Stack Overflow
Stack Overflow

Questions tagged [cng]

CryptoAPI Next Generation (CNG) is the next version of the Windows CryptoAPI available since Vista. It adds NSA Suite B algoritms (including elliptic-curve cryptography) and is FIPS 140-2 certified.

256 questions
3
votes
1 answer

CryptoNG: Exporting RSA key with BCryptExportKey fails with STATUS_INVALID_HANDLE

Using the Cryptography Next Generation API (aka CryptoAPI Next Generation, aka CryptoNG, aka Cng, aka BestCrypt, aka bcrypt), i'm trying to export a newly generated RSA private key pair: Edit: Shorter code version: BCRYPT_ALG_HANDLE…
Ian Boyd
  • 246,734
  • 253
  • 869
  • 1,219
3
votes
2 answers

TPM Owner password and lockout password with Windows 10 & linux

I've setup a dual boot so I have windows 10 and ubuntu. Following steps on this page I'm able to retrieve the lockout password and the owner password of my TPM in the windows 10 registry. Result looks like this…
b3nj1
  • 667
  • 1
  • 6
  • 17
3
votes
0 answers

Porting code from CryptoAPI to CNG

I started writing code in CryptoAPI in unmananaged C++ to: Create private keys Create self signed certificate (CA) Create CSRs Process CSRs and sign with private CA to make certificates So most of the PKI...CryptoAPI is being depreciated so now I…
Timothy John Laird
  • 1,101
  • 2
  • 13
  • 24
3
votes
3 answers

C# - Trying to create a CngKey from a .p8 file with import method, throwing error "An error occurred during encode or decode operation."

I'm trying to generate a JWT token using Jose.JWT.encode(payload, secretKey, JwsAlgorithm.ES256, header) (see https://github.com/dvsekhvalnov/jose-jwt) to use with Apple's new token-based APNs system. The JWT encode method requires the secretKey to…
Helen
  • 727
  • 8
  • 13
3
votes
1 answer

Access to the private key of CNG certificate from .NET 4.6 - GetCngPrivateKey not found

I need access to the private key of CNG certificate from .NET 4.6. In the docs I found extension method GetCngPrivateKey but this method is not available for me in Visual Studio 2015. Maybe this method was removed from last release of .NET…
jan
  • 31
  • 2
3
votes
1 answer

Does WCF in .NET 4.6.2 support server certificates with PK in CNG KSP?

On Windows, a TLS server certificate (which sits in a certificate store) comes with a private key (PK) which sits either in a CSP keystore or CNG keystore. Where the PK ends up, can be specified when importing the certificate (that is, on recent…
Jirka Hanika
  • 13,301
  • 3
  • 46
  • 75
3
votes
1 answer

Export CngKey in PKCS8 with encryption c#

How can I export CngKey to PKCS#8 with encryption? static void Main(string[] args) { CngKeyCreationParameters ckcParams = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.AllowExport, …
Rowan Smith
  • 1,815
  • 15
  • 29
3
votes
1 answer

Import RSA CngKey and store in MicrosoftSoftwareKeyStorageProvider

I have an exported RSAParameters private key that I'd like to import into another machine. I can save new keys into the local machine or user containers, but I'm stuck trying to import an existing key. The code below will generate a new key pair,…
J. Allen
  • 602
  • 1
  • 7
  • 24
3
votes
4 answers

DPAPI NG - NCryptProtectSecret returns NTE_ENCRYPTION_FAILURE

I am trying to encrypt data using DPAPI-NG but it fails on execution of NCryptProtectSecret, it returns: 0x80090034 (NTE_ENCRYPTION_FAILURE) I have created NCryptCreateProtectionDescriptor with local user…
Zeljko
  • 250
  • 1
  • 2
  • 12
3
votes
4 answers

Exporting shared secret as BYTE array from BCRYPT_SECRET_HANDLE

I'm implementing ECDHE using crypto next generation APIs (CNG). I generate public and private keys successfully. For pre-shared key, I use BCryptSecretAgreement API, which returns me the pre-shared key secret handle (BCRYPT_SECRET_HANDLE). How can…
Ahsan Younis
  • 41
  • 5
3
votes
1 answer

Compare 2 secrets in constant time using Windows crypto API

Using the Windows cryptography API, how do I compare two byte arrays for equality in constant time? Edit: The length of the secret is fixed and is public knowledge.
Demi
  • 3,535
  • 5
  • 29
  • 45
3
votes
0 answers

Debugging Smart Card Minidriver

I'm currently working on a CNG Smart Card minidriver. To test some functionality I'd like to use makecert to import a Private Key into the Smart Card. Unfortunately for every change I make I have to copy my minidriver.dll to the system32 directory.…
dominik
  • 1,319
  • 13
  • 23
3
votes
1 answer

Load certificate keys into CngKey class for use with DiffieHellman (ECDiffieHellmanCng class)

This is related to .NET / C#. Lets assume there is a certificate + private key (P521 ECC one) inside a PFX or a PKCS#12 file. We have loaded this certificate and it's private key into the Windows certificate store by installing it (either double…
DeepSpace101
  • 13,110
  • 9
  • 77
  • 127
2
votes
0 answers

How can I detect at compile time in VS2008 whether I am building on an XP or Windows 7 machine

I have an application that includes some CNG (Bcrypt.dll) code. I want to be able to build my app on windows 7 and have the bcrypt funcitonality compile and run, but I want to "skip" it if I am building on a windows XP machine (at compile time) (i…
Daniel Scire
  • 221
  • 1
  • 9
2
votes
1 answer

Windows CNG custom key storage provider

How to register a custom key storage provider in CNG with its own key BLOB format, etc? What I really want to do is to provide an ability to handle a custom CNG key BLOB format in .NET. I've read in CNG docs that it provides a way to add third-party…
wilkexx
  • 113
  • 1
  • 7
1 2 3
17 18