Need help with cryptography
-
I have a few questions on the following cryptography functions. 1)
BOOL WINAPI CryptGenKey(
_In_ HCRYPTPROV hProv,
_In_ ALG_ID Algid,
_In_ DWORD dwFlags,
_Out_ HCRYPTKEY *phKey
);This is supposed to generate a private/public key pair, which is maintained between sessions. Q: What is the effect of repetitive calls to this function? For example, I decide to change the key length, and generate a call with a different dwFlags value. What happens to the old key pair? Does it get overwritten? Or does each new call generate a new key pair? 2)
BOOL WINAPI CryptGetUserKey(
_In_ HCRYPTPROV hProv,
_In_ DWORD dwKeySpec,
_Out_ HCRYPTKEY *phUserKey
);MSDN: “The CryptGetUserKey function retrieves a handle of one of a user's two public/private key pairs.” Q: which one? MSDN: “dwKeySpec [in] Identifies the private key to use from the key container.” In this example, MSDN says
// Get the public at signature key. This is the public key
// that will be used by the receiver of the hash to verify
// the signature. In situations where the receiver could obtain the
// sender's public key from a certificate, this step would not be
// needed.
if(CryptGetUserKey(
hProv,
AT_SIGNATURE,
&hKey))
{Q: So how does one retrieve the public key, and how does one get the private key? 3)
BOOL WINAPI CryptDestroyKey(
_In_ HCRYPTKEY hKey
);MSDN: “However, the underlying public/private key pair is not destroyed by this function. Only the handle is destroyed.” Q: How can the public/private key pair be destroyed? Thank you!
-
I have a few questions on the following cryptography functions. 1)
BOOL WINAPI CryptGenKey(
_In_ HCRYPTPROV hProv,
_In_ ALG_ID Algid,
_In_ DWORD dwFlags,
_Out_ HCRYPTKEY *phKey
);This is supposed to generate a private/public key pair, which is maintained between sessions. Q: What is the effect of repetitive calls to this function? For example, I decide to change the key length, and generate a call with a different dwFlags value. What happens to the old key pair? Does it get overwritten? Or does each new call generate a new key pair? 2)
BOOL WINAPI CryptGetUserKey(
_In_ HCRYPTPROV hProv,
_In_ DWORD dwKeySpec,
_Out_ HCRYPTKEY *phUserKey
);MSDN: “The CryptGetUserKey function retrieves a handle of one of a user's two public/private key pairs.” Q: which one? MSDN: “dwKeySpec [in] Identifies the private key to use from the key container.” In this example, MSDN says
// Get the public at signature key. This is the public key
// that will be used by the receiver of the hash to verify
// the signature. In situations where the receiver could obtain the
// sender's public key from a certificate, this step would not be
// needed.
if(CryptGetUserKey(
hProv,
AT_SIGNATURE,
&hKey))
{Q: So how does one retrieve the public key, and how does one get the private key? 3)
BOOL WINAPI CryptDestroyKey(
_In_ HCRYPTKEY hKey
);MSDN: “However, the underlying public/private key pair is not destroyed by this function. Only the handle is destroyed.” Q: How can the public/private key pair be destroyed? Thank you!
Hi,
SMD111 wrote:
Q: What is the effect of repetitive calls to this function? For example, I decide to change the key length, and generate a call with a different dwFlags value. What happens to the old key pair? Does it get overwritten? Or does each new call generate a new key pair?
Each call generates a new key pair. Each key remains valid until you call the CryptDestroyKey function or until you reboot. If you wanted to save the key... you could export it or save it into the certificate store.
SMD111 wrote:
MSDN: “The CryptGetUserKey function retrieves a handle of one of a user's two public/private key pairs.” Q: which one?
There is no default for zero-value. You would probably get a ERROR_INVALID_PARAMETER error if you pass zero. You would need to specify either AT_KEYEXCHANGE or AT_SIGNATURE. Currently defined as integers 1 and 2.
SMD111 wrote:
Q: So how does one retrieve the public key, and how does one get the private key?
See the previous response. You would need to pass AT_KEYEXCHANGE or AT_SIGNATURE. Note that AT_SIGNATURE keys can be used to sign and AT_KEYEXCHANGE keys can be use both to sign and decrypt.
SMD111 wrote:
Q: How can the public/private key pair be destroyed?
The question is either unclear or nonsensical. When you call CryptDestroyKey the handle to an internal object is securely deleted. It is up to you to securely delete your own application memory and destroy any exported keys and/or remove keys from the certificate store or on disk. One last thing... while working internally on an operating system service I discovered multiple failures... including a race condition within the old Crypt32 Cryptography Functions. Our team moved to the 'Cryptography Next Generation' and all issues were resolved. Best Wishes, -David Delaune