Programming with the Cryptography APIs

Posted July 16, 2004

Chat Date: July 7, 2004

Please note: Portions of this transcript have been edited for clarity

Introduction

Moderator: Jana (Microsoft)
Welcome everyone to today's chat. We are lucky to have the Windows Security Team to chat about Programming with the Cryptography APIs. Let's introduce our line-up:

Moderator: Jana (Microsoft)
I am Jana Carter and am a Product Manager on the Communities team. I manage the chat program.

Host: Walter (Microsoft)
Hello. My name is Walter Poupore and I am a Windows Server SDK writer.

Host: Eric (Microsoft)
Hi. I'm Eric Slesar, a Programmer/Writer on the Windows Server SDK Security team.

Host: DavidM (Microsoft)
I'm David Miller, and I'm a technical writer for Security SDKs. Primarily crypto. Welcome!

Host: John Banes (Microsoft)
I’m a developer on the Windows Core Security team. In the last few years, I’ve worked on the SSL protocol, the data protection API (DPAPI), and portions of CryptoAPI.

Host: Janet (Microsoft)
Hi, my name is Janet and I’m a technical editor for Server SDK documentation.

Host: DSIE (Microsoft)
Hi all, My name is Daniel Sie. I am a developer on the PKI team. Nice talking to you all. Have a nice chat.

Host: Clopez (Microsoft)
Hi, I'm Carlos Lopez from developer support and I support CryptoAPI, Certificates, Certificate Services interfaces, .NET Cryptography namespace and other security technologies (GINA, access control, etc).

Host: RyanMen (Microsoft)
Hi, I am Ryan and I am a tester in the Cryptography Test Team. Specifically, I work on CryptoAPI.

Host: DanG (Microsoft)
Hi! I'm Dan Griffin and I'm a developer for Crypto API 1.0 and the Smart Card API.

Host: David Cross (Microsoft)
David Cross is a Lead Program Manager with the Microsoft Windows Security organization focusing on PKI and security solutions in the Windows platform. He joined Microsoft in 1998 and has made significant technical and architectural contributions to. Microsoft products such as Windows 2000, Windows XP, Windows Server 2003 and Exchange Server 2003. In addition, David has been a contributing author on a number of whitepapers and Microsoft Press books regarding Microsoft security and PKI. Prior to joining Microsoft, he spent two years as a Project Manager and Senior Architect with the Microsoft Solution Provider/Partner community and five years with the aviation electronic warfare community of the United States Navy. David has spoken at a number of industry conferences around the world including TechED, RSA, PKI Forum and NISSC. David has a B.S. in Computer Information Systems as well as an MBA in Management Information Systems.

Host: Host: KelvinY (Microsoft)
Hi! My name is Kelvin Yiu, I am a Program Manager on the Windows Security PKI team.

Host: Host: MonicaEne (Microsoft)
My name is Monica Ene-Pietrosanu and I am a Program Manager in Windows Security, working on PKI technologies.

Begin Chat

Host: David Cross (Microsoft)
Q: Where should developers go for good managed code examples that illustrate how to build apps that leverage the dpapi?
A: Managed code support for DPAPI will be added in the "Whidbey" release of the .NET framework

Host: Janet (Microsoft)
Q: Could a white paper be provided for driver developers with an example of using fips.sys?
A: Sorry, there isn’t a white paper available.

Host: DSIE (Microsoft)
Q: What is the forward-looking support view for CAPICOM?
A: CAPICOM is still supported with minor upgrade coming up soon. However, managed .Net Framework will be the main emphasis.

Host: RyanMen (Microsoft)
Q: Could a white paper be provided for driver developers with an example of using fips.sys?
A: Fips.sys is not publicly supported. so the answer is no.

Host: Host: MonicaEne (Microsoft)
Q: will Microsoft offer a formal Time Stamp service like VeriSigns?
A: No current plans for this. We are currently working on designing our timestamping strategy, Will make them public when plans are finalized.

Host: Host: KelvinY (Microsoft)
Q: I have problems in exporting the certificate with associated private key from the IE store

A: Can you be more specific? You need to make sure the key was generated with the "exportable" flag. Otherwise the private key cannot be exported.

Host: DSIE (Microsoft)
Q: Using Capicom: Is there a way I could get a short string after encrypting?
A: What do you mean by short string? Can you please elaborate?

Host: David Cross (Microsoft)
Q: Do you know of any good sources of information on weak keys for the most commonly used symmetric algorithms (well, at least for those that are part of a typical full rsa implementation: RC2, RC4, all kinds of DES)?
A: I would recommend this book: https://www.microsoft.com/MSPress/books/5957.asp

Host: John Banes (Microsoft)
Q: Why does SSL add so much overhead to web site performance, other than special hardware how can this cpu hit be mitigated?
A: Most of the overhead is caused by the RSA decryption operation that the server needs to perform when doing an SSL full handshake. How long this takes is largely dependent on the size of the RSA key. Managing the SSL cache settings can sometimes help, so that reconnect handshakes are used rather than full handshakes.

Host: DanG (Microsoft)
Q: Is it possible to create plaintext PRIVATEKEYBLOBs? The MSDN documentation seems to give contradictory answers to this question. If so, what sense would it make?
A: Sure. For example, this would consist of an unencrypted RSA private key. The composition of such a blob is documented in MSDN, I believe. Note, it is also possible to create an encrypted PRIVATEKEYBLOB as well. You can indicate to the CSP whether the blob is encrypted simply by passing in the optional key handle to CryptImportKey.

Host: DSIE (Microsoft)
Q: I am unable to export a valid .pfx file using Crypto API's
A: How do you try to export it? What error code did you receive?

Host: David Cross (Microsoft)
Q: Are there any detailed traces of function calls available for the most typical sets of operations with cryptoAPI? I mean E-mail signing, logon, and such. I've found something in the Smart Card CSP Cookbook, but it doesn't really have that much details
A: Unfortunately the cookbook is the best set of examples we have. Have you seen the CSP test suite? https://download.microsoft.com/download/a/9/8/a9831d81-013e-4ba8-a186-18c9133a2cc2/CSPTSTS10.EXE

Host: John Banes (Microsoft)
Q: If a CSP is going to be used for SSL (https connections), does it have to be an SCHANNEL provider? Might it only be an RSA_FULL CSP? Which functions should it implement, in addition to the ones assigned to the RSA_FULL?
A: Our SSL implementation (Schannel) is integrated with CryptoAPI. When performing server-side SSL handshakes, the CSP that owns the RSA private key needs to be able to support deriving encryption keys using the mandated SSL key derivation scheme. This is a little. complicated, as it requires a fair bit of SSL-specific crypto goo to be placed inside of the CSP itself. A CSP indicates support for this stuff by being registered as an Schannel CSP. That is, a CSP of type PROV_RSA_SCHANNEL or PROV_DH_SCHANNEL. Client-side key derivation is disassociated with the client private key, and so no special CSP type is required on the client.

Host: DSIE (Microsoft)
Q: Which data will be used to calculate the file hash used for Authenticode?
A: Almost the entire image file, except few places.

Host: Host: KelvinY (Microsoft)
Q: What is the forward-looking support view for CAPICOM?
A: We are planning to support CAPICOM for the foreseeable future. In fact, we will release a new version of CAPICOM (2.0.0.4) next month.

Host: DSIE (Microsoft)
Q: I get error "This file is invalid for use as the following: Personal Information Exchange
A: That means the file is not recognized as PKCS #12 (pfx) file. How did you get the file?

Host: David Cross (Microsoft)
Q: Capicom, is it possible to keep a certificate in local machine store only, and let an ASP page use it?
A: yes, you can. Make sure that the key in the machine store is ACL'd to the context of your application process.

