tags:

views:

357

answers:

2
Q: 

I have P & G-- how do I use the Wincrypt API to generate a Diffie-Hellman keypair?

There's an MSDN article here, but I'm not getting very far:

p = 139;
g = 5;

CRYPT_DATA_BLOB pblob;
pblob.cbData = sizeof( ULONG );
pblob.pbData = ( LPBYTE ) &p;

CRYPT_DATA_BLOB gblob;
gblob.cbData = sizeof( ULONG );
gblob.pbData = ( LPBYTE ) &g;

HCRYPTKEY hKey;
if ( ::CryptGenKey( m_hCryptoProvider, CALG_DH_SF,
                    CRYPT_PREGEN, &hKey ) )
{
    ::CryptSetKeyParam( hKey, KP_P, ( LPBYTE ) &pblob, 0 );

Fails here with NTE_BAD_DATA. I'm using MS_DEF_DSS_DH_PROV. What gives?

+1  A: 

It looks to me that KP_P, KP_G, KP_Q are for DSS keys (Digital Signature Standard?). For Diffie-Hellman it looks like you're supposed to use KP_PUB_PARAMS and pass a DATA_BLOB that points to a DHPUBKEY_VER3 structure.

Note that the article you're pointing to is from the Windows Mobile/Windows CE SDK. It wouldn't be the first time that CE worked differently from the desktop/server.

EDIT: CE does not implement KP_PUB_PARAMS. To use this structure on the desktop, see Diffie-Hellman Version 3 Public Key BLOBs.

Mike Dimmick  2008-09-16 22:54:32
Thanks, but the DHPUBKEY_VER3 structure doesn't appear to allow one to specify P )
 2008-09-16 23:49:49
+1  A: 

It may be that it just doesn't like the very short keys you're using.

I found the desktop version of that article which may help, as it has a full example.

EDIT:

The OP realised from the example that you have to tell CryptGenKey how long the keys are, which you do by setting the top 16-bits of the flags to the number of bits you want to use. If you leave this as 0, you get the default key length. This is documented in the Remarks section of the device documentation, and with the dwFlags parameter in the desktop documentation.

For the Diffie-Hellman key-exchange algorithm, the Base provider defaults to 512-bit keys and the Enhanced provider (which is the default) defaults to 1024-bit keys, on Windows XP and later. There doesn't seem to be any documentation for the default lengths on CE.

The code should therefore be:

BYTE p[64] = { 139 }; // little-endian, all other bytes set to 0
BYTE g[64] = { 5 };

CRYPT_DATA_BLOB pblob;
pblob.cbData = sizeof( p);
pblob.pbData = p;

CRYPT_DATA_BLOB gblob;
gblob.cbData = sizeof( g );
gblob.pbData = g;

HCRYPTKEY hKey;
if ( ::CryptGenKey( m_hCryptoProvider, CALG_DH_SF,
                    ( 512 << 16 ) | CRYPT_PREGEN, &hKey ) )
{
    ::CryptSetKeyParam( hKey, KP_P, ( LPBYTE ) &pblob, 0 );
Mike Dimmick  2008-09-17 00:06:37
Thanks, Mike-- I found (from your reference) that it was *two* things. You have to tell CryptGenKey the key length by or'ing the length in bits, left shifted by 16, into the flags parameter (undocumented, of course, you have to read the sample). *Also*, the key length must be at least 512 bits.
 2008-09-17 16:47:54

related questions

Is there a standard implementation for Electronic Signatures on fill-in-form web applications?
Best way to handle block ciphers in C++? (Crypto++)
What is the best replacement for Windows' rand_s in Linux/POSIX?
Combination of more than one crypto algorithm
Encryption output always different even with same key
What techniques do you use when writing your own cryptography methods?
Optimize y = x*x in Galois field arithmetic
Best way to prevent duplicate use of credit cards
Enumerating Certificate Fields in C#
I'm using Wincrypt for Diffie-Hellman-- can I export the shared secret in plain text?
Cryptography algorithm
Good primers on Cryptography
Should I use an initialization vector (IV) along with my encryption?
How do I hash a string with Delphi?
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
How to implement password protection for individual files?
Is Bouncy Castle API Thread Safe ?
128 bit data encryption using Java
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
App.config connection string Protection error
Is there a best .NET algorithm for credit card encryption?
How to encrypt one message for multiple recipients?
How can I generate a unique, small, random, and user-friendly key?
Why is an s-box input longer than its output?