locked
CryptImportPublicKeyInfo returning NTE_BAD_LEN for 2048-bit keys on Win7 RRS feed

  • Question

  • Hi, if I use CryptAcquireContext() to get a HCRYPTPROV for "Microsoft Base Cryptographic Provider v1.0", then call CryptImportPublicKeyInfo() to import a public key (which was originally loaded from an .spc file via CertOpenStore()), I see the following:

    .spc contains 1024-bit key, CryptImportPublicKeyInfo() run on Vista SP2 x86: success

    .spc contains 2048-bit key, CryptImportPublicKeyInfo() run on Vista SP2 x86: success

    .spc contains 1024-bit key, CryptImportPublicKeyInfo() run on Windows 7 SP1 x64: success

    .spc contains 2048-bit key, CryptImportPublicKeyInfo() run on Windows 7 SP1 x64: error NTE_BAD_LEN

    If I change the CryptAcquireContext() call to use "Microsoft Enhanced Cryptographic Provider v1.0", CryptImportPublicKeyInfo() succeeds for both 1024-bit and 2048-bit keys, on both Vista and Win7.

    I do see from the CryptoAPI Cryptographic Service Providers page that the max key size for "RSA Key Exchange" is 1024 for the Base provider, and 16384 for the Enhanced provider, but is CryptImportPublicKeyInfo() considered "RSA Key Exchange"? Also, CryptGetProvParam() for the provider's PROV_ENUMALGS_EX shows that the max key size for RSA_KEYX is the same on both Vista and Win7, yet CryptImportPublicKeyInfo() works with 2048-bit keys on Vista.

    So, is CryptImportPublicKeyInfo for a 2048-bit key with the Base provider supposed to work? If so, why doesn't it seem to work in Win7? If not, why does it work on Vista? (And XP SP3, BTW)

    Friday, January 18, 2013 8:37 PM