Universal Windows Platform (UWP)
A Microsoft platform for building and publishing apps for Windows desktop devices.
2,577 questions
NCrypt API NCryptCreatePersistedKey fails when NCRYPT_MACHINE_KEY_FLAG flag is used
Sudheendra Subbarao
6
Reputation points
We are trying to use NCrypt APIs to perform encrypt and decrypt of data.
We are using these APIs in C++ static library which is consumed by Winrt component which is eventually consumed by C# UWP app
UWP App --> WinRT COmponent --> C++ static lib
we are using the below APIs in the C++ static lib.
NCryptOpenStorageProvider - with MS_PLATFORM_CRYPTO_PROVIDER ( we need to use this with TPM only)
NCryptCreatePersistedKey - with NCRYPT_OVERWRITE_KEY_FLAG | NCRYPT_MACHINE_KEY_FLAG flags
if we use NCryptCreatePersistedKey with dwFlags as 0 (i.e current user) it works fine.
if we use NCryptCreatePersistedKey with dwFlags as NCRYPT_MACHINE_KEY_FLAG, the API fails.
It would be great if anyone can help with this
Universal Windows Platform (UWP)
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,071 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
2,912 questions
{count} votes
-
Jeanine Zhang-MSFT 5,981 Reputation points Microsoft Vendor2022-04-18T08:00:40.327+00:00 Could you please tell us, what is the error code?
Whether the error code is 0x80090010 (Access Denied)?
If so, I suggest you could try to run as administrator.
If not, please show a minimal, reproducible sample without private information. -
Sudheendra Subbarao 6 Reputation points
2022-04-18T13:11:05.367+00:00 Yes, It fails with NTE_PERM which is access denied error.
When run in admin mode, the C++ console app works fine but the same don't work in UWP app.
Wanted to know if the APIs are supported or not when called through UWP?
-
Roy Li - MSFT 29,361 Reputation points Microsoft Vendor
2022-04-19T02:08:02.093+00:00 Could you please share a sample of this? Please directly call this API from a native UWP application instead of using other components. If the issue still exists, then please share the UWP sample with us on Github or onedrive.
-
Sudheendra Subbarao 6 Reputation points
2022-04-19T05:20:24.84+00:00 We are using the below APIs
secStatus = NCryptOpenStorageProvider(&ProviderHandleA,MS_PLATFORM_CRYPTO_PROVIDER, 0);
//The below line fails with secStatus as NTE_PERM
secStatus = NCryptCreatePersistedKey(ProviderHandleA, &PrivKeyHandleA,
NCRYPT_RSA_ALGORITHM, L"abc",0, NCRYPT_MACHINE_KEY_FLAG);The code is called from C++ static library which is integrated with C++ Windows Runtime Component(WinRT).
The WinRT component is then consumed by C# UWP app.As already mentioned the above code works fine in Console C++ app but fails only when called from C# UWP
-
Roy Li - MSFT 29,361 Reputation points Microsoft Vendor
2022-04-19T05:52:22.067+00:00 This API is presented in the list of Win32 and COM APIs for UWP apps. So this API is able to use in your UWP app. Maybe I did not make it clear. What I mean in my last comment is that you could directly call this API from the C# UWP app using P/Invoke. We could try to simplify the project to narrow down the problem to see if the issue is related to that specific flag or some other reason.
-
Roy Li - MSFT 29,361 Reputation points Microsoft Vendor
2022-04-29T08:26:19.893+00:00 @Sudheendra Subbarao Haven't heard from you for a while. Have you solved your issue?
-
Sudheendra Subbarao 6 Reputation points
2022-06-27T08:00:58.55+00:00 The issue has not been resolved yet.
We did try to call the APIs directly from UWP using P/InvokeWe tried a couple of APIs
NCryptOpenStorageProvider and NCryptCreatePersistedKeythe NCryptOpenStorageProvider works fine and returns 0 which is success
but NCryptCreatePersistedKey returns error code -2146893783 which corresponds to
NTE_NOT_SUPPORTEDAny suggestion on how to proceed would be really helpful
Sign in to comment