PKCS #11 Defines a procedure for wrapping/unwrapping of private keys using symmetric keys PKCS #11 v2.20 (Section 12.6). The unwrapping procedure simply reverses the wrapping procedure; so there is a C_UnwrapKey function to complement C_WrapKey.
I was wondering if there is a similar procedure with CNG (or CAPI; but i prefer CNG). Importing PKCS#8 encrypted key to RSACng is the best i found to describe the capabilities of CNG with regard to accepting PKCS#8 encrypted private keys (to unwrap them). However, there it mentions only PKCS#8 keys that were encrypted using a password - i know Microsoft did this in order to be compatible with PKCS#12 to support PFX files, yet i want to be able to decrypt an encrypted PKCS#8 private key using an existing key in the CNG provider (i.e. to unwrap the key) just as described in PKCS#11.
Can anybody confirm whether such a capability exists anywhere within CNG and if it exists, then i would appreciate any directions.
