locked
CNG Import Keyblob From CryptoAPI RRS feed

  • Question

  • Using CNG, is it possible (I'm assuming so) to import a keyblob that was exported from CryptoAPI?

    If so, does anyone have any working examples?

    If not, how does one migrate and still have backward compatibility?

    Thanks,

    C-Coder

    Wednesday, June 3, 2020 3:36 PM

All replies

  • Hello C-Coder,

    Yes, you can use CNG to export and then import a keyblob.

    Here is an official sample demonstrates how to export a public key blob then import it for validating the digital signature: Example C Program: Signing a Hash and Verifying the Hash Signature.

    Please let me know if it helps.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, June 4, 2020 1:57 AM
  • Rita,

    I believe I'm talking about a different situation. We have keyblobs that were created using CryptoAPI and exported to files and used to encrypt files. We want to be able to use the newer CNG library to import those keyblobs and then use them for decrypting things.

    Thanks,

    C-Coder

    Thursday, June 4, 2020 5:22 PM
  • Hello C-Coder,

    Could you confirm the following information to narrow down this issue?

    • What's kind of keyblobs? Refer to dwBlobType parameter's description document.
    • What's kind of key are you talking about? Symmetric keys or Asymmetric keys?
    • Cryptographic Service Providers is RSA or DSS? 
    • Exported files format? Is PFX?

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, June 5, 2020 5:49 AM
  • Hi Rita,

    1 - OPAQUEKEYBLOB

    2 - Symmetric

    3 - RSA

    4 - No defined format. Assume the blob is just sitting in memory. In other words, I don't want to rely on information being read from disk in a particular format. I want it to be assumed that the blob was exported and stored in memory in it's native blob format from CryptExportKey.

    Thank you,

    C-Coder

    Friday, June 5, 2020 4:16 PM
  • Hello C-Coder,

    Thanks for your confirmation.

    But I am still confused about #4 point, since you mentioned that you "have keyblobs that were created using CryptoAPI and exported to files".

    So my question is do you want to import from existing key or new created key? If it is a existing key, where this key stores, Microsoft key storage provider, third party key storage provider, smart card or hardware security module?

    For example, if the key is exist in specified CNG key storage provider you can open the key using NCryptOpenKey then export and import.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, June 8, 2020 9:01 AM