Gabriel: I am new to the list, so if this should be sent directly and not to the list please let me know.
I have some PKCS-8 like logic that stores private keys using a password. Unfortunately for you there is a lot involved (ASN.1 encode/decode, password hashing, algorithm determination). I looked at extracting just the encryption code, but this would be time consuming. If you are interested I can send you the sources to see if the code might be of use. The logic uses our version of the SNACC ASN.1 compiler and run-time library, you would have to replace this or remove the ASN.1 components. It is built for both Crypto++5.0 and 4.2 libraries, using 3DES or RC2 algorithms. I believe it follows the PCKS-8 specification, but I have not performed interoperability tests on the logic. We use this logic to encrypt and decrypt our private keys for local storage using a password. In addition, these same routines perform PKCS12 decode/decrypt operations to provide a list of certificates and a clear private key for the DSA and RSA algorithms. Unfortunately I never updated the logic to build PKCS-12 password protected files, only decode/decrypt. Again, you would have to sift through the code to extract the components of interest (unless you wanted to use the entire library set, including our ASN.1 run-time library). All of these routines are written for the freeware SFL library, so all of our parameters use our internal buffers and lists; you would have to modify this behavour for your library use. They do use the Crypto++ library, they are tested and relatively mature. As to the Microsoft CAPI interface; it is possible to store public/private keys in the registry of the local user. In my experience this is best accomplished through PKCS-12 password protected keys/certs that are imported to CAPI. You can then reference the keys through the CAPI interface. I have written some CAPI code to access such keys through handles, but I have never tried to extract a clear key for direct use in another crypto library such as Crypto++, it goes against the intent of the MS CAPI interface. Let me know if you are interested, or alternatively you can download the entire library at www.digitalnet.com under the S/MIME Freeware Library (much of this is overkill for your inquiry). Bob Colestock -----Original Message----- From: Gabriel Dos Santos [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 22, 2003 11:27 AM To: [EMAIL PROTECTED] Subject: Storing keys Hi, I'm working with crypto++ 5 on Windows 2000 and 98. So far, I've been able to successfully encrypt/decrypt session keys and sign/verify files using RSA public key. I've generated the key pair once and saved it to a file. This is good for testing but in real world I must store private keys in a secure way. Does Crypto++ support any key store functionality? If not, any idea about how to accomplish this will be higly appreciated :-). As far as I know Microsoft's Crypto API stores keys in their own format so I can`t use their CSP to store key. I'm I right? Thanks in advance, Gabriel _________________________________________________________________ Charla con tus amigos en l�nea mediante MSN Messenger: http://messenger.yupimsn.com/
