none
CRPInvitation

    Question

  • I am working on creating a network projector app on Windows 8.  I have all the WSDiscovery portion done.  My issue is that I am sent an "inviation" and I am not sure how to use the info to connect via rdp.  Below is the inviation I receive, does anyone have any documentation on the xml:

    <CRPInvitation Version='1.0' Secured='false'>    <Ticket>&lt;E&gt;&lt;A KH=&quot;2lcmM4/Lk/SWK+EKwPxNdMkNJAE=&quot; ID=&quot;xIYRyDFdC++APYRuB+YsiHsLk89AkSdETl5AqWuJjG9j774xCOij1ue5KiyfLbP6&quot;/&gt;&lt;C&gt;&lt;T ID=&quot;1&quot; SID=&quot;0&quot;&gt;&lt;L P=&quot;5363&quot; N=&quot;fe80::bd44:89c6:855b:b231%22&quot;/&gt;&lt;L P=&quot;5363&quot; N=&quot;10.2.1.146&quot;/&gt;&lt;/T&gt;&lt;/C&gt;&lt;/E&gt;
    </Ticket>    <Resolution Width='1280' Height='800' ColorDepth='32'/></CRPInvitation>


    Wednesday, May 29, 2013 4:51 PM

Answers

  • Hi,

    The following information describes how the security implementation should function for the network projector protocol, i.e. CRPInvitation with Secured=’true’.

    The server should calculate the signature and compare against the signature value extracted from the CRP Invitation.  If they match, then the connection should be accepted by the server.

    The signature is calculated as follows:

    1.       Trim any trailing whitespace from the connection string (ticket)
    2.       Acquire “MS_ENH_RSA_AES_PROV” Crypt context with “PROV_RSA_AES” provider - CryptAcquireContext
    3.       Create “CALG_SHA_256” hash object – CryptCreateHash
    4.       Add the connection string (ticket) to the hash – CryptHashData
    5.       Add the password string to the hash – CryptHashData
    6.       Retrieve the hashed data, “HP_HASHVAL” from the hash object – CryptGetHashParam
    7.       Convert the hashed data to a string, format %02x per byte

    Example:

    <CRPInvitation Version=’1.0’ Secured=’true’>

      <SecurityProtocol>Password</SecurityProtocol>

      <Ticket>

        <!-- Connection string -->

        &lt;E&gt;&lt;A KH=&quot;2lcmM4/Lk/SWK+EKwPxNdMkNJAE=&quot;ID=&quot;xIYRyDFdC++APYRuB+YsiHsLk89AkSdETl5AqWuJjG9j774xCOij1ue5KiyfLbP6&quot;/&gt;&lt;C&gt;&lt;T ID=&quot;1&quot; SID=&quot;0&quot;&gt;&lt;L P=&quot;5363&quot; N=&quot;fe80::bd44:89c6:855b:b231%22&quot;/&gt;&lt;LP=&quot;5363&quot; N=&quot;10.2.1.146&quot;/&gt;&lt;/T&gt;&lt;/C&gt;&lt;/E&gt;

      </Ticket>

      <Signature>

        <!-- SHA256 HASH of connection string (ticket) + password string -->

        <!-- Format: %02x, sample below -->

        0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20

      </Signature>

      <Resolution Width=’1280’ Height=’800’ ColorDepth=’32’/>

    </CRPInvitation>

    Thanks,

    Edgar

    Tuesday, August 06, 2013 8:12 PM
    Moderator
  • Hi,

    We have not heard from you and did not receive any email from you on this. I consider that you no longer needs any assistance from us concerning the informative algorithm we provided for the unsupported protocol scenario of Network projector.

    Regards,

    Edgar

    Saturday, October 26, 2013 5:46 AM
    Moderator

All replies

  • Hi BlackendNutria2

    Please share following additional details :

    1. Are you using any protocol specification listed here : http://msdn.microsoft.com/en-us/library/gg685446.aspx ? I searched protocol specifications and unable to find 'CRPInvitation' tag.

