.
::CryptDestroyKey(hXchgKey);

// Free memory.
if(pbKeyBlob)
delete [] pbKeyBlob;

return(iReturnCode);
}
----
But I get an "Unknown Error" in CryptGetUserKey. How can I export the
key ? I need to export the key so that I can use it in openssl command
line or java program. I am stuck at this point. I need to get this
working so that I can decrypt files on UNIX box.

.



Relevant Pages

  • export keys
    ... HCRYPTKEY CEncrypt::GetKeyFromHashedPassword(HCRYPTPROV hProv, LPSTR ... iReturnCode = ENCRYPT_CRYPTAPIERROR; ... goto done; ... // Determine size of the key blob and allocate memory. ...
    (microsoft.public.platformsdk.security)
  • Re: export keys
    ... HCRYPTKEY CEncrypt::GetKeyFromHashedPassword(HCRYPTPROV hProv, LPSTR ... DWORD dwKeyBlobLen; ... iReturnCode = ENCRYPT_CRYPTAPIERROR; ... goto done; ...
    (microsoft.public.platformsdk.security)
  • RE: CryptExportKey() NTE_BAD_KEY (80090003) error
    ... goto Exit_MyDecryptFile; ... TEXT("The publickey file, %s, is open. ... // Allocate a buffer for the public key BLOB. ... // Determine the number of bytes to decrypt at a time. ...
    (microsoft.public.platformsdk.security)
  • Re: export keys
    ...    DWORD dwKeyBlobLen; ... But I get an "Unknown Error" in CryptGetUserKey. ... goto done; ... iReturnCode = ENCRYPT_CRYPTAPIERROR; ...
    (microsoft.public.platformsdk.security)
  • Re: export keys
    ... You cannot create signing or key-exchange key PAIRS using CryptDeriveKey. ... iReturnCode = ENCRYPT_CRYPTAPIERROR; ... WhatIsError(TRUE, 0, "CryptGetUserKey Error"); ... goto done; ...
    (microsoft.public.platformsdk.security)