Stack Overflow
Stack Overflow

Questions tagged [cng]

CryptoAPI Next Generation (CNG) is the next version of the Windows CryptoAPI available since Vista. It adds NSA Suite B algoritms (including elliptic-curve cryptography) and is FIPS 140-2 certified.

256 questions
27
votes
2 answers

CNG: When to use BCrypt* vs NCrypt* family of functions

In the Microsoft CNG API (Cryptography API: Next Generation), there are two sets of functions that appear to do the same thing. The following functions start with BCrypt and perform key import/export, encryption/decryption, sign/verify, and…
dbush
  • 205,898
  • 23
  • 218
  • 273
23
votes
3 answers

ECDSA signing file with key from store C#.Net CNG

I'm trying to sign a file with ECDSA using the CNG API and a certificate from the Microsoft Certificate Store. I've read through a lot of documentation and and near done but I get hung up on importing the private key from the certificate. I've done…
Jim
  • 587
  • 2
  • 6
  • 19
20
votes
4 answers

Import a Public key from somewhere else to CngKey?

I am looking for a cross platform way to share public keys for ECDSA signing. I had a great thing going from a performance perspective with CngKey and the standard .NET crypto libraries, but then I couldn't figure out how a 33 (or 65) byte public…
Josh Handel
  • 1,690
  • 2
  • 13
  • 21
17
votes
3 answers

How to use a CNG (or AES-NI enabled instruction set) in .NET?

I Currently perform a large amount of encryption/decryption of text in c# using AES. With a pure software system it can take quite a processor hit for a decent amount of time for the lots of datasets required to be decrypted. I know Intel have came…
John Mitchell
  • 9,653
  • 9
  • 57
  • 91
16
votes
1 answer

Importing ECC-based certificate from the Windows Certificate Store into CngKey

How can I get the public/private keys from an ECC-based X509Certificate2's into CngKey's for use with ECDsaCng and ECDiffieHellmanCng? I'm currently using RSA 2048 bit key pairs to sign/encrypt stuff. I'm doing this by pulling the certificates from…
Dan Turner
  • 2,233
  • 18
  • 19
15
votes
3 answers

Cannot export RSA private key parameters, the requested operation is not supported

I have a certificate file provided by another party which I'm loading in my application and cannot export its private key parameters. It looks like the certificate is using CNG rather than CryptoAPI, so I can't access the private key directly, only…
username
  • 3,378
  • 5
  • 44
  • 75
13
votes
2 answers

How to chain BCryptEncrypt and BCryptDecrypt calls using AES in GCM mode?

Using the Windows CNG API, I am able to encrypt and decrypt individual blocks of data with authentication, using AES in GCM mode. I now want to encrypt and decrypt multiple buffers in a row. According to documentation for CNG, the following scenario…
Reinier Torenbeek
  • 16,669
  • 7
  • 46
  • 69
10
votes
2 answers

Does winapi's bcrypt.h actually support bcrypt hashing?

This may sound like a strange question, and it feels a bit bizarre that I actually have to ask this, but after spending a couple hours looking over the MSDN documentation for the bcrypt routines that were added in Vista, I've almost reached the…
Mason Wheeler
  • 82,511
  • 50
  • 270
  • 477
8
votes
1 answer

CNG replacement for CryptQueryObject

I'm interested in trying to read fields out of a digital signature. I have code that calls CryptQueryObject, then CryptMsgGetParam to get some fields and finally CertFindCertificateInStore to load the certificate. Any hints on how to do this…
dockd
  • 133
  • 7
7
votes
1 answer

Does EKM work with CNG key storage providers?

https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/extensible-key-management-ekm says : SQL Server provides data encryption capabilities together with Extensible Key Management (EKM), using the Microsoft Cryptographic API…
prashant
  • 969
  • 3
  • 11
  • 22
7
votes
1 answer

What are the actual formats supported by CngKeyBlobFormat?

The Microsoft pages provide "minimal" information about the formats that can be used by CngKey.Import. Which actual formats are actually represented by the following CngKeyBlobFormat properties? EccPrivateBlob EccPublicBlob GenericPrivateBlob…
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
6
votes
0 answers

How to specify Mask Generation Function in RSAES-OAEP using CNG APIs?

I’m implementing RSA-OAEP with windows CNG libraries. So far I’ve been able to have a full (encryption/decryption) flow with CNG library and able to verify results with OpenSSL. However, this only works if the hashing function is the same as the…
Deox
  • 86
  • 2
6
votes
1 answer

Microsoft CNG | How to import PEM encoded ECDSA private key into MS Key Storage Provider

I know the MS CNG private have this format - BCRYPT_ECCKEY_BLOB BYTE X[cbKey] // Big-endian. BYTE Y[cbKey] // Big-endian. BYTE d[cbKey] // Big-endian. Thus tried to import below key bytes - byte[] ec256PrivKB = { //Magic + CBLength 0x45, 0x43,…
User1234
  • 1,543
  • 4
  • 22
  • 32
6
votes
1 answer

Keys used with the ECDsaCng algorithm must have an algorithm group of ECDsa

I have the following problem, and cant find solution: While consuming APN (Apple push notifications) API, i implemented tokenized authorization. It's apple's new way of authorization on their push notifications api. Apple provides me private key,…
MIslavMIslav
  • 93
  • 1
  • 8
6
votes
1 answer

Where are the BCrypt NTSTATUS code return values defined?

The Windows CNG Cryptographic Primitive Functions have return values of type NTSTATUS. Several possible (symbolic) return values are mentioned, for example STATUS_AUTH_TAG_MISMATCH for the BCryptDecrypt function. These symbols are not defined in…
Reinier Torenbeek
  • 16,669
  • 7
  • 46
  • 69
1
2 3
17 18