Issues with symmetric key export using PKI (C++ CryptoAPI)
-
Friday, August 10, 2012 11:28 AM
Hi there,
I am using symmetric encryption to encrypt data. The symmetric key is generated using CryptGenKey.
I have a .cer file containing the public key on both the server and client code.
In the server, I want to export the generated symmetric key using the PRIVATE KEY in my certificate (I have the container handle using CryptAcquireCertificatePrivateKey based on the CCERT_CONTEXT derived out of the .cer file). I am using CryptExportKey to do this.
On the other end (the client), I derived the CCERT_CONTEXT out of the public key in the .cer file and I now want to use this to decrypt the exported symmetric key.Now, here are the issues:
1. In the server, it looks like CryptExportKey always encrypts using the public key and NOT THE PRIVATE KEY. Is there a way to change this?
2. I considered using CryptSignAndEncryptMessage, but my client could be in a non-windows platform. Therefore I want complete control on the data being encrypted and transmitted.
Any help will be appreciated!
if...then...else, like everyone else!
- Moved by Jesse JiangMicrosoft Contingent Staff Monday, August 13, 2012 7:56 AM (From:Visual C++ General)
All Replies
-
Monday, August 13, 2012 8:02 AM
Hi,
Welcome to the MSDN forum.
According to your description, I'd like to move this thread to "Application Security for Windows Desktop Forum" for better support.
Thanks for your understanding and active participation in the MSDN Forum.
Regards,
Elegentin Xie [MSFT]
MSDN Community Support | Feedback to us
-
Monday, August 13, 2012 9:58 PM
That scheme would make the public key a secret on your client. Thus anyone with that certificate could decrypt your symmetric key.
