cng

问题 I'm trying to sign a file with ECDSA using the CNG API and a certificate from the Microsoft Certificate Store. I've read through a lot of documentation and and near done but I get hung up on importing the private key from the certificate. I've done this very same thing with RSA but it appears to be done very differently. Here's the code I have so far: static void signFile() { X509Certificate2 myCert = selectCert(StoreName.My, StoreLocation.CurrentUser, "Select a Certificate", "Please select a

问题 I'm struggling with a port of a couple of security libraries to the Windows Phone 8 and Windows Store 8 platform. I need a function which provides random numbers. Win32 has CryptGenRandom and even RtlGenRandom . Windows Store 10 and Universal Windows has BCryptGenRandom . However, there's a hole for Windows Phone 8 and Windows Store 8 because CryptoAPI is not available, and CNG is only available on Windows 10 and Universal Windows. The MSDN docs say BCryptGenRandom is available for "Windows

问题 I'm struggling with a port of a couple of security libraries to the Windows Phone 8 and Windows Store 8 platform. I need a function which provides random numbers. Win32 has CryptGenRandom and even RtlGenRandom . Windows Store 10 and Universal Windows has BCryptGenRandom . However, there's a hole for Windows Phone 8 and Windows Store 8 because CryptoAPI is not available, and CNG is only available on Windows 10 and Universal Windows. The MSDN docs say BCryptGenRandom is available for "Windows

问题 If I have encrypted RSA key in PKCS#8, can I somehow import it to RSACng as CngKeyBlobFormat.Pkcs8PrivateBlob ? Or does this CngKeyBlobFormat.Pkcs8PrivateBlob just shows the CngKey that during import the key must be decoded from DER to get key parameters and then they are imported into RSACng , thus the answer is no? 回答1: CNG understands how to decrypt encrypted PKCS#8, but you need to give it a password. Since .NET doesn't ask you for the password (and it gets passed via a manner other than

问题 This may sound like a strange question, and it feels a bit bizarre that I actually have to ask this, but after spending a couple hours looking over the MSDN documentation for the bcrypt routines that were added in Vista, I've almost reached the conclusion that there is no actual bcrypt support! According to Wikipedia: bcrypt is an adaptive cryptographic hash function for passwords ... based on the Blowfish cipher ... Besides incorporating a salt to protect against rainbow table attacks,

问题 I'm trying to find a way to grant permissions for private key from powershell script. Certificate is stored in CNG. All ideas are welcome. 回答1: The answer above is technically correct however it did not help me when I was looking for the same thing because it fails to mention that you need to use assemblies loaded from the CLRSecurity project on codeplex https://clrsecurity.codeplex.com/. Here is an extract of how I achieved the same thing including loading the CLR Security assembly that you

问题 I am trying to export the keys from a new instance of a ECDiffieHellmanCng object so I can create an instance of it later with the same keys. But I am getting an error when trying to export it. //Create new ECDiffieHellmanCng which automatically creates new keys var ecdh = new ECDiffieHellmanCng(); //Export the keys var privateKey = ecdh.Key.Export(CngKeyBlobFormat.EccPrivateBlob); I am getting a CryptographicException when I call the Export method with the message " The requested operation

问题 I'm working under the VS2013 ARM Developer Prompt. I'm trying to use Microsoft's Cryptography Next Generation (CNG), but I'm experiencing some non-trivial problems. I'm trying to compile a simple test program: #include <windows.h> #include <bcrypt.h> int main(int argc, char* argv[]) { BCRYPT_ALG_HANDLE hProvider = NULL; NTSTATUS ret = BCryptOpenAlgorithmProvider(&hProvider, BCRYPT_RNG_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); if (!(BCRYPT_SUCCESS(ret))) { return -1; } unsigned char buffer[20];

问题 I have a PKCS #12 (PFX) file that is a certificate with CNG RSA key and want to export the private key. MIIJ4gIBAzCCCZ4GCSqGSIb3DQEHAaCCCY8EggmLMIIJhzCCBgAGCSqGSIb3DQEHAaCCBfEEggXtMII F6TCCBeUGCyqGSIb3DQEMCgECoIIE/CCBPowHAYKKoZIhvcNAQwBAzAOBAjBalb3hEiYXQICB9AEggT Y80gGrPwpOpwdA1V9f55nVex6JzumPGb000ePt4jilZ3ktcY9SaE9krxBycNzRVFRVosJOZfHby8u2z 8PDj0bCgNUOE1yU5Jzf5yDyq1bRyLSi4zpwPaN5zj3CsJ3zqhvzzSmTRW2S4zeT1CgjQnsPkRHOMluX 0b+qNo

问题 I have a PFX certificate with CNG key inside (KSP provider information is specified in the PFX). I can't find a way to import the certificate in .NET in the way that would allow private key export in plain text (MS-CAPI format). var cert = new X509Certificate2(pfxBytes,password,X509KeyStorageFlags.Exportable); then I use this handle to acquire private key context by calling CryptAcquireCertificatePrivateKey function with enabled flag to allow CNG keys. The call succeeds. When I call