HOWTO: Obtain the plain text session key using CryptoAPI
Posted
by Raphael Amorim
on December 17th, 2001
This article was contributed by Raphael Amorim.
Environment: VC6 SP5, 2000 SP1,NT4 SP3
Generally it's very important to obtain the value of session keys. However, the Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey() and CryptImportKey() require a valid key handle to encrypt and decrypt the session key, respectively. MSDN shows a way to do this using a "exponent-of-one" private key. But Microsoft's example in MSDN is extremely long and . This way is faster and more comprehensive.
1.Add in C++/PreProcessor definitions:
_WIN32_WINNT=0x0500, _CRYPT32_(WIN2K)
or _WIN32_WINNT=0x0400, _CRYPT32_(NT4)
2. And Link this library
crypt32.lib
#include <windows.h> #include <wincrypt.h> #include <stdio.h> #define KEY_PAIR_SIZE dwSize - 12 #define SESSION_KEY_SIZE dwKeyMaterial void main() { HCRYPTPROV hProv = 0; HCRYPTKEY hExchangeKeyPair = 0; HCRYPTKEY hSessionKey = 0; BYTE *pbKeyMaterial = NULL; DWORD dwKeyMaterial ; BYTE *pbExportedKeyBlob = NULL; BYTE *pbEncryptedKey = NULL; DWORD dwSize; unsigned int c; __try { if (!CryptAcquireContext( &hProv, "Container Name", MS_ENHANCED_PROV , PROV_RSA_FULL, CRYPT_MACHINE_KEYSET )) { __leave; } //--------------------------------------------------- //Creating a session key. In this sample we'll use a //3DES key with 168 bits if (!CryptGenKey( hProv, CALG_3DES, CRYPT_EXPORTABLE, &hSessionKey )) { __leave; } //--------------------------------------------------- //Getting a handle to the Exchange Key pair if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, &hExchangeKeyPair)) { __leave; } //-------------------------------------------------------- //Encrypting the session key with the public key part //of the keypair first call gets the size necessary to //hold the encrypted session key and the second exports it. if (!CryptExportKey( hSessionKey, hExchangeKeyPair, SIMPLEBLOB, 0, NULL, &dwSize)) { __leave; } pbExportedKeyBlob = new BYTE[dwSize]; if (!CryptExportKey( hSessionKey, hExchangeKeyPair, SIMPLEBLOB, 0, pbExportedKeyBlob, &dwSize)) { __leave; } //-------------------------------------------------------- //Let's remove the first 12 bytes of Blob information pbEncryptedKey = new BYTE [KEY_PAIR_SIZE]; for ( c = 0 ; c < KEY_PAIR_SIZE ; c++ ) { pbEncryptedKey[c] = pbExportedKeyBlob[c+12]; } //-------------------------------------------------------- //Now it's time to get the value of the session key, we'll //use the private part of the key pair. if (!CryptDecrypt( hExchangeKeyPair, 0, TRUE, 0, pbEncryptedKey, &dwKeyMaterial)) { __leave; } //------------------------------------------------------- //The pbKeyMaterial is the value of the key pbKeyMaterial = new BYTE[ SESSION_KEY_SIZE ]; for ( c = 0; c < SESSION_KEY_SIZE ; c++ ) { pbKeyMaterial[c] = pbEncryptedKey[c]; } } __finally { if (pbKeyMaterial ) LocalFree(pbKeyMaterial ); if (hSessionKey) CryptDestroyKey(hSessionKey); if (hExchangeKeyPair) CryptDestroyKey(hExchangeKeyPair); if (hProv) { CryptReleaseContext(hProv, 0); } } } // End Main
Comments
I can't run the sample
Posted by mlubino on 06/01/2005 06:13amHi, I'm having some problems in running your example. I have a machine with windows XP installed and internet explorer 6.0 sp2 as browser. When I try to run the the sample it blocks at the instruction: if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, &hExchangeKeyPair)) { __leave; } leaving the execution. Can you give me any advice to solve that problem? Thank you for your help.
ReplyRE: Example doesn't work
Posted by Legacy on 08/26/2003 12:00amOriginally posted by: Raphael Amorim
The example works. The CryptAcquireContext() doesn't work when you assign MS_ENHANCED_PROV because you probably don't have the high encryption pack installed in your machine. Download it at:
http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.asp
There is no problem with encryption/decryption operations with key pairs, they're fully supported by this new version of CryptoApi.
Thank you Alexey for the feedback and sorry for the late answer.
Best regards.
Raphael Amorim
How to import the blob
Posted by Legacy on 04/15/2003 12:00amOriginally posted by: Deli Shen
In what manner we can import these session keys
Posted by Legacy on 11/06/2002 12:00amOriginally posted by: Rakesh
Can you please provide the code for importing these session keys to get the appropriate key handle.
ReplyExample seems not to be working with Nt4 Base provider
Posted by Legacy on 10/01/2002 12:00amOriginally posted by: Vladimir
Example seems not be working with Nt4 Base provider,
CryptDecrypt() fails with NTE_BAD_KEY.
It works perfectly in Win2K environment.
Example doesn't work
Posted by Legacy on 12/20/2001 12:00amOriginally posted by: Alexey