Encrypting symmetric key with asymmetric public key RRS feed

  • Question

  • I am creating an AES key using BCryptGenerateSymmetricKey, and using that key to encrypt some data.<o:p></o:p>

    I am creating an asymmetric key pair in a smart card (actually, virtual smart card using TPM) using NCryptCreatePersistedKey, with NCRYPT_RSA_ALGORITHM as the algorithm ID and AT_KEYEXCHANGE as the key type.<o:p></o:p>

    I would like to encrypt the symmetric key with the public key portion of the smart card keypair.  I've tried this using NCryptEncrypt, and then decrypt using NCryptDecrypt.  I'm not able to get this to work.  The NCryptEncrypt function is working, but the NCryptDecrypt call is failing with 0x80100022 ("This smart card does not support the requested feature.").<o:p></o:p>

    I don't know why I'd get this.  I assume the TPM can handle decryption.  Is there something special I need to designate when I create the keypair?  Or do I need to specify some particular padding in the NCryptEncrypt function?  I'm trying it with '0' in dwFlags, and the encryption succeeds but the decryption fails.  I've also tried "NCRYPT_PAD_PKCS1_FLAG" and "NCRYPT_PAD_OAEP_FLAG", but both of those fail.

    Any suggestions on how to get the symmetric key encrypted by the asymmetric key?



    Monday, March 31, 2014 8:45 PM

All replies

  • I managed to get this to work by specifying NCRYPT_PAD_PKCS1_FLAG as the dwFlags parameter in both the NCryptEncrypt and NCryptDecrypt calls.
    Friday, October 24, 2014 6:30 PM