    2. Are you receiving this invitation from windows server or a 3rd party server ?

    Thanks


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team

    Wednesday, May 29, 2013 5:16 PM
  • I am setting up a network projector server and now I need to make it requires a password.  I had the protocol before but currently I can not find it.
    Tuesday, July 02, 2013 8:14 PM
  • Hello BlackendNutria2

    As requested, we will be requiring specification name to ensure it falls under our scope. Here is the list of specifications we support :  http://msdn.microsoft.com/en-us/library/gg685446.aspx

    Thanks.


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team

    Wednesday, July 03, 2013 4:30 PM
  • I am using the protocol [MS-RAI]: Remote Assistance Initiation Protocol (http://msdn.microsoft.com/en-us/library/cc240115.aspx)

    What I am trying to do is create a network projector "server", something that will connect to the client and get its screen.  I have it working if I do not require a password, however when I make the connection secure then clients are unable to connect to my network projector.  How does the password get sent over?  How does one decrypt the value in Remote Assistance Connection String 2 value ID - Authstring Indentifier?

    Monday, July 15, 2013 9:01 PM
  • Hello BlackendNutria2

    Thank you for the information. A support engineer will be in touch to assist further. In the meantime, please see if information in windows note <18>, http://msdn.microsoft.com/en-us/library/90b2d2e5-7931-4762-8949-04617e1d9089#id18, helps.

    Thanks. 


    Tarun Chopra | Escalation Engineer | Open Specifications Support Team

    Monday, July 15, 2013 10:14 PM
  • Thanks for the info, that has some of the information I need.  There is other info I need as well.

    To get the key to use to decrypt it states to use MS-ENH_RSA_AES_PROV, since I am using C# it appears I can use PasswordDeriveBytes.CryptDeriveKey to get the key.

    I have the following code:

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, null);
     byte[] iv = new byte[] { 0, 0, 0, 0, 0,0,0,0 };

     byte[] key = pdb.CryptDeriveKey("RC2", "SHA1", 128, iv);

    What is needed for the IV?  Also, on the Remote Assistance Connection String 2 that I get it contains a Signature node, what does this represent?  

    Thanks.

    Tuesday, July 16, 2013 6:18 PM
  • Hi,

    I will review this and follow up.

    Thanks,

    Edgar

    Tuesday, July 16, 2013 9:40 PM
    Moderator
  • Edgar - Any update on this?
    Thursday, July 18, 2013 5:49 PM
  • Hi,

    The initialization vector is 16 bytes (all null), as per the standard block size for AES in CBC mode.

    It is important to note that the legacy Network Projector protocol is deprecated.

    The product team is recommending you look into implementing Miracast support for the projector instead. This is more current and the protocol is published at wi-fi.org:  

    Wi-Fi Display Technical Specification

    http://www.wi-fi.org/knowledge-center/published-specifications

    Do you have any interest in current protocols or are you committed to the previous legacy protocol?

    Thanks,

    Edgar

    Thursday, July 25, 2013 2:57 AM
    Moderator
  • Edgar  -Thanks for getting back with me.  We are supporting Miracast as well, however it is only in Windows 8.1 so everything before hand has Network Projector.

    I have everything working with Network Projector except requiring a password.  I set the Secured to 1 in the SOAP messages and it prompts me for a password.  I type in the password and I consistently get a disconnect from the Remote Machine.  I am trying to find documentation on how network projector uses the password from its dialog and I can not seem to find any.  What info is needed to send in the connection sequence in order to use the Secured functionality of Network Projector?

    Monday, July 29, 2013 6:01 PM
  • Hi,

    The legacy network projector protocol was originally intended to be used between a Windows Embedded CE-based Windows Network Projector and a Windows client-based PC (starting from Vista client).

    If you would like to discuss this in further details, please send an email to dochelp (at) Microsoft (dot) com and mention this thread.

