Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CryptExportKey 3DES Key...

165 views
Skip to first unread message

TemporalBeing

unread,
May 25, 2006, 10:46:45 AM5/25/06
to
I am working to try to export a 3DES key to be used as a template, and
am getting the NTE_BAD_KEY error during the export. I know the docs say
that this means that either of the "hkey and hexpkey" are invalid -
however, I just generated the key in the same context and the handle is
what was just given to me by CryptGenKey:

...
HCRYPTPROV Win32_RSA_Enhanced_Provider = NULL;
if(!CryptAcquireContext(&Win32_RSA_Enhanced_Provider,"MyContext",MS_ENHANCED_PROV,PROV_RSA_FULL,0))

return;
...
HCRYPTKEY Win32_3DES_Key = NULL;
if
(!CryptGenKey(Win32_Provider,CALG_3DES,CRYPT_EXPORTABLE,&Win32_3DES_Key))

return;
...
//Try to get the size of the private key blob
DWORD DataSize = 0;
CryptExportKey(Win32_3DES_Key,NULL,PRIVATEKEYBLOB,0,NULL,&DataSize);
DWORD Last_Error = GetLastError();
//Last_Error = 0x80090003 = "Bad Key."

According to the docs, the MS_ENHANCED_PROV should allow the 3DES key
to be exported without having a key to encrypt it.

The calls are set up in different functions - wrapped - but I have the
same code working just fine for AT_EXCHANGE, DH_EPHEM, and DH_PREGEN
keys under the MS_DEF_PROV and MS_DEF_DSS_DH_PROV providers. This code
is also based on other code that I have that does it with the same
provider and key type - between which I cannot spot a difference in the
WinCrypt calls themselves other than that the old code does not try to
retrieve the size, it just assumes a certain size
(BLOBHEADER+RSAPUBHEADER+64bytes - safe for Win32/WinCrypt, but not
expandable or very portable).

Any advice, very much appreciated.

TIA,

Ben

Doug Barlow

unread,
May 25, 2006, 11:47:02 AM5/25/06
to
TemporalBeing wrote:

>I am working to try to export a 3DES key to be used as a template, and
> am getting the NTE_BAD_KEY error during the export.

You're using the wrong blob type to export a 3DES key; that's probably
what's causing your error.

Try changing PRIVATEKEYBLOB to PLAINTEXTKEYBLOB.

PRIVATEKEYBLOB is specific to exporting the private portion of asymmetric
key pairs.

Doug Barlow
The Soft Pedal Shop
CSP Design & Development Consulting
http://www.SoftPedal.net


TemporalBeing

unread,
May 25, 2006, 4:24:45 PM5/25/06
to
> TemporalBeing wrote:
> > I am working to try to export a 3DES key to be used as a template, and
> > am getting the NTE_BAD_KEY error during the export.
Doug Barlow wrote:
> You're using the wrong blob type to export a 3DES key; that's probably
> what's causing your error.

Okay. That sounds reasonable. I changed it over to use the exchange key
for this part (which is sufficient for what I was doing at that point).
Oh well...

I have another issue with CryptExportKey, but it'll be best for another
thread. Thanks.

Ben

0 new messages