Stack Overflow
Stack Overflow

Questions tagged [cng]

CryptoAPI Next Generation (CNG) is the next version of the Windows CryptoAPI available since Vista. It adds NSA Suite B algoritms (including elliptic-curve cryptography) and is FIPS 140-2 certified.

256 questions
2
votes
1 answer

Using primitive function with key stored in Microsoft KSP

My question is about use case with CNG API and Microsoft providers. I don't write code sample because I ask for your help about the best way to use CNG API in my application compared to CSP API. I built an application which use symetric keys stored…
TheFrancisOne
  • 2,667
  • 9
  • 38
  • 58
2
votes
1 answer

Sign XML with ECDsa and SHA256 in .Net

I'm trying to use SignedXml in .Net with ECDsa (ECDsaCng) and SHA256 and I'm getting an "CryptographicException" with message "Failed to create signing key.". Does someone knows how to achieve that goal or if I should know relevant information about…
Alejandro Morán
  • 669
  • 1
  • 13
  • 36
2
votes
0 answers

MSCAPI : CNG and Security Descriptors

The Windows API provides ways to set security descriptors on objects (allowing the setup of Access Control Lists, for instance). Security Descriptors of cryptographic keys hosted by a Key Storage Provider (KSP) can be valued using the…
Edward Green
  • 39
  • 3
2
votes
0 answers

CNG (Cryptography Next Generation) Provider doesn't work under regular user account in Win7

I used an example of CNG provider from CSPDK to implement my own CNG Hash Provider. But as appeared when I use PKCS7 (Signed Message) WinApi functions CNG provider doesn't work. CryptMsgOpenToEncode function reports 0xC0000005 error, which appears…
Arty
  • 14,883
  • 6
  • 36
  • 69
2
votes
3 answers

Windows Phone ANID to ANID2 conversion on C#?

Windows Phone 7 had a anonymous user ID property called ANID. Windows Phone 8 has replaced that with ANID2. The difference is that ANID2 is dependent on the app's publisher ID. It's possible to convert ANID to ANID2 as the following code sample on…
Mikael Koskinen
  • 12,306
  • 5
  • 48
  • 63
2
votes
1 answer

Microsoft PlayReady DRM P160 Eliptical Curve Parameters

I am attempting to create the properly DER encoded ECC parameters for the custom Microsoft P160 PlayReady curve to feed into a HSM. I have found a few sources that specify the definition of the P160 curve since it is non-standard and custom. Below…
Benton
  • 196
  • 2
  • 7
2
votes
1 answer

How can I use ECDSA in C# with a key size of less than the built in minimum of 256-bits

I have a very limited channel within which to send messages and signatures, and have been indicated (over at https://crypto.stackexchange.com/questions/3075/asymmetric-algorithm-to-generate-compact-unique-messages-that-can-be-validated/) that ECDSA…
Kieran Benton
  • 8,739
  • 12
  • 53
  • 77
1
vote
1 answer

Problems using CNG and BCRYPT_KDF_SP80056A_CONCAT KDF

I am in the processing of implementing a CNG ECDH and then I am trying to use the BCRYPT_KDF_SP80056A_CONCAT KDF to derive a symmetric AES256 key (BCryptDeriveKey()). I am having a problem (i always get back 0xc000000d status returned.) i have…
Daniel Scire
  • 221
  • 1
  • 9
1
vote
0 answers

Private Key Doesn't Match X509 Certificate After Converting to CNG

I'm trying to use CNG through PInvoke to work with x509 certificates. My goal is to import a certificate with its private key, set the flag NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG(forces a password to be input when the key is accessed), and add the…
t.probst
  • 11
  • 4
1
vote
0 answers

What is the pkcs11 equivalent of NCryptSecretAgreement and NCryptDeriveKey functions

I have an application running on Linux which needs to generate derived key with ECDH. I get ephemeral public key and KDF parameter and need to return derived key data. This will be matched against secret and derived key generated on windows server…
chailatte
  • 11
  • 1
1
vote
0 answers

CNG: Get an ECC Private key blob in pkcs8 format with explicit domain parameters

I want to save an ECC Prvivate key in PKCS8 format but with explicit domain parameters instead of named curve parameters, which is what the code below does. CNG seems to give me the option of KeyFormat to be either PKCS8 (Pkcs8PrivateBlob) with…
tzippy
  • 6,458
  • 30
  • 82
  • 151
1
vote
0 answers

X509Certificate2 extension methods, issue with nCipher KSP

I'm having issues in acquiring private key handles when the key is backed by nCipher KSP. For example when calling cert.GetECDsaPrivateKey(); the call succeeds and the key is usable, however this call generates 5 (five) entries in Windows…
Crypt32
  • 12,850
  • 2
  • 41
  • 70
1
vote
0 answers

CryptQueryObject / CryptDecryptMessage extremely slow for large files/blobs

I am trying to decrypt a p7m attachment using CryptQueryObject / CryptDecryptMessage functions. For large files (30Mb) each call can take up to 30 seconds to execute. Outlook itself has no problem opening an encrypted message and showing its…
Dmitry Streblechenko
  • 62,942
  • 4
  • 53
  • 78
1
vote
0 answers

Importing key pair using Windows CNG API

Using the windows-rs crate, I'm trying to import an RSA key pair as a BCRYPT_RSAFULLPRIVATE_BLOB following these instructions: https://learn.microsoft.com/en-us/windows/win32/seccng/key-import-and-export To import a persisted key: Create a…
Geob-o-matic
  • 5,940
  • 4
  • 35
  • 41
1
vote
0 answers

Access keys for Local Machine from Microsoft KSP

The below powershell command correctly lists all the keys for my local machine store: certutil -csp "Microsoft Software Key Storage Provider" -key However, I am not able to do the same through C++ code using NCryptOpenStorageProvider and…
Amal Jesudas
  • 43
  • 7
1 2 3
17 18