I'm trying to use the WinCrypt API in C++.
My application need to cipher, decipher, sign and verify files, and I know how to do that once I have the correct keys. But my problem is actually that that is NOT the same application which generates those keys.
What I have is public and private keys in files in PEM format :
-----BEGIN RSA PRIVATE KEY-----
[Base64 encoded]
-----END RSA PRIVATE KEY-----
And :
-----BEGIN RSA PUBLIC KEY-----
[Base64 encoded]
-----END RSA PUBLIC KEY-----
After some research, I have found how to import the public key : here and here, using the following methods :
But now, my problem is to do the same thing whith the private key. Any help would be really really appreciated :) Thank you.
A PEM private key can be imported into CAPI by using CryptDecodeObjectEx with PKCS_RSA_PRIVATE_KEY and then calling CryptImportKey.
I have written a sample that shows how to use a PEM encoded RSA private key for signing data using CAPI. Here is a link to it : http://www.idrix.fr/Root/Samples/capi_pem.cpp
I hope this will help.
I ran into this problem with an encrypted private key in PEM format. Here is the process I followed to decrypt and import it:
CryptStringToBinaryA
with CRYPT_STRING_BASE64HEADER
CryptDecodeObject
with PKCS_7_ASN_ENCODING
and PKCS_ENCRYPTED_PRIVATE_KEY_INFO
CryptDecodeObject
. You can find that code here.BCryptDeriveKeyPBKDF2
to derive the encryption key from the passwordBCryptDecrypt
to decrypt the private key using the symmetric key derived from the password.CryptDecodeObject
with PKCS_7_ASN_ENCODING
and PKCS_PRIVATE_KEY_INFO
CryptDecodeObject
with PKCS_7_ASN_ENCODING
and PKCS_RSA_PRIVATE_KEY
on the PrivateKey
data member produced in the previous step.The output of this last step is an RSA Private Key BLOB. This can be imported with BCryptImportKeyPair
and LEGACY_RSAPRIVATE_BLOB
. Again, code demonstrating all of this can be found here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With