CryptImportKey fails on Windows 8.1 RRS feed

  • Question

  • Hello!

    The function CryptImportKey() used in my case to generate the key for HMAC hash function. It works well on all older Windows versions and even on Windows 8 Preview, however on Windows 8.1 it fails with last error ERROR_INVALID_PARAMETER.

    The condition is just one - when I specify one-byte key size. In the code snippet below, the pbKey is a pointer to one-byte user password and cbKey = 1. The same code works well with two- and more lengths of the key.

       pKeyBlob->hdr.bType = PLAINTEXTKEYBLOB;
       pKeyBlob->hdr.bVersion = CUR_BLOB_VERSION;
       pKeyBlob->hdr.reserved = 0;
       pKeyBlob->hdr.aiKeyAlg = CALG_RC2;
       pKeyBlob->cbKeySize = cbKey;
       memcpy(((LPBYTE) pKeyBlob) + sizeof(HMAC_KEY_BLOB), pbKey, cbKey);
          dwError = GetLastError();
          goto hmac_end;
       if (!CryptImportKey(hProv, (LPBYTE) pKeyBlob, sizeof(HMAC_KEY_BLOB) + cbKey, NULL, CRYPT_IPSEC_HMAC_KEY, &hKey))
          dwError = GetLastError();
          goto hmac_end;

    Are any known limitations or bugs in Win 8.1?


    Thursday, September 26, 2013 9:25 AM

All replies

  • Hi,

    I have been contacted repeatedly concerning this issue because it appears when my PBKDF2 implementation (http://www.idrix.fr/Root/Samples/pbkdf2.cpp) runs under Windows 8.1.

    The cause of the problem is that Microsoft changed the implementation of CryptImportKey in Windows 8.1 in order to forbid the use of one-byte RC2 keys : the minimum supported size for RC2 keys is 2 bytes under Windows 8.1.

    I have solved this issue in my PBKDF2 implementation by changing how CryptImportKey is called when a one-byte password is entered.

    So, if you use my code and you encountered this issue, just download the modified version of PBFDF2 implementation at the same location (http://www.idrix.fr/Root/Samples/pbkdf2.cpp) : it will behave correctly on all platforms.

    I hope this will help.
    Mounir IDRASSI

    Mounir IDRASSI - IDRIX - http://www.idrix.fr

    • Proposed as answer by Mounir IDRASSI Thursday, December 12, 2013 8:35 AM
    Sunday, December 8, 2013 4:25 PM