locked
IPsecSaEnum0 and displaying key information RRS feed

  • Question

  • When using IPsecSaEnum0 to enumerate manually added security associations is it expected behavior to not be able to read the authKey and cipherKey used to create the entry?  The fields that I'm looking at are as follows:

     

    entries.saBundle.saList[index].ahInformation->authKey.data

    entries.saBundle.saList[index].espAuthInformation->authKey.data

    entries.saBundle.saList[index].espCipherInformation->cipherKey.data;

    entries.saBundle.saList[index].espAuthAndCipherInformation.saAuthInformation->authKey.data;

    entries.saBundle.saList[index].espAuthAndCipherInformation.saCipherInformation->cipherKey.data;

     

    They all come back with a byte array of 16 0's.

     

    I imagine this is the expected behavior because turning the authKey and cipherKey would be a very good security hole for someone to compromise the Ipsec communications.  My question is how do I verify that what I've added is in there correctly and that I have the right size key for the algorithm being used.

     

    Thanks,

    Steven

    Monday, September 15, 2008 11:23 PM

Answers

  • I suspect if you pass to ipsec APIs incorrect key length for a cipher we will in turn pas it onto the crypto libraries which will throw and error and we relay it back to you, the API caller.

     

    Is your experience different?

    Monday, October 6, 2008 12:04 AM

All replies

  • I suspect if you pass to ipsec APIs incorrect key length for a cipher we will in turn pas it onto the crypto libraries which will throw and error and we relay it back to you, the API caller.

     

    Is your experience different?

    Monday, October 6, 2008 12:04 AM
  • It seemed to accept whatever it was that I gave it with no regard to actual value or length.
    Monday, December 1, 2008 7:28 PM