Re: Can exchange key pair be exported and used on another machine?
- From: "Bogdan" <bogdan@xxxxxxxxxxx>
- Date: Tue, 17 Feb 2009 20:58:41 -0500
Mounir,
Specifying CRYPT_EXPORTABLE when generating the key and then exporting the
pair using PRIVATEKEYBLOB type will work for me. At this point I'm still
free to re-generate the exchange key.
Thanks,
Bogdan
"Mounir IDRASSI" <moonidra@xxxxxxxxxxxxxxxxx> wrote in message
news:F3B9227B-D139-45F0-9C32-6C686C668940@xxxxxxxxxxxxxxxx
Hi,
Did you specify the flag CRYPT_EXPORTABLE when you first generated the key
on your machine? If yes, then the key pair is exportable and you can
import
back to another machine. To do so, just call CryptExportKey and specify
PRIVATEKEYBLOB as dwBlobType. Use the returned data in a call to
CryptImportKey. Be aware that the private key data is not protected that
way
and it's your responsibility to ensure its confidentiality during its
transport.
If on the other hand you didn't specify the exportable flag during the key
pair generation, then you must go through a hack to achieve this. First,
you
must create a certificate associated with this key pair (the certificate
can
be self signed, so you can use CertCreateSelfSignCertificate for this) and
add it into the IE "My" certificate store (use
CertAddCertificateContextToStore ). Then, using the free tool JailBreak
(download link : http://www.isecpartners.com/files/jailbreak-3.2.zip),
export
a PFX file that will container the key pair and the dummy certificate. Use
this PFX file to import the key pair on the intended machines.
I hope this will give clues on how to proceed. Good luck.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"Bogdan" wrote:
Hi,
In the past I used Crypto API to generate exchange key pair on one
machine
and then send exported public key blob to other machines so they could
encrypt data and send it back to the machine where the key pair was
generated. Does anyone know if I can export the exchange key pair and
use
it on a machine other than the one that generated the pair?
I'd like to be able to decrypt data on multiple machines that operate in
a
safe and secure environment. For example, I'd like to create an exchange
key pair on machine A and then export it to machine B, C, and D. Then
I'd
like to send exported public key of the pair to remote machines w, x, y,
and
z. I'd like w, x, y, and z to send data encrypted using the public key
to
A, B, C, and D. A single remote machine should be able to send encrypted
data to any of the 'secure' machines. Is this possible? If not, is
there
another way of accomplishing it using Crypt API?
Thanks,
Bogdan
.
- References:
- Can exchange key pair be exported and used on another machine?
- From: Bogdan
- RE: Can exchange key pair be exported and used on another machine?
- From: Mounir IDRASSI
- Can exchange key pair be exported and used on another machine?
- Prev by Date: RE: Can exchange key pair be exported and used on another machine?
- Next by Date: Where can I download "Platform Builder SDK"?
- Previous by thread: RE: Can exchange key pair be exported and used on another machine?
- Next by thread: Where can I download "Platform Builder SDK"?
- Index(es):
Relevant Pages
|
Loading
