RSACng and CngKeyBlobFormat import and export formats
来源: https://stackoverflow.com/questions/51535018/rsacng-and-cngkeyblobformat-import-and-export-formats
cng
Export CngKey in PKCS8 with encryption c#
来源: https://stackoverflow.com/questions/44305299/export-cngkey-in-pkcs8-with-encryption-c-sharp
Different label and MGF1 hash functions using RsaCng with OAEP
问题 We've to decrypt a ciphertext encrypted using RSA OAEP and we're trying to use RsaCng. The ciphertext was produced using Java, and the Java API allows you to specify a different hash function for the label and for the mask generation function (MGF1). In this specific case, SHA-256 was used in the first case and SHA-1 in the second (yes, not a good idea but we have no control over this). Now, from what I understand using RsaCng I can only specify one hash function (using RSAEncryptionPadding
How to convert CNG key to OpenSSL EVP_PKEY (and vice versa)?
问题 I am writing a custom OpenSSL engine using Windows CNG API. While implementing the EVP_PKEY_meths to generate and use ECDH keys, I came across the issue of converting keys from OpenSSL EVP_PKEY to CNG BCRYPT_KEY and vice versa. I am facing this scenario while implementing the Keygen and Derive functions. Is there any easy way to perform these conversions? 回答1: I've only done this with RSA private keys, but I assume that other types (e.g. ECC) would follow the same principal of exporting the
How to export EC private key as PKCS#1 or PKCS#8 format from certificate store by CNG?
问题 I tried to export private key from certificate store by CNG API. It work fine when export RSA private key, but failed in EC private key. The code failed in NCryptExportKey() with 0x80090029 . Is there any document from MS said: Export EC private key not support? or any sample code? Here is my code: NCRYPT_KEY_HANDLE hKey = NULL; SECURITY_STATUS secStatus = ERROR_SUCCESS; NTSTATUS status = STATUS_UNSUCCESSFUL; DWORD dwKeySpec, cbData = 0, cbBlob = 0, KeyPolicy = 0; PBYTE pbHash = NULL, pbBlob
关于下一代加密技术 (CNG) 之RSA Cng的应用探索(一)
公共网络(如 Internet)不提供实体间安全通信的方法。 这种网络上的通信容易被未经授权的第三方读取甚至修改。 加密这些信息有助于防止他人查看数据,它提供了检测数据是否已被修改的方式,同时有助于在非安全信道上提供安全的通信方式。 例如,可以使用加密算法对数据进行加密,在加密状态下传输数据,然后由预定的接收方对数据进行解密。 如果第三方截获了加密的数据,解密数据是很困难和费时的。 在 .NET Framework 中,System.Security.Cryptography 命名空间中的类为您提供并管理了可用于加密的许多细节。 有一些是非托管 Microsoft Cryptography API (CryptoAPI) 的包装,而另一些则是纯粹的托管实现。 要使用这些类,我们可以在不必成为加密方面的专家。 当我们需要创建其中一个加密算法类的新实例时,将自动生成密钥以便于使用,并且默认属性总是尽可能地安全可靠。 现在我们试着简要介绍 .NET Framework 支持的加密方法和惯例,其中包括 .NET Framework 3.5 版中引入的 ClickOnce 清单、Suite B 以及下一代加密技术 (CNG) 支持。 本概述包含以下几节: 加密基元 私钥加密 公钥加密 数字签名 哈希值 随机数生成 下一代加密技术 (CNG) 类 等。 而对于下一代加密技术(CNG)类
What are the actual formats supported by CngKeyBlobFormat?
问题 The Microsoft pages provide "minimal" information about the formats that can be used by CngKey.Import. Which actual formats are actually represented by the following CngKeyBlobFormat properties? EccPrivateBlob EccPublicBlob GenericPrivateBlob GenericPublicBlob OpaqueTransportBlob Pkcs8PrivateBlob Only the PKCS#8 private key format hints slightly about the format of the key, but it doesn't specify if the private key needs to be wrapped or if just the inner PKCS#8 structure is accepted. The
How to write a KSP to hook up into KERB_CERTIFICATE_LOGON
问题 Hi all I've written a custom credentialprovider that works fine when using username/password as credential, the password is transferred via bluetooth. After all it was not that difficult as the documentation tells you what interfaces to implement. Now I want to change the credentials to use certificates instead. I see that I should use the KERB_CERTIFICATE_LOGON structure for this. Diving deeper into the topic I found that I should implement a custom key storage provider as described in this
How to deal with plaintext keys using CNG?
问题 I have a set of predefined plaintext keys that I use for symmetric encryption/decryption. These keys are used for encrypted communication with hardware devices connected to a PC. I would like to use a CNG key storage provider to securely store these keys. Encryption and decryption must be done outside of CNG. I only need a secure place where to store and from where to retrieve my predefined plaintext keys. The last days I studied the CNG functions reference but couldn't find any way to import
How to deal with plaintext keys using CNG?
问题 I have a set of predefined plaintext keys that I use for symmetric encryption/decryption. These keys are used for encrypted communication with hardware devices connected to a PC. I would like to use a CNG key storage provider to securely store these keys. Encryption and decryption must be done outside of CNG. I only need a secure place where to store and from where to retrieve my predefined plaintext keys. The last days I studied the CNG functions reference but couldn't find any way to import