none
Ccreate Private/Public Key Pair Using "Microsoft DH SChannel Cryptographic Provider" RRS feed

  • Question

  • I am trying to create 2 self-signed certificates each with private/public key pair for use in key Elliptical Curve Diffie-Helman derivation:

    makecert -n "CN=ECDH Authority" -cy authority -a SHA512 -len 4096 -sv "C:\ECDH Authority.pvk" -r "C:\ECDH Authority.cer"

    Private Key Password / Issuer Signature: 5DDD226A-8431-4D9B-8FEB-466F73A3

    makecert -pe -n "CN=ECDH Ali" -a SHA512 -len 512 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -iv "C:\ECDH Authority.pvk" -ic "C:\ECDH Authority.cer" -sp "Microsoft DH SChannel Cryptographic Provider" -sy 18 -sv "C:\ECDH Ali.pvk" "C:\ECDH Ali.cer"

    Private Key Password: C9E58BFD-3669-463A-B4EE-36F64537

    pvk2pfx -pvk "C:\ECDH Ali.pvk" -spc "C:\ECDH Ali.cer" -pfx "C:\ECDH Ali.pfx"

    pvk2pfx returns an error: ERROR: Cannot find certificates that match the key. (Error Code = 0x80070490).

    FYI: I have also tried converting the public portion (*.cer) to byte[] then to CngKey; however, the same "incorrect parameter" error occurs during the CngKey.Import method.

    Here is the C# i plan to implement:

    		private static byte[] CombineKeys()
    		{
    			byte[] rtn = new byte[0] { };
    
    			X509Certificate2 PrivateCert = new X509Certificate2("Certificates\\ECDH\\ECDH Ali.pfx"); ;
    			X509Certificate2 PublicCert = new X509Certificate2("Certificates\\ECDH\\ECDH Bob.cer"); ;
    			string PrivatePassword = "C9E58BFD-3669-463A-B4EE-36F64537";
    			
    			byte[] PriKey = PrivateCert.Export(X509ContentType.Cert, PrivatePassword);
    			CngKey PriCngKey = CngKey.Import(PriKey, CngKeyBlobFormat.EccPrivateBlob); // Errors here with "incorrect parameter"
    
    			using (ECDiffieHellmanCng cng = new ECDiffieHellmanCng(PriCngKey))
    			{
    				byte[] PubKey = PublicCert.GetPublicKey();
    				CngKey PubCngKey = CngKey.Import(PubKey, CngKeyBlobFormat.EccPublicBlob);
    
    				rtn = cng.DeriveKeyMaterial(PubCngKey);
    			};
    
    			return rtn;
    		}	

    OS: Windows 7 64-Bit
    VS2012 (C:\Program Files (x86)\Windows Kits\8.0\bin\x64\makecert.exe)


    Friday, October 17, 2014 5:17 PM

All replies