Public Key Question RRS feed

  • Question

  • Is there a difference between a public key from a self-signed RSA public/private key pair, and a public key extracted from a Certificate. The reason I ask is that when I extract the public key from an online certificate, and use it to create a Pre-Master and related keys, it works like a charm. But when I use a public key that I created using the Microsoft Crypto API, it returns an 0x80090003 Bad Key error. Both are 2048 bit/256 byte keys, and the error is returned on the CryptoImportKey function using the MS_DEF_RSA_SCHANNEL_PROV CSP.

    J.A. Coutts

    Wednesday, July 3, 2013 2:59 AM

All replies

  • It turns out that I created the keys using AT_SIGNATURE instead of AT_KEYEXCHANGE. Having fixed that problem, I have run into another issue that I need some help on. After acquiring a handle to Crypto Provider, importing the Private Key, getting a handle to the Key Pair with CryptGetUserKey AT_KEYEXCHANGE, I get an Error 0x80090005 NTE_BAD_DATA when I try to import the encrypted Master Key.

    ANy help would be greatly appreciated.

    J.A. Coutts

    Sunday, July 14, 2013 7:30 PM
  • After much trial and error, I have got past the NTE_BAD_DATA error. The problem turned out to be 2 fold.

    1. In the server, the sample code from MSDN reversed the encrypted Master Key data in the Blob structure. I found that I did not have to reverse the key data, which I presume was because I was loading the data straight from memory rather than from received data. Because it originated from random data, it was impossible for me to figure out which way was correct, other than trial and error.

    2. When running the Client code, I was using the handle to the Certificate Public Key (hPublicKey) in the remainder of the calls. When I acquired the handle to hPublicKey using CryptGetUserKey, and just used the Certificate Public Key to encrypt and export the Master Key, I had much better success.

    There will probably be more problems as I move forward with this code, and hopefully someone can offer some assistance.

    J.A. Coutts

    Tuesday, July 23, 2013 6:06 AM