This is a mirror of official site: http://jasper-net.blogspot.com/

CryptoAPI and 5 bytes exponent public keys

| Thursday, July 29, 2010
One customer of mine wanted to import a public key he got from a partner. That public key had a 2048 bits modulus and a 5 bytes exponent.

The problem was that CryptoAPI's RSAPUBKEY structure doesn't allow a 5 bytes exponent because it defines the public exponent with a DWORD (4 bytes max):

typedef struct _RSAPUBKEY {
DWORD               magic ;
DWORD               bitlen ;
DWORD               pubexp ;
} RSAPUBKEY;

CryptoAPI only supports 4 byte exponents with MS CSPs (Cryptographic Service Providers). CNG overcomes this limitation on Vista and later:

Key Storage and Retrieval
"
CNG is more flexible with regard to RSA key pairs. For example, CNG supports public exponents larger than 32-bits in length, and it supports keys in which p and q are different lengths.
"

Please, note that the restriction of 4 byte exponents are for MS CSPs only. CryptoAPI should be able to work with 5 byte exponents if using a third-party CSP.

Read more: Decrypt my World

Posted via email from .NET Info

0 comments: