RE: Cannot decrypt files encrypted using Crypto API on a different
- From: vishalchowdhary <vishalchowdhary@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Jan 2009 11:21:04 -0800
Hi,
Let me take a moment in here and explain u the business requirement.
We have a desktop application which is used by many clients. We generate
some binary files within the application and then we need to encrypt them and
send it over to the clients (we don't know anything about their public key).
The reason for sending files this way is that we don't want dishonest clients
to open the binary files since it is worth tens of thousands of dollars. So
they can only view the binary files from the application which must
internally decrypt the files. This whole process should be transparent to the
client.
Can you suggest something now?
Thanks,
Vishal
"lelteto" wrote:
Depends on HOW you want to get the decryption key on the second computer. Did.
you export the encryption key (on the first computer) using the second
computer's public key? Here is how normally you do this:
1. On the second computer create a permanent container (CrytpAcquireContext
with CRYPT_NEWKEYSET and with a unique container name)
2. create a private/public key pair (CryptGenKey with AT_KEYEXCHANGE).
3. export the public key into a blob (CryptExportKey; hKey is what you get
from step 2, hExpKey is NULL, blob type is PUBLICKEYBLOB) and send this blob
to the other computer
4. on the first computer start a temp sesssion (CryptAcquireContext with
CRYPT_VERIFYCONTEXT)
5. generate a session key (CryptGenKey with algo preferably AES)
6. encrypt your data with this key (CryptEncypt)
7. import the other computer's public key (CryptImportKey, hPubKey NULL,
blob is what you got from step 3)
8. export the session key (protected by the other computer's public key:
CryptExportKey with hkey = key from step 5, hExpKey = key from step 7, blob
type = SIMPLEBLOB)
9. send the encrypted data AND the blob from step 8 to the other computer
10. On the second computer open the container of your private / public key
pair (CryptAcquireContext)
11. get your key pair (CryptGetUserKey with AT_KEYEXCHANGE)
12. import the session key (CryptImportKey with blob from step 8, and
hPubKey is the key handle from step 11)
13. Now you can decrypt the data with the key you got in step 12
Hope this helps,
Laszlo Elteto
SafeNet, Inc.
"vishalchowdhary" wrote:
Hi,
I'm new to the Crypto API and used it to encrypt a bunch of files. The
decryption works fine on my machine. However, when I try to decrypt the
encrypted files on a different machine, I get the error code 8009000d for
CryptImportKey()
Can anyone please help me?
Thanks,
Vishal
- Follow-Ups:
- References:
- Cannot decrypt files encrypted using Crypto API on a different mac
- From: vishalchowdhary
- RE: Cannot decrypt files encrypted using Crypto API on a different mac
- From: lelteto
- Cannot decrypt files encrypted using Crypto API on a different mac
- Prev by Date: RE: Cannot decrypt files encrypted using Crypto API on a different mac
- Next by Date: Re: How to securely store a password on a PC
- Previous by thread: RE: Cannot decrypt files encrypted using Crypto API on a different mac
- Next by thread: RE: Cannot decrypt files encrypted using Crypto API on a different
- Index(es):
Relevant Pages
|
