locked
Is it possible to get actual IPsec cipher keys using function IPsecSaEnum1()? RRS feed

  • Question

  •     Is it possible to get actual IPsec cipher keys using function IPsecSaEnum1()? This function returns correct number of SAs, correct SPIs (which correspond to those on the other end of IPsec tunnel - Cisco router), correct transform types and correct keys length (IPSEC_SA_CIPHER_INFORMATION0.cipherKey.size). But the key itself (IPSEC_SA_CIPHER_INFORMATION0.cipherKey.data) is always filled with zeros.

        Is it something about privilege levels?

    Sunday, July 24, 2011 7:56 PM

Answers

  • Currently the crypto key is not returned by design.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Monday, July 25, 2011 5:33 PM
    Moderator

All replies

  • Currently the crypto key is not returned by design.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Monday, July 25, 2011 5:33 PM
    Moderator
  • Thank you for the quick answer. It has saved me from a lot of frustration :)
    • Edited by Yuri Volkov Monday, July 25, 2011 6:28 PM misspelling
    Monday, July 25, 2011 6:28 PM