     

    References:

    Windows Network Projector Architecture (Windows Embedded CE 6.0)

    http://msdn.microsoft.com/en-us/library/ee480317.aspx

    Communication Between a Windows Network Projector and Windows-based PC (Windows Embedded CE 6.0)

    http://msdn.microsoft.com/en-US/library/ee480853.aspx

    Developing a Windows Network Projector (Windows Embedded CE 6.0)

    http://msdn.microsoft.com/en-us/library/ee480414.aspx

    Windows Network Projector Design Template (Windows Embedded CE 6.0)

    http://msdn.microsoft.com/en-us/library/ee482529.aspx

    Thanks,

    Edgar

    Thursday, August 01, 2013 5:03 PM
    Moderator
  • Hi,

    The following information describes how the security implementation should function for the network projector protocol, i.e. CRPInvitation with Secured=’true’.

    The server should calculate the signature and compare against the signature value extracted from the CRP Invitation.  If they match, then the connection should be accepted by the server.

    The signature is calculated as follows:

    1.       Trim any trailing whitespace from the connection string (ticket)
    2.       Acquire “MS_ENH_RSA_AES_PROV” Crypt context with “PROV_RSA_AES” provider - CryptAcquireContext
    3.       Create “CALG_SHA_256” hash object – CryptCreateHash
    4.       Add the connection string (ticket) to the hash – CryptHashData
    5.       Add the password string to the hash – CryptHashData
    6.       Retrieve the hashed data, “HP_HASHVAL” from the hash object – CryptGetHashParam
    7.       Convert the hashed data to a string, format %02x per byte

    Example:

    <CRPInvitation Version=’1.0’ Secured=’true’>

      <SecurityProtocol>Password</SecurityProtocol>

      <Ticket>

        <!-- Connection string -->

        &lt;E&gt;&lt;A KH=&quot;2lcmM4/Lk/SWK+EKwPxNdMkNJAE=&quot;ID=&quot;xIYRyDFdC++APYRuB+YsiHsLk89AkSdETl5AqWuJjG9j774xCOij1ue5KiyfLbP6&quot;/&gt;&lt;C&gt;&lt;T ID=&quot;1&quot; SID=&quot;0&quot;&gt;&lt;L P=&quot;5363&quot; N=&quot;fe80::bd44:89c6:855b:b231%22&quot;/&gt;&lt;LP=&quot;5363&quot; N=&quot;10.2.1.146&quot;/&gt;&lt;/T&gt;&lt;/C&gt;&lt;/E&gt;

      </Ticket>

      <Signature>

        <!-- SHA256 HASH of connection string (ticket) + password string -->

        <!-- Format: %02x, sample below -->

        0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20

      </Signature>

      <Resolution Width=’1280’ Height=’800’ ColorDepth=’32’/>

    </CRPInvitation>

    Thanks,

    Edgar

    Tuesday, August 06, 2013 8:12 PM
    Moderator
  • Thank you so much,I will try this out and let you know.
    Tuesday, August 06, 2013 8:14 PM
  • Once we have the signature do we need to send another information to the rdp server?  We are checking the signature on the network projector side but we are unable to connect to the rdp box.  With out secure turned on we connect just fine.  
    Wednesday, October 09, 2013 10:01 PM
  • Hi,

    Network projector is an unsupported protocol scenario.

    When, Secured=’true’, the server should calculate the signature and compare against the signature value extracted from the CRP Invitation. If they match, then the connection should be accepted by the server.

    if the signature verification is successful but the connection is not being established, then that's probably another issue. 

    Please send an email to my attention at dochelp (at) Microsoft (dot) com and mention this thread, and I will see whether I may further assist on this.

    Thanks,

    Edgar

    Monday, October 14, 2013 3:32 PM
    Moderator
  • Hi,

    We have not heard from you and did not receive any email from you on this. I consider that you no longer needs any assistance from us concerning the informative algorithm we provided for the unsupported protocol scenario of Network projector.

    Regards,

    Edgar

    Saturday, October 26, 2013 5:46 AM
    Moderator