RE: Private key format

[Colestock, Robert]

Kabher Khan:   I am new to this list.  I have built keys using Crypto++ for RSA, DH and DSA.  I have also used these keys to sign/encrypt/decrypt messages that MS Crypto API can verify/decrypt/encrypt.  I have never found a way to directly import a raw private key into the MS CAPI interface.  Public keys can be imported to the MS CAPI interface by wrapping them in a certificate and installing the certificate (binary cert with a .cer extension, double click and press INSTALL).   I have also never found a way to export a clear private key from MS CAPI.   What I have done is wrap the public key generated by Crypto++ in a certificate, wrap the private key in a PCKS-12 packet (password protected) with the matching certificate, and IMPORTED this PKCS-12 packet into the MS CAPI interface.  Once you are successful with the IMPORT, you can then access the private key for sign/decryption operations using MS CAPI.  You still cannot see the actual private key in the clear.  I have also found it difficult to match a public key in a certificate with a private key in the MS CAPI store.  This was all done on MS Windows 2k/XP systems.  You will have to be careful of the certificate details for a proper IMPORT as well, lots of rules for MS to accept the certificate and associate it with your specific login.  It must also be fully validated (i.e. you must provide the signer details).   The Crypto++ library does not provide the certificate details mentioned above, just the raw keys (and of course the algorithm processing necessary to perform the sign/verify/encrypt/decrypt).  The Certificate management is another layer above the Crypto++ functionality.   The actual private key formats I use are:     DSA: ASN.1 encoded Integer for (mine are 20 bytes long);   RSA (from rfc 2313) :   RSAPrivateKey ::= SEQUENCE {      version Version,      modulus INTEGER, -- n      publicExponent INTEGER, -- e      privateExponent INTEGER, -- d      prime1 INTEGER, -- p      prime2 INTEGER, -- q      exponent1 INTEGER, -- d mod (p-1)      exponent2 INTEGER, -- d mod (q-1)      coefficient INTEGER -- (inverse of q) mod p }    Version ::= INTEGER   Hope this helps.   Bob Colestock   -----Original Message----- From: Kabher Khan [mailto:[EMAIL PROTECTED] Sent: Monday, January 27, 2003 9:11 AM To: [EMAIL PROTECTED] Subject: Re: Private key format   Hai All Sorry for reposting the same question.I wolud like to know the encoding formats of the keys that are generated with crypto++ lib. I am looking for interoperatability between ms capi and crypto++.   Thanks in advance Regards Kabheer      Kabher Khan <[EMAIL PROTECTED]> wrote: Hai We are generating hex encode key pairs .Can we use this key pars with MS Crypto API.What is the for mat of private key with crypto++.   Thanks Regards KabheerKhan   Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now   Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now