Re: Problem with cryptoapi

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

One more question. Is the public key different for every user.

"Igor Tandetnik" <itandetnik@xxxxxxxx> wrote in message
news:eMZCMUmCHHA.3604@xxxxxxxxxxxxxxxxxxxxxxx
Ashwani <ashwani@xxxxxxxxxxxxxxx> wrote:
bCryptGen = CryptGenKey( m_hContext, enumAlgorithm, CRYPT_EXPORTABLE,
&hPrivateKey );

I don't know how FILE_ENCRYPT_ALGORITHM is defined, so I'm assuming you
are generating some kind of a session (symmetric cypher) key here. It is
misleading to call it hPrivateKey, since it's quite distinct from the
private key of a public/private key pair.

if( CryptGetUserKey(m_hContext, AT_KEYEXCHANGE, &hPublicKey ) )

Here you obtain the current user's public/private key pair. Again, it is
somewhat misleading to name the variable hPublicKey, since the handle
represents both keys, not just the public one.

if( CryptExportKey( hPrivateKey,
hPublicKey,
SIMPLEBLOB,
0, NULL,
lpdwBlobSize ))

If you read the documentation for CryptExportKey, you will find that the
second parameter is supposed to be "[t]he handle to a cryptographic key
of the _destination_ user" (emphasis mine). You are using the pair
belonging to the source user. That's why you can't decrypt on another
machine, but can on the same one.

CryptExportKey encrypts the session key with the public key of the key
pair, so the recepient must know the corresponding private key to
retrieve the session key. Which of course it doesn't, and mustn't
(otherwise it wouldn't be very private).
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925






.

Relevant Pages

  • Re: ssh pubkey validation
    ... there's a potential security breach. ... A public key is totally public, and is worthless to an attacker, so no ... private key is released. ... You are only able to decrypt that session key if you have the ...
    (uk.comp.os.linux)
  • Re: Problem with cryptoapi
    ... I have to get the public key of the destination system to ... Here you obtain the current user's public/private key pair. ... That's why you can't decrypt on another ... CryptExportKey encrypts the session key with the public key of the key ...
    (microsoft.public.vc.language)
  • RE: SN.EXE and Exported Public Keys
    ... public/private key pair against the public key that was extracted from the ... sn -p privatepair.snk publickey.snk - Extract only the public portion of the ... sn -tp publickey.snk - use SN.exe to display public key and public key token ...
    (microsoft.public.dotnet.framework)
  • RE: private key problem
    ... Your issued certificate contains your public key, ... The public/private key pair is created (in your ... The CA doesn't know the value of the requestor's private key, ...
    (microsoft.public.platformsdk.security)
  • RE: SN.EXE and Exported Public Keys
    ... Richard Blewett - DevelopMentor ... I thank you for your response, but it did not even address my original ... public/private key pair against the public key that was extracted from the ...
    (microsoft.public.dotnet.framework)