I\'m trying to use the WinCrypt API in C++.
My application need to cipher, decipher, sign and verify files, and I know how to do that once I have the correct keys. B
A PEM private key can be imported into CAPI by using CryptDecodeObjectEx with PKCS_RSA_PRIVATE_KEY and then calling CryptImportKey.
I have written a sample that shows how to use a PEM encoded RSA private key for signing data using CAPI. Here is a link to it : http://www.idrix.fr/Root/Samples/capi_pem.cpp
I hope this will help.
I ran into this problem with an encrypted private key in PEM format. Here is the process I followed to decrypt and import it:
CryptStringToBinaryA
with CRYPT_STRING_BASE64HEADER
CryptDecodeObject
with PKCS_7_ASN_ENCODING
and PKCS_ENCRYPTED_PRIVATE_KEY_INFO
CryptDecodeObject
. You can find that code here.BCryptDeriveKeyPBKDF2
to derive the encryption key from the passwordBCryptDecrypt
to decrypt the private key using the symmetric key derived from the password.CryptDecodeObject
with PKCS_7_ASN_ENCODING
and PKCS_PRIVATE_KEY_INFO
CryptDecodeObject
with PKCS_7_ASN_ENCODING
and PKCS_RSA_PRIVATE_KEY
on the PrivateKey
data member produced in the previous step.The output of this last step is an RSA Private Key BLOB. This can be imported with BCryptImportKeyPair
and LEGACY_RSAPRIVATE_BLOB
. Again, code demonstrating all of this can be found here.