Re: CryptAPI(encryption/decryption)
- From: "Dylan DSilva \(MS\)" <ddsilva@xxxxxxxxxxxxx>
- Date: Thu, 14 Jun 2007 15:38:56 -0700
I'm not entirely clear what you mean by "primary key". It seems that in your
scenario B isn't using this primary key for decryption. Also make sure that
the same options are used for encryption and decryption.
A common method used to send encrypted data is described here
http://msdn2.microsoft.com/en-us/library/ms884369.aspx. In short A (sender)
generates a symmetric session key (e.g. AES, DES key) which is used to
encrypt the data. A encrypts this session key with B's public key and sends
it along with the encrypted data. B uses his private key to decrypt the
session key and then uses this session key to decrpt the data. This method
is preferred over using the public/private key pair on the data directly
since symmetric encryption is faster than public key encryption.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.
"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CCBCA988-E696-47DB-9899-5255F8780C9E@xxxxxxxxxxxxxxxx
Hi DSilva.
Thanks for your valid feedback on my doubts.
As per your reply I could get the handle of the private key.
But while decrypting the data its saying BAD_DATA.
what can be the reason?
Since I an a newbie I'm trying to understand the concepts.
person A encrypted some data using his primary key and B's Public key. Is
it
possible for B to decrypt the data using his Private Key. I have the
encrypted data and the .pfx file containing the B's private key.
Regards,
S. Kumar.
"Dylan DSilva (MS)" wrote:
<Common reply to both posts>
The PFX format encrypts the private key with the user supplied password
so
exchanging private keys using this format is as safe as using the PEM
format. I would highly recommend using it since you've been having a lot
of
trouble with the conversion. This can be done by combining the .cer and
.pem
files into a PFX with OpenSSL on the server (with the command line
pkcs12 -export -in <CER file> -inkey <PEM file> -out <PFX file>)
transferring the PFX file over to the device and then importing it and
getting a handle to the key.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.
"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A493FBFB-14D9-4240-AF44-71D7D2EECF24@xxxxxxxxxxxxxxxx
Hi DSilva
Thanks for the valid information. I tried with a sample .pfx file and
its
getting the handle of the private key. But actually I need to import
the
pem
format private key into the CSP. The private key is available in the
server
and I have to use this private key to decrypt the encrypted data that
is
encrypted using its Public key. I got a tool named "pvktool" which
saying
it
will convert to PRIVATEKEYBLOB but while importing its saying bad data.
Is
there any alternative way to do this or its compulsary that we have to
use
.pfx(pkcs#12) formats for windows mobile. Hope its not a good practice
to
keep the private keys in server as .pfx format. so we are trying to use
.pem
format.
Thanks again
S.Kumar
"Dylan DSilva (MS)" wrote:
To answer your question - Yes, a PFX file will allow you to import
both
the
certificate and the associated private key.
To get a handle to the private key after importing the PFX file you
will
need to locate the certificate in the store using the
CertFindCertificateInStore API and then get access to the private key
by
calling the CryptAcquireCertificatePrivateKey API followed by the
CryptGetUserKey API.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.
"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:426E69EC-624C-4DF7-941E-4E2C6850301C@xxxxxxxxxxxxxxxx
Hi Dsilva,
Thanks again. Thanks for your valid information.
I got one tool but its in JAVA. I don't have any idea about it.
I'm trying to understand the basics of these public key and
Certificate.
I tried using the openssl library, tried to import the .pvk file
after
converitn with pvktool but noting is working for me. I'm in total
mess.
I
understood your reply to make the blob in the format given. I'm in
the
R&D
of
how to make it.
One another doubt. If I use a PFX file instead of PEM can I import
the
private key?
I can import the PFX file using PFXImportCertStore(). Now I don't
know
how
to proceed. Can you give some suggestion
Thanks
S.Kumar
"Dylan DSilva (MS)" wrote:
Yes, the PEM format is Base64 encoded and may additionally be
encrypted
with
a symmetric cipher (AES, 3DES etc.). In addition to decoding it to
unencrypted binary, you would need to create the PRIVATEKEYBLOB
structure
with the fields described in
http://msdn2.microsoft.com:80/en-us/library/ms884374.aspx. Only a
PRIVATEKEYBLOB can be imported into a Microsoft CSP. As I mentioned
in
my
earlier post, you should be able to find tools that support this
conversion.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All
rights
reserved.
"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8B841E0-5299-4D5F-B619-EE6F7FF02B2D@xxxxxxxxxxxxxxxx
Thanks DSilva,
I like to get little more details.
Is the PEM format is in base64 coded? If I convert the PEM to
binary,
can
I
load it into Microsoft CSP's?
Thanks in advance
S.Kumar.
"Dylan DSilva (MS)" wrote:
Unfortunately the Microsoft CSPs do not support importing keys
in
pem
format. You would need to convert your key to the blob format
described
in
http://msdn2.microsoft.com/en-us/library/ms884374.aspx (I
believe
there
are
tools out on the internet that let you do this) or use a custom
CSP
that
supports keys in pem format.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers
no
rights.
You assume all risk for your use. © Microsoft Corporation. All
rights
reserved.
"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D1B60822-0411-4666-8263-B58B2ECAF340@xxxxxxxxxxxxxxxx
Hi All,
I'm facing a problem in encryption decryption.
I have the privatekey in pem format.
How can I import this into CSP and decrypt the data which is
encrypted
using
public key.
I tried using CryptImportKey () but no success.
Thanks
.
- Follow-Ups:
- Re: CryptAPI(encryption/decryption)
- From: S.Kumar
- Re: CryptAPI(encryption/decryption)
- References:
- Re: CryptAPI(encryption/decryption)
- From: Dylan DSilva \(MS\)
- Re: CryptAPI(encryption/decryption)
- From: S.Kumar
- Re: CryptAPI(encryption/decryption)
- From: Dylan DSilva \(MS\)
- Re: CryptAPI(encryption/decryption)
- From: S.Kumar
- Re: CryptAPI(encryption/decryption)
- From: Dylan DSilva \(MS\)
- Re: CryptAPI(encryption/decryption)
- From: S.Kumar
- Re: CryptAPI(encryption/decryption)
- Prev by Date: Re: Set input mode programmatically
- Next by Date: Porting a WinXP-DLL to WinCe
- Previous by thread: Re: CryptAPI(encryption/decryption)
- Next by thread: Re: CryptAPI(encryption/decryption)
- Index(es):
Relevant Pages
|
