我有 P& G-- 如何使用 Wincrypt API 生成 Diffie-Hellman 密钥对?
这里有一篇 MSDN 文章,但我还没有走得太远:
p = 139;
g = 5;
CRYPT_DATA_BLOB pblob;
pblob.cbData = sizeof( ULONG );
pblob.pbData = ( LPBYTE ) &p;
CRYPT_DATA_BLOB gblob;
gblob.cbData = sizeof( ULONG );
gblob.pbData = ( LPBYTE ) &g;
HCRYPTKEY hKey;
if ( ::CryptGenKey( m_hCryptoProvider, CALG_DH_SF,
CRYPT_PREGEN, &hKey ) )
{
::CryptSetKeyParam( hKey, KP_P, ( LPBYTE ) &pblob, 0 );
此处失败并显示 NTE_BAD_DATA。 我正在使用 MS_DEF_DSS_DH_PROV。 是什么赋予了?
There's an MSDN article here, but I'm not getting very far:
p = 139;
g = 5;
CRYPT_DATA_BLOB pblob;
pblob.cbData = sizeof( ULONG );
pblob.pbData = ( LPBYTE ) &p;
CRYPT_DATA_BLOB gblob;
gblob.cbData = sizeof( ULONG );
gblob.pbData = ( LPBYTE ) &g;
HCRYPTKEY hKey;
if ( ::CryptGenKey( m_hCryptoProvider, CALG_DH_SF,
CRYPT_PREGEN, &hKey ) )
{
::CryptSetKeyParam( hKey, KP_P, ( LPBYTE ) &pblob, 0 );
Fails here with NTE_BAD_DATA. I'm using MS_DEF_DSS_DH_PROV. What gives?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在我看来,
KP_P、KP_G、KP_Q用于 DSS 密钥(数字签名标准?)。 对于 Diffie-Hellman,您似乎应该使用KP_PUB_PARAMS并传递指向DHPUBKEY_VER3结构的DATA_BLOB。请注意,您指向的文章来自 Windows Mobile/Windows CE SDK。 CE 的工作方式与桌面/服务器不同,这并不是第一次。
编辑:CE 未实现
KP_PUB_PARAMS。 要在桌面上使用此结构,请参阅 Diffie-Hellman 版本3 个公钥 BLOB。It looks to me that
KP_P,KP_G,KP_Qare for DSS keys (Digital Signature Standard?). For Diffie-Hellman it looks like you're supposed to useKP_PUB_PARAMSand pass aDATA_BLOBthat points to aDHPUBKEY_VER3structure.Note that the article you're pointing to is from the Windows Mobile/Windows CE SDK. It wouldn't be the first time that CE worked differently from the desktop/server.
EDIT: CE does not implement
KP_PUB_PARAMS. To use this structure on the desktop, see Diffie-Hellman Version 3 Public Key BLOBs.可能它只是不喜欢您使用的非常短的键。
我发现该文章的桌面版本可能会有所帮助,因为它有一个完整的例子。
编辑:
OP 从示例中意识到您必须告诉 CryptGenKey 密钥有多长,您可以通过将标志的前 16 位设置为您想要使用的位数来完成此操作。 如果将此值保留为 0,您将获得默认密钥长度。 此记录在设备文档的备注部分中,并使用桌面文档。
对于 Diffie-Hellman 密钥交换算法,在 Windows XP 及更高版本上,基本提供程序默认为 512 位密钥,增强提供程序(默认)默认为 1024 位密钥。 CE 上似乎没有任何关于默认长度的文档。
因此,代码应该是:
It may be that it just doesn't like the very short keys you're using.
I found the desktop version of that article which may help, as it has a full example.
EDIT:
The OP realised from the example that you have to tell CryptGenKey how long the keys are, which you do by setting the top 16-bits of the flags to the number of bits you want to use. If you leave this as 0, you get the default key length. This is documented in the Remarks section of the device documentation, and with the dwFlags parameter in the desktop documentation.
For the Diffie-Hellman key-exchange algorithm, the Base provider defaults to 512-bit keys and the Enhanced provider (which is the default) defaults to 1024-bit keys, on Windows XP and later. There doesn't seem to be any documentation for the default lengths on CE.
The code should therefore be: