2

I want to import session key and decrypt data in Windows CryptoAPI. The session key and encrypted data created by openssl commands.

On linux:

% openssl enc -e -aes-128-cbc -kfile randtxt -in text.txt -out text.enc -nosalt -p > session.dat

The session.dat looks like this:

key = 1234567890ABCDEF1234567890ABCDEF

iv = 0102030405060708090A0B0C0D0E0F00

I want to decrypt this data - in text.enc - in a Windows application.

How to import the session key using CryptImportKey (or otherwise) to decrypt the data?

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
user3794306
  • 43
  • 5
  • 1
    What is the code surrounding `CryptImportKey`, and what is the error returned from `CryptImportKey`? – jww Jul 01 '14 at 17:04

2 Answers2

2

There is a specific page on MSDN that explains how to import plain text keys. It uses CryptImportKey directly, but you may have a different configuration or context, so try and match it against the example.

It also tells you that it uses PLAINTEXTKEYBLOB but as I did not see any code reference to it, I'm not sure that this is true. The example is for a DES key.

To show how this can be done for AES keys, try this Q/A. Probably best to try and convert this code to AES-128 bit keys first.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • You're welcome, I've voted both the Q and the A from you up, so if you want to say thanks in Stackanese as well as in Japanese, you can vote up this answer :) – Maarten Bodewes Jul 02 '14 at 14:03
  • How do I vote up your answer? I try click left side ^, is this collect? – user3794306 Jul 02 '14 at 14:17
  • Click the ^ sign next to the total at the left of a question or - in this case - answer. Note that you need 15 points to upvote (but you should have 16 by now). Oh, and welcome to StackOverflow, thanks for sharing the code. – Maarten Bodewes Jul 02 '14 at 14:20
2

i could import session key like this.

BYTE pbBuffer[] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, 0x12, 0x34
    , 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
BYTE iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x0A
    , 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
HCRYPTPROV hProvider;
HCRYPTKEY hKey;

struct KEYBLOB {
    BLOBHEADER bh;
    DWORD dwKeyLen;
    BYTE bytes[16];
}blob;

blob.bh.bType = PLAINTEXTKEYBLOB;
blob.bh.reserved = 0;
blob.bh.bVersion = CUR_BLOB_VERSION;
blob.bh.aiKeyAlg = CALG_AES_128;
blob.dwKeyLen = 16;
memcpy(blob.bytes, pbBuffer, 16);


if (!CryptAcquireContext(&hProvider, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
    printf("CryptAcquireContext Error\n");
    return FALSE;
}

if (!CryptImportKey(hProvider, (BYTE*)&blob, sizeof(KEYBLOB), NULL, CRYPT_NO_SALT, &hKey)){
    printf("CryptImportKey Error\n");
    CryptReleaseContext(hProvider, 0);
    return FALSE;
}

if (!CryptSetKeyParam(hKey, KP_IV, iv, 0)){
    printf("CryptSetKeyParam2 Error\n");
    CryptDestroyKey(hKey);
    CryptReleaseContext(hProvider, 0);
    return FALSE;
}

BYTE pbDataBuff[1024 * 2 + 1];
DWORD dwSize, dwWritten;
HANDLE hEncryptFile, hDecryptFile;
BOOL bEnd;

hEncryptFile = CreateFile(_T("data.aes"), GENERIC_READ, FILE_SHARE_READ, NULL,
                OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
hDecryptFile = CreateFile(_T("outdata.txt"), GENERIC_WRITE, FILE_SHARE_READ, NULL,
    CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

while (1) {
    ReadFile(hEncryptFile, pbDataBuff, 1024 * 2, &dwSize, NULL);
    if (dwSize < 1024 * 2)
        bEnd = TRUE;
    else
        bEnd = FALSE;
    if (!CryptDecrypt(hKey, 0, bEnd, 0, pbDataBuff, &dwSize)) {
        printf("CryptDecrypt Error\n");
        CryptDestroyKey(hKey);
        CryptReleaseContext(hProvider, 0);
        CloseHandle(hEncryptFile);
        CloseHandle(hDecryptFile);
        return FALSE;
    }
    WriteFile(hDecryptFile, pbDataBuff, dwSize, &dwWritten, NULL);

    if (bEnd)
        break;
}
CryptDestroyKey(hKey);
CryptReleaseContext(hProvider, 0);
CloseHandle(hEncryptFile);
CloseHandle(hDecryptFile);
return TRUE;
user3794306
  • 43
  • 5