Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
As the SIMPLEBLOB type indicates a session key, both a source (private) key and a destination (public) key are required to create a valid key BLOB for the CryptKey.bin file. In the CryptKey.bin case, doing so is accomplished by using an exponent-of-one private key. This type of key is also called a NULL key because although it is accepted by the CryptExportKey function ([MSDN-CRYPTO]), when it is used in that call as the public key, the resulting encryption and decryption do nothing to the private key to be exported. Therefore the private key to be exported is left in its original form.
To create the handle to the exponent-of-one private key, a valid key BLOB of type SIMPLEBLOB is required. This key BLOB is created such that the exponent of the key BLOB format is modified to an exponent of one. To obtain the handle of the exponent-of-one private key, the exponent-of-one key BLOB is used, along with the handle to the provider, in a call to the CryptImportKey function ([MSDN-CRYPTO]), as shown in the following pseudocode:
-
CALL CryptImportKey with parameters (Handle-To CryptProvider, ExponentOfOnePrivateKeyBLOB, Size-Of ExponentOfOnePrivateKeyBLOB, 0, 0, Address-Of handleToExponentOfOnePrivateKey)
The handle to the cryptographic provider is obtained through a call to the CryptAcquireContext function ([MSDN-CRYPTO]) and MUST use one of the allowed CryptKey.bin providers as the provider string. Furthermore, the provider type MUST be set to PROV_RSA_FULL.
The providers that are allowed are listed (as strings) in the following table.
|
Provider |
String name |
|---|---|
|
"Microsoft Base Cryptographic Provider v1.0" |
MS_DEF_PROV |
|
"Microsoft Enhanced Cryptographic Provider v1.0" |
MS_ENHANCED_PROV
|
The key BLOB that is required by Cryptkey.bin can now be generated by calling CryptExportKey with the handle to the original key (the private key) to be exported, the handle of the exponent-of-one private key, the type set to SIMPLEBLOB, the flags value set to zero, a buffer to hold the returned key BLOB, and the length of the key BLOB. The call then returns the properly formatted key BLOB in the buffer parameter. The length of the key BLOB can be determined simply by making the same call to CryptExportKey, but with the buffer parameter (BufferForExportedKeyBLOB) set to zero.
The following pseudocode illustrates this call to create an exportable key BLOB:
-
CALL CryptExportKey with parameters (Handle-To KeyToBeExported, Handle-To ExponentOfOnePrivateKey, SIMPLEBLOB, 0, Pointer-To BufferForExportedKeyBLOB, Pointer-To LengthOfExportedKeyBLOB)
This key BLOB, which is contained in BufferForExportedKeyBLOB, is then placed after the CryptKeyHeader (section 2.1.2.4.1.1.1) and before the CryptKeyTrailer (section 2.1.2.4.1.1.3) in CryptKey.bin.
The method of creating an exponent-of-one private key BLOB has been documented and is widely known. For more information, see [MSDOCS-PrivKeyBlobs].
However, for convenience, the exponent-of-one private key BLOB is provided in the following table. The handle to this key BLOB is obtained by using CryptImportKey, as specified earlier in this section.
|
Name |
Value |
|---|---|
|
ExponentOfOnePrivateKeyBLOB |
const BYTE array[] = { 0x07, 0x02, 0x00, 0x00, 0x00, 0xA4, 0x00, 0x00, 0x52, 0x53, 0x41, 0x32, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xAB, 0xEF, 0xFA, 0xC6, 0x7D, 0xE8, 0xDE, 0xFB, 0x68, 0x38, 0x09, 0x92, 0xD9, 0x42, 0x7E, 0x6B, 0x89, 0x9E, 0x21, 0xD7, 0x52, 0x1C, 0x99, 0x3C, 0x17, 0x48, 0x4E, 0x3A, 0x44, 0x02, 0xF2, 0xFA, 0x74, 0x57, 0xDA, 0xE4, 0xD3, 0xC0, 0x35, 0x67, 0xFA, 0x6E, 0xDF, 0x78, 0x4C, 0x75, 0x35, 0x1C, 0xA0, 0x74, 0x49, 0xE3, 0x20, 0x13, 0x71, 0x35, 0x65, 0xDF, 0x12, 0x20, 0xF5, 0xF5, 0xF5, 0xC1, 0xED, 0x5C, 0x91, 0x36, 0x75, 0xB0, 0xA9, 0x9C, 0x04, 0xDB, 0x0C, 0x8C, 0xBF, 0x99, 0x75, 0x13, 0x7E, 0x87, 0x80, 0x4B, 0x71, 0x94, 0xB8, 0x00, 0xA0, 0x7D, 0xB7, 0x53, 0xDD, 0x20, 0x63, 0xEE, 0xF7, 0x83, 0x41, 0xFE, 0x16, 0xA7, 0x6E, 0xDF, 0x21, 0x7D, 0x76, 0xC0, 0x85, 0xD5, 0x65, 0x7F, 0x00, 0x23, 0x57, 0x45, 0x52, 0x02, 0x9D, 0xEA, 0x69, 0xAC, 0x1F, 0xFD, 0x3F, 0x8C, 0x4A, 0xD0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0xD5, 0xAA, 0xB1, 0xA6, 0x03, 0x18, 0x92, 0x03, 0xAA, 0x31, 0x2E, 0x48, 0x4B, 0x65, 0x20, 0x99, 0xCD, 0xC6, 0x0C, 0x15, 0x0C, 0xBF, 0x3E, 0xFF, 0x78, 0x95, 0x67, 0xB1, 0x74, 0x5B, 0x60, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; |