HOWTO: Obtain the plain text session key using CryptoAPI


This article was contributed by Raphael Amorim.

Environment: VC6 SP5, 2000 SP1,NT4 SP3

Generally it's very important to obtain the value of session keys. However, the Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey() and CryptImportKey() require a valid key handle to encrypt and decrypt the session key, respectively. MSDN shows a way to do this using a "exponent-of-one" private key. But Microsoft's example in MSDN is extremely long and . This way is faster and more comprehensive.

It's ready to run, but you must set the following parameters at Project -> Settings (Visual Studio 6.0 ) :

1.Add in C++/PreProcessor definitions:

_WIN32_WINNT=0x0500, _CRYPT32_(WIN2K)

or _WIN32_WINNT=0x0400, _CRYPT32_(NT4)

2. And Link this library

crypt32.lib

#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>

#define KEY_PAIR_SIZE     dwSize - 12
#define SESSION_KEY_SIZE  dwKeyMaterial

void main()
{
  
   HCRYPTPROV hProv = 0;
   HCRYPTKEY hExchangeKeyPair = 0;
   HCRYPTKEY hSessionKey = 0;
   BYTE *pbKeyMaterial  = NULL;
   DWORD dwKeyMaterial ;   
   BYTE *pbExportedKeyBlob = NULL;
   BYTE *pbEncryptedKey    = NULL;
   DWORD dwSize;
   unsigned int c;
      
   __try
   {
	  
    if (!CryptAcquireContext( &hProv, 
                              "Container Name", 
                              MS_ENHANCED_PROV , 
                              PROV_RSA_FULL, 
                              CRYPT_MACHINE_KEYSET ))
    {
      __leave;
    }
  
    //---------------------------------------------------
    //Creating a session key. In this sample we'll use a 
    //3DES key with 168 bits

    if (!CryptGenKey( hProv, CALG_3DES, 
                      CRYPT_EXPORTABLE, &hSessionKey ))
    {
      __leave;
    }

    //---------------------------------------------------
    //Getting a handle to the Exchange Key pair
		        
    if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, &hExchangeKeyPair))
    {
      __leave;
    }

    //--------------------------------------------------------
    //Encrypting the session key with the public key part
    //of the keypair first call gets the size necessary to 
    //hold the encrypted session key and the second exports it.
		
    if (!CryptExportKey( hSessionKey, 
                         hExchangeKeyPair, 
                         SIMPLEBLOB, 
                         0, 
                         NULL, 
                         &dwSize))
    {
      __leave;
    }

    pbExportedKeyBlob = new BYTE[dwSize];

    if (!CryptExportKey( hSessionKey, 
                         hExchangeKeyPair, 
                         SIMPLEBLOB, 
                         0, 
                         pbExportedKeyBlob,  
                         &dwSize))
    {
      __leave;
    }
  
    //--------------------------------------------------------
    //Let's  remove the first 12 bytes of  Blob information 
		
    pbEncryptedKey  =  new BYTE [KEY_PAIR_SIZE];  
		
    for ( c = 0 ; c < KEY_PAIR_SIZE ; c++ )
    {
      pbEncryptedKey[c] =  pbExportedKeyBlob[c+12]; 
    }
		
    //--------------------------------------------------------
    //Now it's time to get the value of the session key, we'll
    //use the private part of the key pair. 
		
    if (!CryptDecrypt( hExchangeKeyPair, 0, 
                       TRUE, 0,  
                       pbEncryptedKey, &dwKeyMaterial))
    {
      __leave;
    }
		
    //-------------------------------------------------------
    //The pbKeyMaterial is the value of the key
		
    pbKeyMaterial = new BYTE[ SESSION_KEY_SIZE ];
		
    for	( c = 0; c <  SESSION_KEY_SIZE ; c++ )
    {
      pbKeyMaterial[c] = pbEncryptedKey[c];
    }
   
   }
   __finally
   {
      if (pbKeyMaterial ) LocalFree(pbKeyMaterial );
      if (hSessionKey) CryptDestroyKey(hSessionKey);
      if (hExchangeKeyPair) CryptDestroyKey(hExchangeKeyPair);
      if (hProv) 
      {  
         CryptReleaseContext(hProv, 0);
      }
   
   }

} // End Main

Downloads

Download demo project - 7 Kb


Comments

  • I can't run the sample

    Posted by mlubino on 06/01/2005 06:13am

    Hi, I'm having some problems in running your example. I have a machine with windows XP installed and internet explorer 6.0 sp2 as browser. When I try to run the the sample it blocks at the instruction: if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, &hExchangeKeyPair)) { __leave; } leaving the execution. Can you give me any advice to solve that problem? Thank you for your help.

    Reply
  • RE: Example doesn't work

    Posted by Legacy on 08/26/2003 12:00am

    Originally posted by: Raphael Amorim

    The example works. The CryptAcquireContext() doesn't work when you assign MS_ENHANCED_PROV because you probably don't have the high encryption pack installed in your machine. Download it at:

    http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.asp

    There is no problem with encryption/decryption operations with key pairs, they're fully supported by this new version of CryptoApi.

    Thank you Alexey for the feedback and sorry for the late answer.

    Best regards.

    Raphael Amorim

    Reply
  • How to import the blob

    Posted by Legacy on 04/15/2003 12:00am

    Originally posted by: Deli Shen

    This way is more comprehensible than the component-of-one
    
    method in MSDN, but how to import the session key?
    Do we have to encrypt the blob then import? Could not
    get the import work. Help will be appreciated.

    Reply
  • In what manner we can import these session keys

    Posted by Legacy on 11/06/2002 12:00am

    Originally posted by: Rakesh

    Can you please provide the code for importing these session keys to get the appropriate key handle.

    Reply
  • Example seems not to be working with Nt4 Base provider

    Posted by Legacy on 10/01/2002 12:00am

    Originally posted by: Vladimir

    Example seems not be working with Nt4 Base provider,
    CryptDecrypt() fails with NTE_BAD_KEY.
    It works perfectly in Win2K environment.

    Reply
  • Example doesn't work

    Posted by Legacy on 12/20/2001 12:00am

    Originally posted by: Alexey

    1. CryptAcquireContext() doesn't work when I assign MS_ENHANCED_PROV.
    
    

    2. There is a problem with decryption of the key blob (CryptDecrypt() method).
    It seems that encryption/descryption operations with key pairs are not supported by CryptDecrypt/CryptEncrypt methods.

    Could you please explain what is a problem?

    Thank you in advance,
    Alexey.

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: September 10, 2014 Modern mobile applications connect systems-of-engagement (mobile apps) with systems-of-record (traditional IT) to deliver new and innovative business value. But the lifecycle for development of mobile apps is also new and different. Emerging trends in mobile development call for faster delivery of incremental features, coupled with feedback from the users of the app "in the wild." This loop of continuous delivery and continuous feedback is how the best mobile …

  • Java developers know that testing code changes can be a huge pain, and waiting for an application to redeploy after a code fix can take an eternity. Wouldn't it be great if you could see your code changes immediately, fine-tune, debug, explore and deploy code without waiting for ages? In this white paper, find out how that's possible with a Java plugin that drastically changes the way you develop, test and run Java applications. Discover the advantages of this plugin, and the changes you can expect to see …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds