CryptoApi wrap and unwrap keys

Question

Is there a way to wrap or unwrap keys in CryptoApi? I tryed to set the key params CRYPT_IMPORT_KEY and CRYPT_EXPORT_KEY with the proper function, but I get the error "params undefined".

Other details: The program is written in C++, OS: Win7, IDE: Dev-C++ The main headers are windows.h and wincrypt.h.

When I compile, i get the error " CRYPT_EXPORT_KEY (or CRYPT_IMPORT_KEY) undeclared".

Code I wrote:

flags = CRYPT_ENCRYPT | CRYPT_EXPORTABLE | CRYPT_DECRYPT | CRYPT_EXPORT_KEY;
//set the above permission to the session key "dkey"    
CryptSetKeyParam(dKey,KP_PERMISSIONS,(BYTE*)&flags,0);

Update from the comments:

And it compiles! But the programs terminates with the error NTE_BAD_FLAGS. It is because of CRYPT_EXPORT_KEY flag!

What language? What library? What OS? Compiler Error or Linker Error or Runtime Error? Also show the code you tried. This is not a Text Message so feel free include relevant details. — user93353, Jun 30 '13 at 09:43
I tried the above code with & included and it compiles fine. — user93353, Jun 30 '13 at 10:53
Visual Studio 2010 - Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86 — user93353, Jun 30 '13 at 14:39
And it compiles! But the programs terminates with the error NTE_BAD_FLAGS. It is because of CRYPT_EXPORT_KEY flag! — andret8, Jul 02 '13 at 16:29
Based on the MSDN documentation, `CryptSetKeyParam` does not support the KP_PERMISSIONS flag, only `CryptGetKeyParam` does — Jack Lloyd, Jul 16 '18 at 22:43

user93353 · Accepted Answer · 2013-07-02T18:57:39.190

1

Check the docs - CryptSetKeyParam and CryptGetKeyParam

When you are using KP_PERMISSIONS, the valid set of flags are

CRYPT_ARCHIVE
CRYPT_DECRYPT
CRYPT_ENCRYPT
CRYPT_EXPORT
CRYPT_EXPORT_KEY
CRYPT_IMPORT_KEY
CRYPT_MAC
CRYPT_READ
CRYPT_WRITE

CRYPT_EXPORTABLE is not in this list.

If you check the docs for CryptGenKey, CRYPT_EXPORTABLE is a flag which you use while creating the key, so that it can be exported later. It's not required for CryptSetKeyParam.

edited Jul 02 '13 at 18:57

answered Jul 02 '13 at 18:50

user93353

13,733
8
60
122

that's right. CRYPT_EXPORTABLE is used during key generation. But anyway, without it, the program doesn't run! – andret8 Jul 02 '13 at 22:02
What do you mean 'does not run'? – user93353 Jul 03 '13 at 03:03
the program terminates with the error NTE_BAD_FLAGS (80090009)! The flag CRYPT_EXPORT_KEY is not recognised – andret8 Jul 03 '13 at 08:07
Is it the `CryptExportKey` call which fails - if yes - can you show your parameters to `CryptExportKey` – user93353 Jul 03 '13 at 08:55
`CryptExportKey` is a function, and at this point i think it plays the role of `CRYPT_EXPORT_KET`, which is a flag. The function works correctly. For example, i use `CryptExportKey(dKey,dKey,SYMMETRICWRAPKEYBLOB,0,keyBlob,&dwBlobLength))`. If I want to use 'dKey' to wrap keys, i can proceed in this way. – andret8 Jul 03 '13 at 09:14

CryptoApi wrap and unwrap keys

Update from the comments:

1 Answers1