个人中心
gpt4 book ai didi

c++ - 使用 CNG 存储功能将持久 key 导入 Windows key 存储

转载 作者:行者123 更新时间:2023-12-02 10:25:36 28 4
gpt4 key购买 nike

我正在尝试将持久性 RSA 公钥导入 key 存储。我在 CNG help page 上阅读私钥是可能的,我想知道我是否也可以申请公钥(特别是 BCRYPT_RSAPUBLIC_BLOB)。我尝试使用以下代码,但在导入部分,当我调用 NCryptSetProperty 将公共(public) blob 设置为属性时,我得到“错误 0x80090029”,这是 NTE 错误数据。无法调试此功能失败的原因。

NCRYPT_PROV_HANDLE providerHandle = NULL;
NCRYPT_KEY_HANDLE keyHandle = NULL;
NTSTATUS status = STATUS_UNSUCCESSFUL;
PBYTE blob = NULL;
DWORD blob_len = 0;

///////////////////Export Test (extract key from storage)///////////////////////////

// Open handle to the Key Storage Provider
if(FAILED(status = NCryptOpenStorageProvider(
    &providerHandle,            //OUT: provider handle
    MS_KEY_STORAGE_PROVIDER,    //IN: Microsoft key storage provider
    0)))                        //IN: dwFlags (unused)
{
    //report fail
}

// Open key in the Key Storage Provider
if (FAILED(status = NCryptOpenKey(
    providerHandle,
    &keyHandle,
    keyName.c_str(),
    0,
    0)))
{
    //report fail
}

// (2 step key extraction process) 1. Get size of key
if (FAILED(status = NCryptExportKey(
    keyHandle,              //IN: Handle of the key to export
    NULL,                   //IN(opt): key used to encrypt exported BLOB data   <-- potentially an safer way for key extraction, encrypt it with a key during extraction (decrypt with NCryptDecrypt)
    BCRYPT_RSAPUBLIC_BLOB,  //IN: BLOB type (https://msdn.microsoft.com/en-us/library/windows/desktop/aa376263%28v=vs.85%29.aspx)
    NULL,                   //IN(opt): List of paramters for the key
    NULL,                   //OUT(opt): Output byte buffer
    0,                      //IN:  Size of the output buffer
    &blob_len,              //OUT: Amount of bytes copied to the output buffer
    0)))                    //IN: Flag to modify function behaviour (0 means no flag set)
{
    //report fail
}

// Allocate data blob to store key in
blob = (PBYTE)malloc(blob_len); 
if (NULL == blob) {
    //report fail
}

// (2 step key extraction process) 2. Get key and store in byte array (Extracted key is in form of BCRYPT_RSAKEY_BLOB)
if (FAILED(status = NCryptExportKey(
    keyHandle,
    NULL,
    BCRYPT_RSAPUBLIC_BLOB,
    NULL,
    blob,
    blob_len,
    &blob_len,
    0)))
{
    //report fail
}


///////////////Import Test (Store into storage)//////////////////////////////////////////////

// Create a persisted key
if(FAILED(status = NCryptCreatePersistedKey(
    providerHandle,             //IN: provider handle
    &keyHandle,                 //OUT: Handle to key
    NCRYPT_RSA_ALGORITHM,       //IN: CNG Algorithm Identifiers. NCRYPT_RSA_ALGORITHM creates public key
    keyName.c_str(),            //IN: Key name. If NULL, the key does not persist 
    0,                          //IN: Key type
    NCRYPT_OVERWRITE_KEY_FLAG)))//IN: Behaviour: 0 - apply to current user only, NCRYPT_MACHINE_KEY_FLAG - apply to local comp only, NCRYPT_OVERWRITE_KEY_FLAG - overwrite existing key
{
    //report fail
}

// Set the size of the key
if(FAILED(status = NCryptSetProperty(
    keyHandle,                          //IN: Handle to key
    BCRYPT_RSAPUBLIC_BLOB,              //IN: CNG Algorithm Identifiers. BCRYPT_RSAPUBLIC_BLOB allows me to use set this blob as the new key's blob
    blob,                               //IN: Key name. If NULL, the key does not persist 
    blob_len,                           //IN: Key Length
    0)))                                //IN: Bahaviour: 0 - apply to current user only, NCRYPT_MACHINE_KEY_FLAG - apply to local comp only, NCRYPT_OVERWRITE_KEY_FLAG - overwrite existing key
{
    //report fail <<-------------------------- Fail here
}

// Finalize key generation (Key is now usable, but uneditable) 
if(FAILED(status = NCryptFinalizeKey(keyHandle, 0)))            {
    //report fail
}
////////////////////////////////////////////////////////////////////////

最佳答案

在创建非对称 key 时,可以设置的属性之一是 NCRYPT_EXPORT_POLICY_PROPERTY。我用它来控制是否可以读取私有(private)。

//... after NCryptCreatePersistedKey()

    DWORD export_policy = NCRYPT_ALLOW_EXPORT_FLAG | NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;

    if(FAILED(status = NCryptSetProperty(
        keyHandle,
        NCRYPT_EXPORT_POLICY_PROPERTY,
        (PBYTE)&export_policy,  
        static_cast<DWORD>(sizeof(DWORD)),
        NCRYPT_PERSIST_FLAG | NCRYPT_SILENT_FLAG)))
    {
        //report error
    }

//... before NCryptFinalizeKey()

属性在此处定义。
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376242(v=vs.85).aspx

关于c++ - 使用 CNG 存储功能将持久 key 导入 Windows key 存储,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30125416/

28 4 0
文章推荐: c# - 在 Windows 音频混音器(C# 或 C++)中显示 Audio Session
文章推荐: c++ - VTK + Cmake-> USE_VTK_RENDERING错误
文章推荐: c++ - 在 lxml2 中找不到 -lz 库
文章推荐: delphi - TMemoryStream.ReadBuffer引发访问冲突异常
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com