cng | 易学教程

How do I use AES-GMAC with a secret in BCrypt?

阅读更多关于 How do I use AES-GMAC with a secret in BCrypt?

问题 I am trying to use AES-GMAC with BCrypt (Microsoft CNG if that helps) but the documentation seems contradictory to what I would expect. RFC 4543 states that AES-GMAC requires a secret key (which I was expecting), but BCryptCreateHash function states that pbSecret is not used unless the BCRYPT_ALG_HANDLE_HMAC is provided. I've tried using the BCRYPT_ALG_HANDLE_HMAC on BcryptOpenAlgorithmProvider and as I expected, I get a NOT_SUPPORTED when using BCRYPT_AES_GMAC_ALGORITHM with BCRYPT_ALG

Exporting shared secret as BYTE array from BCRYPT_SECRET_HANDLE

阅读更多关于 Exporting shared secret as BYTE array from BCRYPT_SECRET_HANDLE

问题 I'm implementing ECDHE using crypto next generation APIs (CNG). I generate public and private keys successfully. For pre-shared key, I use BCryptSecretAgreement API, which returns me the pre-shared key secret handle (BCRYPT_SECRET_HANDLE). How can I export the pre-shared key as BYTE array from the BCRYPT_SECRET_HANDLE? 回答1: Starting with Windows 10, you can call BCryptDeriveKey() with BCRYPT_KDF_RAW_SECRET . The resulting key data is the raw secret. Note 1: bcrypt.h indicates that this format

Microsoft CNG | How to import PEM encoded ECDSA private key into MS Key Storage Provider

阅读更多关于 Microsoft CNG | How to import PEM encoded ECDSA private key into MS Key Storage Provider

问题 I know the MS CNG private have this format - BCRYPT_ECCKEY_BLOB BYTE X[cbKey] // Big-endian. BYTE Y[cbKey] // Big-endian. BYTE d[cbKey] // Big-endian. Thus tried to import below key bytes - byte[] ec256PrivKB = { //Magic + CBLength 0x45, 0x43, 0x53, 0x31, 0x20, 0x00, 0x00, 0x00, //X 0xA7, 0xFB, 0xCD, 0x4D, 0x7E, 0x43, 0x6F, 0x22, 0xBD, 0x74, 0xFA, 0x1F, 0xD7, 0x10, 0xDB, 0x8C, 0xF8, 0x29, 0xC1, 0xEC, 0x5E, 0x15, 0x1E, 0xE2, 0x84, 0x56, 0x3E, 0x54, 0x6E, 0x1D, 0x5C, 0xF6, //Y 0x6B, 0x42, 0x21,

Import RSA CngKey and store in MicrosoftSoftwareKeyStorageProvider

阅读更多关于 Import RSA CngKey and store in MicrosoftSoftwareKeyStorageProvider

问题 I have an exported RSAParameters private key that I'd like to import into another machine. I can save new keys into the local machine or user containers, but I'm stuck trying to import an existing key. The code below will generate a new key pair, and I know I could just generate a new key directly into the container - but I want to be able to generate a single key and import that same key into a handful of different computers. How can I take either an RSAParameters or a string of XML (either

BCryptImportKeyPair returns STATUS_INVALID_PARAMETER when i try to import public key

阅读更多关于 BCryptImportKeyPair returns STATUS_INVALID_PARAMETER when i try to import public key

问题 I followed this example. I am trying to add the public key which i got from the server into the key Pair and I am getting STATUS_INVALID_PARAMETER. BCRYPT_DH_KEY_BLOB header; header.dwMagic = BCRYPT_DH_PUBLIC_MAGIC; header.cbKey = (ULONG)(pub_key.size()); cout << "header contents " << header.dwMagic << " : " << header.cbKey << endl; memcpy(&pubKeyBlobFromServer[0], &header, sizeof(BCRYPT_DH_KEY_BLOB)); // copy Public key cout << "size of pub_key " << pub_key.size() << endl; cout << "size of

CNG replacement for CryptQueryObject

阅读更多关于 CNG replacement for CryptQueryObject

问题 I'm interested in trying to read fields out of a digital signature. I have code that calls CryptQueryObject, then CryptMsgGetParam to get some fields and finally CertFindCertificateInStore to load the certificate. Any hints on how to do this using the Cryptography Next Generation APIs? Microsoft tells me CryptQueryObject is deprecated but doesn't point to its replacement. 来源： https://stackoverflow.com/questions/48198741/cng-replacement-for-cryptqueryobject

How to use a CNG (or AES-NI enabled instruction set) in .NET?

阅读更多关于 How to use a CNG (or AES-NI enabled instruction set) in .NET?

问题 I Currently perform a large amount of encryption/decryption of text in c# using AES. With a pure software system it can take quite a processor hit for a decent amount of time for the lots of datasets required to be decrypted. I know Intel have came out with their AES-NI instruction set and AMD has come out with similar. I'm using .NET 4.0, I know that the windows CNG framework makes use of these instruction sets, but it does not appear that AesManaged in the .NET world does the same. There is

Cannot export RSA private key parameters, the requested operation is not supported

阅读更多关于 Cannot export RSA private key parameters, the requested operation is not supported

问题 I have a certificate file provided by another party which I'm loading in my application and cannot export its private key parameters. It looks like the certificate is using CNG rather than CryptoAPI, so I can't access the private key directly, only with GetRSAPrivateKey() method. The method returns RSACngKey rather than RSACryptoServiceProvider which is a different implementation of RSA. The problem is that the returned key seems to be missing CngExportPolicies.AllowPlaintextExport in its

Random numbers for Windows Phone 8 and Windows Store 8?

阅读更多关于 Random numbers for Windows Phone 8 and Windows Store 8?

I'm struggling with a port of a couple of security libraries to the Windows Phone 8 and Windows Store 8 platform. I need a function which provides random numbers. Win32 has CryptGenRandom and even RtlGenRandom . Windows Store 10 and Universal Windows has BCryptGenRandom . However, there's a hole for Windows Phone 8 and Windows Store 8 because CryptoAPI is not available, and CNG is only available on Windows 10 and Universal Windows. The MSDN docs say BCryptGenRandom is available for "Windows Store", but they don't say its Windows Store 10 and UWP ( thanks CW ). The libraries are unmanaged C/C++

Cannot export RSA private key parameters, the requested operation is not supported

阅读更多关于 Cannot export RSA private key parameters, the requested operation is not supported

I have a certificate file provided by another party which I'm loading in my application and cannot export its private key parameters. It looks like the certificate is using CNG rather than CryptoAPI, so I can't access the private key directly, only with GetRSAPrivateKey() method. The method returns RSACngKey rather than RSACryptoServiceProvider which is a different implementation of RSA. The problem is that the returned key seems to be missing CngExportPolicies.AllowPlaintextExport in its export policies, and so I can't export RSA parameters from this certificate. I can reproduce the problem