none
System.Security.Cryptography.CngKey RRS feed

  • Question

  • Hi, I tried creating CngKey with export policy as AllowPlaintextArchiving and export the private key only once. As per the documentation provided this allows the private key exported only once for archiving purposes.

     CngKey.Create(
                    CngAlgorithm.ECDsaP256,
                    "key1",
                    new CngKeyCreationParameters
                    {
                        KeyCreationOptions = CngKeyCreationOptions.MachineKey,
                        ExportPolicy = CngExportPolicies.AllowArchiving
                    });

    I am exporting the key with

     var key = CngKey.Open("key1", CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey);
     var privkey = key.Export(CngKeyBlobFormat.EccPrivateBlob);

    But while exporting  the key i am getting CryptographicException saying, The requested operation is not supported. Any Idea where it's going wrong?

    Thanks.

    Thursday, July 6, 2017 10:05 AM

Answers

  • The flag means "The private key can be exported by the time it just created only", and is working as intented.

    Try the following:

                CngKey k = null;
                byte[] privkey = null;
                try
                {
                    k = CngKey.Create(
                        CngAlgorithm.ECDsaP256,
                        "key1",
                        new CngKeyCreationParameters
                        {
                            KeyCreationOptions = CngKeyCreationOptions.MachineKey,
                            ExportPolicy = CngExportPolicies.AllowPlaintextExport,
                        });
    
                    privkey = k.Export(CngKeyBlobFormat.EccPrivateBlob);
                    Console.WriteLine(BitConverter.ToString(privkey));
    
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.ToString());
                }
                finally
                {
                    if (k != null)
                    k.Delete();
                }


    • Edited by cheong00Editor Thursday, July 6, 2017 1:07 PM
    • Marked as answer by SCHarish Friday, July 7, 2017 8:54 AM
    Thursday, July 6, 2017 1:07 PM
    Answerer

All replies

  • The flag means "The private key can be exported by the time it just created only", and is working as intented.

    Try the following:

                CngKey k = null;
                byte[] privkey = null;
                try
                {
                    k = CngKey.Create(
                        CngAlgorithm.ECDsaP256,
                        "key1",
                        new CngKeyCreationParameters
                        {
                            KeyCreationOptions = CngKeyCreationOptions.MachineKey,
                            ExportPolicy = CngExportPolicies.AllowPlaintextExport,
                        });
    
                    privkey = k.Export(CngKeyBlobFormat.EccPrivateBlob);
                    Console.WriteLine(BitConverter.ToString(privkey));
    
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.ToString());
                }
                finally
                {
                    if (k != null)
                    k.Delete();
                }


    • Edited by cheong00Editor Thursday, July 6, 2017 1:07 PM
    • Marked as answer by SCHarish Friday, July 7, 2017 8:54 AM
    Thursday, July 6, 2017 1:07 PM
    Answerer
  • Hi SCHarish,

    For your question, when creating the key, it needs to be marked allowed for export, please change CngExportPolicies to AllowPlaintextExport. This will make private key be exported multiple times as plaintext.

    I test the following code. It works well for me.

          CngKey.Create(
                    CngAlgorithm.ECDsaP256,
                    "key1",
                    new CngKeyCreationParameters
                    {
                        KeyCreationOptions = CngKeyCreationOptions.MachineKey,
                        ExportPolicy = CngExportPolicies.AllowPlaintextExport
                    });
                var key = CngKey.Open("key1", CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey);
                var privkey = key.Export(CngKeyBlobFormat.EccPrivateBlob);

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, July 7, 2017 8:46 AM
    Moderator