cryptoapi

I am using WinVerifyTrust to verify the validity of some Windows executables with the following function, called in a loop from _tmain : int signature_is_valid(const wchar_t *filepath) { GUID guid = WINTRUST_ACTION_GENERIC_VERIFY_V2; WINTRUST_FILE_INFO file_info = { 0 }; WINTRUST_DATA wd; file_info.cbStruct = sizeof(file_info); file_info.pcwszFilePath = filepath; file_info.hFile = NULL; file_info.pgKnownSubject = NULL; ZeroMemory(&wd, sizeof(wd)); wd.cbStruct = sizeof(wd); wd.dwUIChoice = WTD_UI_NONE; wd.fdwRevocationChecks = WTD_REVOCATION_CHECK_NONE; wd.dwUnionChoice = WTD_CHOICE_FILE; wd

I'm trying to develop a license verification solution. Licenses are encoded on server using OpenSSL's RSA_private_encrypt function. For Mac OX X I use RSA_public_decrypt and it works like a charm. On Windows I must use very tiny bit of code, so I can not link with OpenSSL or other lib AND I have to use MS Crypto API. I have spent several days trying to figure out what is wrong, but with no luck. I can successfully import public key, but here my success ends. I'm aware that I need to reverse byte order with CAPI so this might not be the issue. I have tried everything, including

I'm trying to build a tool that will mass sign a bunch of files based on Kernel-Mode Code Signing requirements. I know that signtool can take an additional certificate for cross-signatures trust via the /ac argument, but have not been able to figure out how to do the same using SignerSign or SignerSignEx. I've even spied on signtool's API calls, and mirroring them does not seems to produce the same affect. Be aware, signtool or other command-line utilities cannot be used for this purpose due to project constraints. Is there any documentation or examples on how to accomplish this? Okay, after

I have a C# application which digitally signs data using RSA. The code is as follows: RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportCspBlob(privateKeyBlob); SHA1 sha1 = new SHA1CryptoServiceProvider(); sha1.ComputeHash(myData); byte[] signature = rsa.SignHash(sha1.Hash, CryptoConfig.MapNameToOID("SHA1")); I cannot verify the signature in C++. The code is as follows: HCRYPTPROV cryptProvider; CryptAcquireContext(&cryptProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); // PROV_RSA_SIG does not work HCRYPTKEY publicKey; CryptImportKey(cryptProvider, publicKeyBlob,

I'm trying to export certificate to pfx file. Here's what I do (simplified): h = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, CERT_STORE_CREATE_NEW_FLAG, NULL); p = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, CertBlob.pbData, CertBlob.cbData); CertSetCertificateContextProperty(p, CERT_KEY_PROV_HANDLE_PROP_ID, 0, &hPrivKey); CertAddCertificateContextToStore(h, p, CERT_STORE_ADD_ALWAYS, NULL); PFXExportCertStoreEx(h, &SomeBlob, L"", NULL, EXPORT_PRIVATE_KEYS); PFX created, no private key exported. Anyone ever exported private key to pfx? What's the proper way to

I am trying to port the AquaticPrime framework for Mac to Windows. On the Mac, it uses the opensll library, and I try to understand how to port this to Windows, where I have to use the CryptoAPI, I guess. I mainly need the code for validation of the generated signature with a given public key. Here's how verification is done with openssl: inputs: license data, public key and signature, both 128 bytes long. A SHA1 digest is calculated from the license data. A RSA context is set up with the public key data RSA_public_decrypt() is called, given the RSA key and the signature, which returns a 20

I am trying to encrypt in C++ using CryptoAPI and decrypt Java using SunJCE. I have gotten the RSA key to work -- and verified on a test string. However, my AES key is not working -- I get javax.crypto.BadPaddingException: Given final block not properly padded . C++ Encryption: // init and gen key HCRYPTPROV provider; CryptAcquireContext(&provider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT); // Use symmetric key encryption HCRYPTKEY sessionKey; DWORD exportKeyLen; CryptGenKey(provider, CALG_AES_128, CRYPT_EXPORTABLE, &sessionKey); // Export key BYTE exportKey[1024];

I am trying to generate digital signatures on Windows (from XP SP3, but currently testing with Windows 7) with CryptoAPI that will be compatible with the following openssl commands: openssl dgst -sha256 -sign <parameters> (for signing) openssl dgst -sha256 -verify <parameters> (for validation) I want to use a private key from the Windows "MY" keystore for signing. I managed to sign files using the SHA1 digest algorithm by using the following CryptoAPI functions (omitting parameters for brevity): CertOpenStore CertFindCertificateInStore CryptAcquireCertificatePrivateKey CryptCreateHash (with