We are trying out the below scenario using CNG with Microsoft key storage provider in C++ builder 2007 IDE
Server side :
create openssl aes-256-cbc key and perform encryption on a secure file and share with the crypto container ( key id + AES key).
Client side :
Application will take the crypto container and store the AES key based on keyid into CNG storage .
In order to implement above, we have used NcryptImportKey with BCRYPT_KEY_DATA_BLOB as BLOB type on AES key provided by server ( which is generated using OPENSSL ), but the NcryptImportKey operation is failing with 0x80090009 , 0x80090029, 0x80090026 with different blob types.
can you please give us clarity on below aspects
- Is it possible to import/store 3rd party Linux (OPENSSL)based key into CNG storage?
- Is CNG support import operation in c++ builder 2006 IDE ( with default ncrypt.h, bcrypt.h, ncrypt.dll, bcrypt.dll which will come along with c++ builder 2006 installation )?
- If the above are feasible, can you please help us with which blob type we may need to use for importing openssl key to Microsoft KSP