Stack Overflow
Stack Overflow

Questions tagged [cng]

CryptoAPI Next Generation (CNG) is the next version of the Windows CryptoAPI available since Vista. It adds NSA Suite B algoritms (including elliptic-curve cryptography) and is FIPS 140-2 certified.

256 questions
1
vote
1 answer

CryptAcquireCertificatePrivateKey Error:0x80090016 with custom Key Storage Provider

I'm develoving a custom CNG Key Storage Provider. It works fine with some applications like Chrome, but a third party application uses the CryptAcquireCertificatePrivateKey method with the certificate context causing a 0x80090016 without invoking…
Rafael Membrives
  • 614
  • 5
  • 14
1
vote
1 answer

Is it possible to derive a key from a shared secret (BCryptSecretAgreement) without exposing the derived key (using the TPM)?

From a high level, I'm trying to implement a ECDH key agreement scheme that results in the final ephemeral key being stored on the TPM. It seems that the bcrypt/ncrypt interfaces have almost everything that I need. I can perform the ECDH secret…
rkor
  • 63
  • 7
1
vote
0 answers

New-SelfSignedCertificate, TPM module and ECDSA_P384

I am attempting to create a self signed certificate with PowerShell and protect the private key with a TPM 2.0 module. I can create a cert backed by the TPM with : New-SelfSignedCertificate -Provider "Microsoft Platform Crypto Provider" -Subject…
Tuco
  • 43
  • 6
1
vote
0 answers

How to avoid NCrypt Pin prompt during Microsoft Schannel handshake having certificate with CNG key where PIN is already provided programmatically

I have client certificates created with CNG keys with provider "Microsoft Platform Key Provider". The CNG key has a password with strong key authentication using the CNG parameters NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG. I am trying to use the…
Chirantan Ghosh
  • 11
  • 2
1
vote
0 answers

How to acquire a valid CNG private key handle from a certificate

I am trying to acquire a CNG private key handle to sign data per a certificate. But I am struggling to get a valid key handle, in the first place. The certificate lookup via fingerprint is working. I am recieving the context of a self signed…
René Hoffmann
  • 2,766
  • 2
  • 20
  • 43
1
vote
0 answers

CNG/BCrypt/NCrypt Import a ephemeral AES key wrapped with a persistent RSA key

I will write some kind of security client/server pair: The server part provides wrapped AES keys. The client part, based on CNG win32 API (ncrypt.h+bcrypt.h), will request the server to send some keys (when needed). Here is my plan: On the client…
Captain'Flam
  • 479
  • 4
  • 12
1
vote
1 answer

PFXExportCertStoreEx API not exporting private key to PFX file

I am trying to create creating a pfx file using PFXExportCertStoreEx API for a self-signed certificate and its corresponding private key. Self-signed Certificate exporting to pfx but private key not exporting to a pfx file. I set the export policy…
Pavan
  • 507
  • 1
  • 3
  • 15
1
vote
1 answer

Cryptographic Provider Development Kit is not found

On this page https://learn.microsoft.com/en-us/windows/win32/seccng/cng-portal exists download link to Cryptographic Provider development kit what is broken for some time. " If you are developing a CNG cryptographic algorithm provider or key storage…
karlie
  • 11
  • 1
1
vote
0 answers

Using SignerSignEx2 with a CNG provider

We currently set the SignerSignEx2's SIGNER_PROVIDER_INFO to a suitable CSP, however, the docs say that CSPs are outdated and we're now using our vendor's CNG provider instead. We could migrate all our other usages, except the SignerSignEx2 call.…
D.R.
  • 20,268
  • 21
  • 102
  • 205
1
vote
1 answer

How to encrypt data using c# cng inside hsm using NeverExtractable key?

I use .net core 3.1 to encrypt passwords using NeverExtractable key from hsm(Securosys Primus HSM Key Storage Provider). Below is the code of what I am trying to do public byte[] EncryptPasswordWithProvider ( string…
Hanna Baryskina
  • 11
  • 2
1
vote
2 answers

RSACryptoServiceProvider vs RSACng

I have (non-exportable) keys which have been created using RSACryptoServiceProvider. I want to sign data using RSA-PSS (which is not RSACryptoServiceProvider). Therefore I want to obtain the same private key as an RSACng instance. I tried the…
D.R.
  • 20,268
  • 21
  • 102
  • 205
1
vote
0 answers

How to export EC private key as PKCS#1 or PKCS#8 format from certificate store by CNG?

I tried to export private key from certificate store by CNG API. It work fine when export RSA private key, but failed in EC private key. The code failed in NCryptExportKey() with 0x80090029. Is there any document from MS said: Export EC private key…
Assam
  • 179
  • 1
  • 13
1
vote
1 answer

Can you use System.Security.Cryptography.Cng.CngKey in an Azure App Service?

I would like to use RSA-encryption, including key creation and management, in an Azure App Service written in C#. Is it possible to use System.Security.Cryptography.Cng for that purpose? I couldn't get it to work because CngKey.Create seems to…
Mo B.
  • 5,307
  • 3
  • 25
  • 42
1
vote
1 answer

Getting RSA private key with .NET Core

On .NET Core (3.1), on both Windows and Linux platforms, I want to decrypt a message using the private keys of X509Certificiate2 instances. The certificates are retreived from certificate store on Windows platform, and from PFX file on Linux…
Per Erik Gransøe
  • 479
  • 4
  • 15
1
vote
1 answer

Store Data in TPM using CNG NCryptOpenStorageProvider in Windows

I am trying to store the key in TPM using CNG NCryptOpenStorageProvide "MS_PLATFORM_CRYPTO_PROVIDER". Please any one help on How to use CNG functions for accessing TPM read and Write.
ganesh bamane
  • 23
  • 2
1 2 3
17 18