Host: Clopez (Microsoft)
Q: According to the documentation in MSDN, including plaintext keys as part of a SIMPLEBLOB is not allowed. However, I've found over the Internet that it is not so (that is, that is allowed). Who's right?
A: A SIMPLEBLOB is normally encrypted but can be

Host: David Cross (Microsoft)
Q: I have a question with regards to the DPAPI that someone suggested I use to encrypt connection strings. How could I encrypt strings across server farms??
A: Use a roaming user profile for today. We may have better solutions in the future (no details available yet).

Host: DanG (Microsoft)
Q: How can I write custom modules for a smart card? Where can I get a template or guide to implement it?
A: There is a Smart Card CSP Cookbook on MSDN. See <https://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnscard/html/smartcardcspcook.asp>. Note that we are working on a much easier way to implement custom smart card modules. ETA for that new interface is early next year (2005).

Host: RyanMen (Microsoft)
Q: According to the documentation in MSDN, including plaintext keys as part of a SIMPLEBLOB is not allowed. However, I've found over the Internet that it is not so (that is, that is allowed). Who's right?
A: Plaintext keys can be included directly only via PLAINTEXTKEYBLOB or via exponent of one keys in SIMPLEBLOB. See https://support.microsoft.com/default.aspx?scid=https://support.microsoft.com:80/support/kb/articles/Q228/7/86.ASP&NoWebContent=1 for details.

Host: John Banes (Microsoft)
Q: What are the three most common mistakes a newbie to the dpapi will make?
A: 1. Not freeing the output buffer. 2. Assuming that data can be encrypted on one machine and decrypted on another. This only works if roaming profiles is enabled or some other provision is made to transfer the DPAPI master key files from one machine to another (these live in the user profile, and are what is used to encrypt the application data). 3. Data encrypted under one account can only be decrypted from the same account, unless the CRYPTPROTECT_LOCAL_MACHINE flag is passed in. Good thing you only asked for three. :-)

Host: DSIE (Microsoft)
Q: Which data will be excluded?
A: It is too complicated to get into the detail here, but if you want, send me an email later.

Host: David Cross (Microsoft)
Q: Can you explain how the recently announced Yukon encryption will interact with the middletier/client? What options will there be to delay decryption (i.e. a smart client can be sent encrypted data?)
A: The Yukon people are not on this chat, sorry.

Host: DSIE (Microsoft)
Q: I got the BLOB using PFX...API and then used CertSaveStore.....is it right??
A: You don't need to use CertSvaeStore. PFX APIs will export it in a PKCS #12 format. Just save that blob.

Host: Host: MonicaEne (Microsoft)
Q: I am unable to export a valid .pfx file using Crypto API's
A: you have to use the PFXExportCertStore/import functions.

Host: Walter (Microsoft)
Q: Can apis be used for video files for realtime copy protection
A: For information about Digital Rights Management Services technology, see https://msdn.microsoft.com/library/en-us/dnanchor/html/rm_sdks_overview.asp

Host: John Banes (Microsoft)
Q: About the SCHANNEL, can my CSP be registered both as a FULL_RSA and a RSA_SCHANNEL?
A: Sure, provided it supports the functionality of both. Our rsaenh.dll is registered as many different CSP types, after all. :-)

Host: DavidM (Microsoft)
Q: Any plans to support CTS or CTR modes for Rijndael via .NET?
A: Please post this in microsoft.public.dotnet.security. You'll get your fastest answer there. Thanks.

Host: David Cross (Microsoft)
Q: Are card readers directly supported by api for cards like sle4442
A: We are not familiar with "sle4442". Can you elucidate?

Host: DSIE (Microsoft)
Q: When I import a PFX file using CAPICOM into the LOCAL_MACHINE\MY store from within a Windows Installer VBScript Custom Action. The key winds up in the Administrator's documents and settings folder when it should be in All Users...
A: Can you share your PFX with me, so that I can further investigate?

Host: Host: MonicaEne (Microsoft)
Q: I had used PFXExport.....I got the blob...after that I wrote the blob in the file
A: A. You have to save it to file either by using CertSaveStore and you will get a store or by using CertEnumerateCertificatesInStore, then export each certificate as a .cer file.

Host: DanG (Microsoft)
Q: Sorry for repeat the question, but it is important for me: I want to write a CSP for a smart card. Should I create a full rsa CSP, or may I use the Microsoft Smart Card Base Cryptographic Provider, and write customs modules for my card?
A: Unfortunately, the Smart Card Base Crypto Provider is not yet available publicly. We have made the new provider available only to development partners, under NDA, for early development and Alpha testing purposes. If you are interested in such an. arrangement, please provide your email address for me to contact you.

Host: DSIE (Microsoft)
Q: I can send you the PFX no problem. I can also send you the script. It runs find outside the context of the Windows Installer. Administrator is also able to use the key. Services cannot. I think it is an issue with how the DPAPI protects key.
A: Great. Contact me offline later, and I will get back to you.

Host: David Cross (Microsoft)
Q: Are the managed dpapi bits in the Whidbey alpha that cam with Yukon beta1?
A: It should first appear in Whidbey Beta1

Host: DSIE (Microsoft)
Q: Is there any example code that shows the extracted byte stream?
A: See the ImageHlp APIs, particularly ImageGetDigestStream.

Host: DSIE (Microsoft)
Q: That is what I did. I trues diff parameters and used md5, but it was never the hash that is stored in the pkcs7 signature!
A: Try SHA-1.

Host: Host: MonicaEne (Microsoft)
Q: I had saved it in the file using CertSaveStore as *.pfx....
A: CertSaveStore doesn't save as PFX, it provides a blob containing a certificate store (bag of certs). If you want to export it as PFX, then use the pair API, called PFXExportCertStore (or the Ex version). You may check out the certificate store APIs in MSDN.

Host: DSIE (Microsoft)
Q: Is there detailed information available?
A: Not anything outside of what is already in MSDN.

Host: DanG (Microsoft)
Q: A CSP for a smart card present many limitations in the number of containers (smart card space). Can we assume that it will never be the "default" container, and write it taking this as a premise?
A: A smart card CSP can certainly limit the number of containers it allows on a per-card basis. At any time, if there is at least a single container present on the card, then we require it to be marked "default."

Host: David Cross (Microsoft)
Q: Moving forward, will the all crypto functions be supported directly via managed code?
A: it is our goal to provide 100% support or parity in the future over the next few releases of .NET and the operating system.

Host: DSIE (Microsoft)
Q: A: Try SHA-1. The hash of the activex that I used for test purpose was made by md5
A: How do you sign the ActiveX? Using SignCode?

Host: DanG (Microsoft)
Q: On writing a CSP for a smart card, would it be a mistake not to implement salt values (i.e: let them be set by calls to SetKeyParam)?
A: In general, a smart card CSP (of type PROV_RSA_FULL) is expected to implement all functionality present in the Microsoft software providers of that same type.

Host: Host: KelvinY (Microsoft)
Q: can you explain how the recently announced Yukon encryption will interact with the middletier/client? What options will there be to delay decryption (ie a smart client can be sent encrypted data?)
A: We don't have any Yukon experts on this chat. Please post your question to the microsoft.public.sqlserver.security newsgroup.

Host: Clopez (Microsoft)
Q: But is it possible - in real circumstances - to have a CSP for a Smart card being the default CSP? It does have so many limitations...
A: The answer is no. Most private key operations will require a PIN. Microsoft components won't know to call CryptSetProvParam to set PIN info.

Host: DanG (Microsoft)
Q: but is it possible - in real circumstances - to have a CSP for a Smart card being the default CSP? It does have so many limitations...
A: This is not advisable, due to the limitations that you have observed.

Host: Host: KelvinY (Microsoft)
Q: Does Cypto API Support UNICode Charachers and Conversions
A: Yes

Host: DavidM (Microsoft)
Q: Are CTS/CTR modes supported by the native CryptoAPI for Rijndael?
A: They are currently not, but we do have plans to support these in the future.

Host: DSIE (Microsoft)
Q: Are there any MS tools for NT4 that provide some of the functionality of MMC/Certificates on XP
A: Closest you can get is CertMgr.exe.

Host: David Cross (Microsoft)
Q: Are there any MS tools for NT4 that provide some of the functionality of MMC/Certificates on XP
A: No, because NT 4.0 is pretty much end of life. But you can get a lot of the functionality in the command line from certmgr.exe in the Platform SDK

Host: Janet (Microsoft)
Q: Where can we get more detailed information and discussion groups relating CSP implementation, if any? A: Hope this CSP implementation documentation, helps: https://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.platformsdk.security&cat=en-us-security&lang=en&cr=US

Host: DanG (Microsoft)
Q: In the acquirecontext function, when using the CRYPT_VERIFYCONTEXT flag, with a CSP for a smart card, how should it behave? I read some different solutions for this.
A: Please see https://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnscard/html/smartcardcspcook.asp.

Host: David Cross (Microsoft)
Q: CAN I USE APIS for CE and PCC Programming
A: yes, there are a subset of CryptoAPI available in the CE compiler and libraries.

Host: RyanMen (Microsoft)
Q: Are custom CSP supposed to implement support for UNICODE charsets? Where, inside the CSP, is this applicable (e.g. name of containers...)
A: Unicode container names are supported via CryptAcquireContextW.

Host: DSIE (Microsoft)
Q: Any plans for .Net to support a less verbose version of signed XML?
A: Can you elaborate a little? I don't understand the question.

Host: Host: KelvinY (Microsoft)
Q: CAN I USE APIS for CE and PCC Programming
A: CE has a subset of CAPI. For more details, go to https://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcesecur/html/_wcesdk_Security_Services.asp

Host: DanG (Microsoft)
Q: Thanks, but somewhere else I read that with that flag, I could use symmetric functions, Is it possible?
A: Yes, use of the CRYPT_VERIFYCONTEXT flag does allow symmetric key operations (and hash operations) based on that context handle.

Host: Clopez (Microsoft)
Q: How do I diagnose CryptAcquireContext problems?
A: First ask yourself what store location do you really need to use. a) Do you plan to perform only hashing, symmetric key or public key operations? If the answer is yes, use the CRYPT_VERIFYCONTEXT flag to create a key container in memory. This avoids a lot of problems with physical stores.

b) Do you plan to use the CurrentUser store? If you plan to use per user private RSA/DSA key pairs and are running in the user’s context then CurrentUser is the right choice. The user’s profile must be loaded when working with the CurrentUser store.

c) Do you plan to use the LocalMachine store? If you plan to use per machine private RSA/DSA key pairs or are running in an environment where there is no user profile (Service/COM+), using the LocalMachine store is the right choice.

Host: Host: MonicaEne (Microsoft)
Q: But now...if I use openssl on the extracted .pfx file.....I get error from openssl "expecting asn1 sequence"
A: Did PFXExportCertStoreEx (with password) succeeded? Can you click in shell (Windows Explorer) on the PFX file and start the PFX wizard? These would be some indications that the exported file has the right format.

These questions were answered post-chat:

Q: BTW, in MSN messenger, what RSA crypto is used? (The About MSN shows some RSA tech usage)
A: I don't think that messenger has any RSA crypto other than the SSL to authenticate to the Passport server.

Q: Are there plans to add Diffie-Hellman/RC4 support to .NET? (if not: why?)
A: It is possible to PInvoke to CAPI from .NET. However, there are no built-in implementations for DH or RC4. Diffie Hellman is probably an item for a future release. For RC4, we didn’t want to include it because its usage is tricky and managed code users would almost certainly get it wrong. The audience who needs RC4 is pretty limited and most people who actually asked for it in mailing lists really wanted a symmetric algorithm and did not end up pushing for RC4 in .NET.

Q: Where should developers go for good managed code examples that illustrate how to build apps that leverage the dpapi?
A: Whidbey has DPAPI in System.Security.Cryptography.DataProtection and System.Security.Cryptography.MemoryProtection.

 

Q: Related to test97 and Authenticode, we need more thorough documentation on MS implementation of Authenticode signatures
A: Thank you. We will look into adding this.

Q: Further regarding fips.sys: driver developers are forced to reverse engineer the IRP's to use these functions - does keeping the information secret not introduce more security holes than it solves by forcing developers to guess?
A: Please do not use these. The supported mechanism is the CAPI which uses the FIPS approved implementations. Furthermore, we plan to change these interfaces in the next version of Windows. Anyone who has reverse-engineered this stuff and written applications depending on fips.sys will break.

Q: Using Capicom: I'm encrypting the computer name and the current date in an installation program. Then, I encrypt this info, which will later on be a license key. Unfortunately, this string is quite long. Is there a way I could have a short string?
A: Maybe you can use a hash or HMAC instead of encryption? Of course, you would need to store the plaintext computer name and date somewhere as well as including them in the hash. This might have certain advantages, depending on your situation.

Q: PLEASE provide a detailed spread sheet of all MS S/MIME mail clients and how they implement managing certs, encryption preferences and compare to 3rd party S/MIME clients
A: We will forward your feedback to the Outlook and s/mime teams at Microsoft

Q: Does the API have support for Blowfish, if not can it be added?
A: No, and yes, anyone can add a CSP to CAPI.

Q: More "crypto best practices" extending what is discussed in "Writing Secure Code" and integrated with MSDN CryptoAPI Docs
A: Thanks, we will look into doing this

Q: New features in CAPICOM 2.0.0.4 ?? Will Verify issue be resolved ? ;-)
A: This release is primarily a bug fix release. New features and changes include:

  • New SHA algorithms are supported on Windows Server 2003.

  • A new CertificateStatus object was added to enable supplying a collection of certificates for use in chain building.

  • When scripted from IE it is not possible to add to the current users “root” store.

Q: When will the RSACryptoServiceProvider class finally get a "public RSACryptoServiceProvider(RSAParameters);" constructor?
A: As far as I know there a no plans. In Whidbey however, RSACryptoServiceProvider lazy initializes the key, so calling the empty constructor followed by ImportParameters(RSAParameters) is the equivalent.

Q: Capicom/ASP: when I call Envelopeddata.Decrypt, I get errors if certificate is not in current user MY store: acl only issues?
A: EnvelopedData.Decrypt will look in both CurrentUser and LocalMachine MY certificate stores. If the certificate does not reside in the CurrentUser MY store, you are most likely getting errors because the user does not have access to the private key associated with the certificate located in the LocalMachine store.

Q: What are best practices for encrypting a XML file using Framework 1.1 technology. I need the same encrypted file to be read on any system and PKI is not an option.
A: Whidbey has support for XML encryption. In 1.1, I am afraid no such support is available (except if you are ready to use WSE (Web Services Enhancements) which is a tactical ship vehicle on top of 1.0 and 1.1 for web services security purposes. It’s available for download in the MSDN but it does not have the same backward compatibility promises that the redist has and is in no way a replacement for the redist.

Moderator: Jana (Microsoft)
Well, our time has come to call it a day. Thanks to all our MVPs for helping out and for all the great questions. Thanks to our hosts!

Host: DanG (Microsoft)
Thank you for the great questions!

For further information on this topic please visit the following:

Website: Visit the MSDN Security Dev Center

Website: Visit the Microsoft Security Homepage

Top of pageTop of page