HOWTO: Obtain the plain text session key using CryptoAPI


Application Security Testing: An Integral Part of DevOps

This article was contributed by Raphael Amorim.

Environment: VC6 SP5, 2000 SP1,NT4 SP3

Generally it's very important to obtain the value of session keys. However, the Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey() and CryptImportKey() require a valid key handle to encrypt and decrypt the session key, respectively. MSDN shows a way to do this using a "exponent-of-one" private key. But Microsoft's example in MSDN is extremely long and . This way is faster and more comprehensive.

It's ready to run, but you must set the following parameters at Project -> Settings (Visual Studio 6.0 ) :

1.Add in C++/PreProcessor definitions:

_WIN32_WINNT=0x0500, _CRYPT32_(WIN2K)

or _WIN32_WINNT=0x0400, _CRYPT32_(NT4)

2. And Link this library


#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>

#define KEY_PAIR_SIZE     dwSize - 12
#define SESSION_KEY_SIZE  dwKeyMaterial

void main()
   HCRYPTPROV hProv = 0;
   HCRYPTKEY hExchangeKeyPair = 0;
   HCRYPTKEY hSessionKey = 0;
   BYTE *pbKeyMaterial  = NULL;
   DWORD dwKeyMaterial ;   
   BYTE *pbExportedKeyBlob = NULL;
   BYTE *pbEncryptedKey    = NULL;
   DWORD dwSize;
   unsigned int c;
    if (!CryptAcquireContext( &hProv, 
                              "Container Name", 
                              MS_ENHANCED_PROV , 
                              CRYPT_MACHINE_KEYSET ))
    //Creating a session key. In this sample we'll use a 
    //3DES key with 168 bits

    if (!CryptGenKey( hProv, CALG_3DES, 
                      CRYPT_EXPORTABLE, &hSessionKey ))

    //Getting a handle to the Exchange Key pair
    if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, &hExchangeKeyPair))

    //Encrypting the session key with the public key part
    //of the keypair first call gets the size necessary to 
    //hold the encrypted session key and the second exports it.
    if (!CryptExportKey( hSessionKey, 

    pbExportedKeyBlob = new BYTE[dwSize];

    if (!CryptExportKey( hSessionKey, 
    //Let's  remove the first 12 bytes of  Blob information 
    pbEncryptedKey  =  new BYTE [KEY_PAIR_SIZE];  
    for ( c = 0 ; c < KEY_PAIR_SIZE ; c++ )
      pbEncryptedKey[c] =  pbExportedKeyBlob[c+12]; 
    //Now it's time to get the value of the session key, we'll
    //use the private part of the key pair. 
    if (!CryptDecrypt( hExchangeKeyPair, 0, 
                       TRUE, 0,  
                       pbEncryptedKey, &dwKeyMaterial))
    //The pbKeyMaterial is the value of the key
    pbKeyMaterial = new BYTE[ SESSION_KEY_SIZE ];
    for	( c = 0; c <  SESSION_KEY_SIZE ; c++ )
      pbKeyMaterial[c] = pbEncryptedKey[c];
      if (pbKeyMaterial ) LocalFree(pbKeyMaterial );
      if (hSessionKey) CryptDestroyKey(hSessionKey);
      if (hExchangeKeyPair) CryptDestroyKey(hExchangeKeyPair);
      if (hProv) 
         CryptReleaseContext(hProv, 0);

} // End Main


Download demo project - 7 Kb


  • I can't run the sample

    Posted by mlubino on 06/01/2005 06:13am

    Hi, I'm having some problems in running your example. I have a machine with windows XP installed and internet explorer 6.0 sp2 as browser. When I try to run the the sample it blocks at the instruction: if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, &hExchangeKeyPair)) { __leave; } leaving the execution. Can you give me any advice to solve that problem? Thank you for your help.

  • RE: Example doesn't work

    Posted by Legacy on 08/26/2003 12:00am

    Originally posted by: Raphael Amorim

    The example works. The CryptAcquireContext() doesn't work when you assign MS_ENHANCED_PROV because you probably don't have the high encryption pack installed in your machine. Download it at:


    There is no problem with encryption/decryption operations with key pairs, they're fully supported by this new version of CryptoApi.

    Thank you Alexey for the feedback and sorry for the late answer.

    Best regards.

    Raphael Amorim

  • How to import the blob

    Posted by Legacy on 04/15/2003 12:00am

    Originally posted by: Deli Shen

    This way is more comprehensible than the component-of-one
    method in MSDN, but how to import the session key?
    Do we have to encrypt the blob then import? Could not
    get the import work. Help will be appreciated.

  • In what manner we can import these session keys

    Posted by Legacy on 11/06/2002 12:00am

    Originally posted by: Rakesh

    Can you please provide the code for importing these session keys to get the appropriate key handle.

  • Example seems not to be working with Nt4 Base provider

    Posted by Legacy on 10/01/2002 12:00am

    Originally posted by: Vladimir

    Example seems not be working with Nt4 Base provider,
    CryptDecrypt() fails with NTE_BAD_KEY.
    It works perfectly in Win2K environment.

  • Example doesn't work

    Posted by Legacy on 12/20/2001 12:00am

    Originally posted by: Alexey

    1. CryptAcquireContext() doesn't work when I assign MS_ENHANCED_PROV.

    2. There is a problem with decryption of the key blob (CryptDecrypt() method).
    It seems that encryption/descryption operations with key pairs are not supported by CryptDecrypt/CryptEncrypt methods.

    Could you please explain what is a problem?

    Thank you in advance,

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.