我使用Wincrypt的Diffie-Hellman - 我可以导出的纯文本共享的秘密吗? [英] I'm using Wincrypt for Diffie-Hellman-- can I export the shared secret in plain text?
问题描述
好的 - 感谢 Mike ,我能够获得Wincrypt生成Diffie-Hellman密钥对。我想出来出口公钥,以及如何导入对方的公钥。根据文档,在导入另一方的公钥时,已经计算了共享秘密。太好了。
OK-- thanks to Mike, I was able to get Wincrypt to generate a Diffie-Hellman keypair. I figured out out to export the public key, and how to import the other party's public key. According to the docs, upon import of the other party's public key, the shared secret has been computed. Great.
我现在需要得到那个共享秘密,但我不认为它可能。只需调用 PLAINTEXTKEYBLOB
类型的 CryptExportKey
,除非调用 CryptSetKeyParam
将算法ID从 CALG_AGREEDKEY_ANY
更改为某个... else。但我不想别的东西,我想要共享的秘密。但是,API似乎旨在阻止这种情况。
I now need to get ahold of that shared secret, but I don't think its possible. Simply calling CryptExportKey
with a type of PLAINTEXTKEYBLOB
fails unless I call CryptSetKeyParam
to change the algorithm id from CALG_AGREEDKEY_ANY
to something... else. But I don't want something else, I want the shared secret. The API, however, seems designed to discourage this.
有什么想法吗?我应该注意到,这里的问题是,我只写一个实现的WiFi保护设置的一面。所以协议是为我定义的,而另一方没有给我HCRYPTKEY。
Any ideas out there? I should note that the problem here is that I'm only writing one side of an implementation of WiFi Protected Setup. So the protocol is defined for me, and the other party is not giving me HCRYPTKEYs.
推荐答案
您需要...
来自: http://msdn.microsoft.com/en-us/library/aa381969(VS.85).aspx
要导入Diffie-Hellman公钥并计算秘密会话密钥
To import a Diffie-Hellman public key and calculate the secret session key
- 调用
- 通过调用
CryptGenKey 来创建Diffie-Hellman密钥。CryptAcquireContext
函数获取Microsoft Diffie-Hellman加密提供程序的句柄。 / code>函数创建一个新的键,或通过调用CryptGetUserKey
函数来检索现有的键。 - 将Diffie-Hellman公钥导入CSP,调用
CryptImportKey
函数,将指针传递到pbData $ c>中的公钥BLOB $ c>参数,
dwDataLen
参数中BLOB的长度以及hPubKey $ c>中Diffie-Hellman键的句柄$ c>参数。这导致要执行的计算
(Y ^ X)mod P
,从而创建共享的秘密密钥并完成密钥交换。此函数调用在hKey
参数中返回新的秘密会话密钥的句柄。 - 此时,导入的Diffie -Hellman的类型为
CALG_AGREEDKEY_ANY
。在可以使用密钥之前,必须将其转换为会话密钥类型。这是通过调用CryptSetKeyParam
函数与dwParam
设置为KP_ALGID
并将pbData
设置为指向表示会话密钥的ALG_ID
值的指针,例如CALG_RC4
。在使用CryptEncrypt
或CryptDecrypt
函数中的共享密钥之前,必须转换密钥。 - 秘密会话密钥现在已准备好用于加密或解密。
- 当不再需要密钥时,通过调用
CryptDestroyKey
函数来销毁密钥句柄。
- Call the
CryptAcquireContext
function to get a handle to the Microsoft Diffie-Hellman Cryptographic Provider. - Create a Diffie-Hellman key by calling the
CryptGenKey
function to create a new key, or by calling theCryptGetUserKey
function to retrieve an existing key. - To import the Diffie-Hellman public key into the CSP, call the
CryptImportKey
function, passing a pointer to the public key BLOB in thepbData
parameter, the length of the BLOB in thedwDataLen
parameter, and the handle to the Diffie-Hellman key in thehPubKey
parameter. This causes the calculation,(Y^X) mod P
, to be performed, thus creating the shared, secret key and completing the key exchange. This function call returns a handle to the new, secret, session key in thehKey
parameter. - At this point, the imported Diffie-Hellman is of type
CALG_AGREEDKEY_ANY
. Before the key can be used, it must be converted into a session key type. This is accomplished by calling theCryptSetKeyParam
function withdwParam
set toKP_ALGID
and withpbData
set to a pointer to aALG_ID
value that represents a session key, such asCALG_RC4
. The key must be converted before using the shared key in theCryptEncrypt
orCryptDecrypt
function. Calls made to either of these functions prior to converting the key type will fail. - The secret session key is now ready to be used for encryption or decryption.
- When the key is no longer needed, destroy the key handle by calling the
CryptDestroyKey
function.
这篇关于我使用Wincrypt的Diffie-Hellman - 我可以导出的纯文本共享的秘密吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!