我正在尝试使用CNG通过作为参数给出的公共密钥来加密某些数据。调用NCryptImportKey函数时,出现NTE_BAD_DATA错误 which isn't listed in the msdn page.

我的代码:

#include <iostream>
#include <Windows.h>
#include <Bcrypt.h>
#include <Ntstatus.h>
#include <string>
#include <vector>
#include "base64.h"

using std::string;
using std::vector;

struct MyRSAPublicBlob {
    BCRYPT_RSAKEY_BLOB blob;
    BYTE exponent[3];
    BYTE modulus[128];
    MyRSAPublicBlob(const vector<BYTE>& mod, const vector<BYTE>& exp)
    {
        blob.BitLength = (128 + 3) * 8;
        blob.Magic = BCRYPT_RSAPUBLIC_MAGIC;
        blob.cbModulus = 128;
        blob.cbPublicExp = 3;
        for (size_t i = 0; i < mod.size(); ++i) //copy BigEndian
            modulus[i] = mod[mod.size() - 1 - i];
        for (size_t i = 0; i < exp.size(); ++i) //copy BigEndian
            exponent[i] = exp[exp.size() - 1 - i];
    }
    MyRSAPublicBlob() { ; }

};

MyRSAPublicBlob b;

bool RSA_encrypt() {
    SECURITY_STATUS stat;
    NCRYPT_PROV_HANDLE hProv;
    NCRYPT_KEY_HANDLE hKey;

    stat = NCryptOpenStorageProvider(&hProv, MS_KEY_STORAGE_PROVIDER, 0);
    if (ERROR_SUCCESS != stat) {
        std::cout << "failed in NCryptOpenStorageProvider: " << GetLastError() << std::endl;
        return false;
    }
    stat = NCryptImportKey(hProv,
        NULL,
        BCRYPT_RSAPUBLIC_BLOB,
        NULL,
        &hKey,
        (PBYTE)&b.blob,
        sizeof(b),
        0);

    if (ERROR_SUCCESS != stat) {
        std::cout << "failed in NCryptImportKey: " << GetLastError() << std::endl;
        return false;
    }


我如何构造MyRSAPublicBlob的示例:

string PubKeyModulus = "yVUndgQFuB5Z5FgC0/WgWCg6Y8VuB582avGjQDdeoJDa1+RBKCyXo700sAMSGjM/bVakOlFqvCsVFNBysx1CH731CDb2DR1a0bsmYmDQ9d0ZHX+AOohVDIx9mc7bkDQZoEFpe9NqFsu95Y9yktpl1JKPmKyLOFgufGJYYvQyoOM=";
string PubKeyExp = "AQAB";

vector<BYTE> PubKeyModulus_bin = base64_decode(PubKeyModulus);
vector<BYTE> PubKeyExp_bin = base64_decode(PubKeyExp);
struct MyRSAPublicBlob c(PubKeyModulus_bin, PubKeyExp_bin);
b = c;


我直率做错了什么吗?

最佳答案

BitLength值是“密钥的大小”,对于RSA来说是“模数值的大小”。因此,对于cbModulus来说有点多余,但是c'est la vie。

如果在计算BitLength时删除+ 3,它可能会开始工作。与.NET为RSACng.ImportParameters构建blob相比:http://source.dot.net/#System.Security.Cryptography.Cng/Common/System/Security/Cryptography/RSACng.ImportExport.cs,79

关于c++ - C++使用CNG从模数和指数中导入RSA公钥,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/44266617/

10-11 18:06