[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: CPImportKey and SmartCard CSP
From: Laszlo Elteto <lelteto () RAINBOW ! COM>
Date: 2002-09-18 14:53:35
[Download RAW message or body]
This is the approach we are using in our CryptoSwift HSM CSP. The difference
(and that's for speed purpose) is that we create a fixed container in the MS
CSP with the exponent-one key-exchange keypair, so don't have to do it every
time we need to inject a secret key into that CSP.
Laszlo Elteto
Fellow Scientist
Rainbow Technologies, Inc.
-----Original Message-----
From: Miro masnoglav [mailto:miro.masnoglav@ADACTA.SI]
Sent: Wednesday, September 18, 2002 5:53 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: CPImportKey and SmartCard CSP
Maybe you need this
http://support.microsoft.com/support/kb/articles/Q228/7/86.ASP
Regards
Miro
-----Original Message-----
From: Microsoft Cryptographic API
[mailto:CryptoAPI@DISCUSS.MICROSOFT.COM] On Behalf Of Dag Legerncs
Sent: Wednesday, September 18, 2002 2:33 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: CPImportKey and SmartCard CSP
Hi,
I am developing a CSP for our smart cards. The CSP handles any
smart-card specific functionality such as CPSignHash itself and forwards
to MS Enhanced CSP any functions which are not performed using the smart
card - e.g hashing, symmetric crypto and RSA public key operations. This
approach has been working well so far.
When I attempt to use the CSP to decrypt an email which has been
encrypted with Outlook Express, the following problem arises:
The email is encrypted using an RC2 key which is wrapped in a SIMPLEBLOB
encrypted with the smart card's public key. Outlook Express calls
CPImportKey with the SIMPLEBLOB as a parameter along with a handle to
the corresponding private key. I submit the BLOB to the smart card for
decryption and receive a properly formatted PKCS#1 block containing 5
bytes of RC2 key material back. So far so good. However, I would like to
forward the RC2 key to the MS Enhanced Provider's CPImportKey so that I
dont't have to implement the subsequent RC2 decryption myself. How can I
do that; i.e. how do I import a symmetric key to the MS provider _after_
the SIMPLEBLOB containing the symmetric key has been decrypted? I have
tried to call the MS provider's CPImportKey using NULL for the pubKey
parameter, but this seems to trigger decryption using the private key in
the MS Provider's default key container. Do I actually have to do
something like the following:
- Decrypt the BLOB using the smart card's public key
- Generate an RSA key pair using the MS Provider
- Encrypt the BLOB using the new key pair's public key
- Submit the BLOB to the MS Provider along with a handle to the new key
pair's private key.
I am sure it can be worked out like this, but hope that anyone can
suggest a more simple solution.
Regards,
Dag Legernęs
Buypass AS
Oslo, Norway
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic