Symmetric Key Encryption/Decryption using advapi32.dll - how to retrieve a key handle from an HSM

• • Reply

  12 years ago

  by RodTodd

  Rodney Smith

  , United States

  Joined 12 years ago

  I'm am trying to use the cryptographic function within the advapi32.dll to perform symmetric encryption/decryption using an AES key.  The issue I am having is that the AES key is required to be stored on a LunaPCI HSM and I am having trouble obtaining a handle to the key to then perform the encrypt/decrypt. 

  My first question really is can this be achieved?  I am led to believe the storing/retrieval o symmetric keys cannot be done via the MS CAPI hence I am going down this path.

  I have the LunaPCI card installed and have registered it in the registry as a CSP.

  Using the following code I a "True" from the CryptAcquireContext() method - so I am connection to the CSP ok and default key container.  The problem is I do not seem to be able to get a handle to a key?  There doesn't seem to be a method available to get a symmetric key - am I missing something here?

  Any help here would be much appreciated.

  regards,

  Peter.

  
  using System;
  using System.Collections.Generic;
  using System.Text;
  using System.IO;
  using System.Security.Cryptography;
  using System.Runtime.InteropServices;

  using Microsoft.Practices.EnterpriseLibrary.Common.Configuration;
  using Microsoft.Practices.EnterpriseLibrary.Security.Cryptography;
  using Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration;

  namespace URUPlay
  {
      class Program
      {
          [DllImport("advapi32.dll", CharSet = CharSet.Auto)]
          [return: MarshalAs(UnmanagedType.Bool)]
          private static extern bool CryptAcquireContext(
              ref IntPtr hProv,
              string pszContainer,
              string pszProvider,
              uint dwProvType,
              uint dwFlags);

          [DllImport(@"advapi32.dll")]
          [return: MarshalAs(UnmanagedType.Bool)]
          internal static extern bool CryptEncrypt(
              IntPtr hKey,
              int hHash,
              int Final,
              int dwFlags,
              byte[] pbData,
              ref int pdwDataLen,
              int dwBufLen);

          [DllImport(@"advapi32.dll", SetLastError = true)]
          [return: MarshalAs(UnmanagedType.Bool)]
          internal static extern bool CryptDecrypt(
              IntPtr hKey,
              int hHash,
              int Final,
              int dwFlags,
              byte[] pbData,
              ref int pdwDataLen);

          [DllImport(@"advapi32.dll")]
          [return: MarshalAs(UnmanagedType.Bool)]
          internal static extern bool CryptReleaseContext(
              IntPtr hProv,
              int dwFlags);

          [DllImport(@"advapi32.dll", EntryPoint = "CryptGetUserKey", CharSet = CharSet.Ansi)]
          [return: MarshalAs(UnmanagedType.Bool)]
          internal static extern bool CryptGetUserKey(
              IntPtr hProv,
              int dwKeySpec,
              ref IntPtr phUserKey);

          static void Main(string[] args)
          {
            
              try
              {

                  string text = "1234567891234567";
                  System.Console.WriteLine("Raw Text = [{0}]", text);
                  string enc = Encrypt(text);
                  System.Console.WriteLine("Encrpyted Text = [{0}]", enc);
                  //string dec = Decrypt(enc);
                  //System.Console.WriteLine("Decrypted Text = [{0}]", dec);
              }
              catch (Exception e)
              {
                  System.Console.WriteLine("error [{0}]", e.Message);
                  System.Console.WriteLine("Stack Trace [{0}]", e.StackTrace);
              }

  
              System.Console.ReadKey();
             
          }

  
          static string Encrypt(string text)
          {
              IntPtr hProv = IntPtr.Zero;
              IntPtr hKey = IntPtr.Zero;
              string passphrase = "";

              uint PROV_RSA_FULL = 1;
              uint CRYPT_VERIFYCONTEXT = 0xf0000000;
              uint CRYPT_NEWKEYSET = 0x8;

              byte[] data = Encoding.UTF8.GetBytes(text);
              uint dataLength = (uint)data.Length;
              uint bufLength = (uint)data.Length;
             
              bool status = Program.CryptAcquireContext(ref hProv, null, "Luna Cryptographic Services for Microsoft

  Windows",  1, CRYPT_VERIFYCONTEXT);
       // This returns True
              System.Console.WriteLine("Acquire Context Status = [{0}]", status);

             
       // This line doesn't work - how would I get a handle to Key "5" from the HSM?
              status = Program.CryptGetUserKey(hProv, 7, ref hKey);
              System.Console.WriteLine("Get Key Status = [{0}]", status);

              // First Parameter Here - I need the key!!!
              //Program.CryptEncrypt();

              CryptReleaseContext(hProv, 0);

              return "";
          }

          static string Decrypt(string text)
          {
              return "";
          }
      }
  }

  Report abuse
• • Reply

  9 years ago

  by loupoo

  loup grey

  Limoges, France

  Joined 9 years ago

  Hi RodTodd,

  I have the same problem, So if you can help me,it will be greatfull.

  Regards

  Report abuse