One customer of mine wanted to import a public key he got from a partner. That public key had a 2048 bits modulus and a 5 bytes exponent.The problem was that CryptoAPI's RSAPUBKEY structure doesn't allow a 5 bytes exponent because it defines the public exponent with a DWORD (4 bytes max): typedef struct _RSAPUBKEY {
DWORD magic ;
DWORD bitlen ;
DWORD pubexp ;
} RSAPUBKEY; CryptoAPI only supports 4 byte exponents with MS CSPs (Cryptographic Service Providers). CNG overcomes this limitation on Vista and later: Key Storage and Retrieval
"
CNG is more flexible with regard to RSA key pairs. For example, CNG supports public exponents larger than 32-bits in length, and it supports keys in which p and q are different lengths.
"Please, note that the restriction of 4 byte exponents are for MS CSPs only. CryptoAPI should be able to work with 5 byte exponents if using a third-party CSP.Read more: Decrypt my World
DWORD magic ;
DWORD bitlen ;
DWORD pubexp ;
} RSAPUBKEY; CryptoAPI only supports 4 byte exponents with MS CSPs (Cryptographic Service Providers). CNG overcomes this limitation on Vista and later: Key Storage and Retrieval
"
CNG is more flexible with regard to RSA key pairs. For example, CNG supports public exponents larger than 32-bits in length, and it supports keys in which p and q are different lengths.
"Please, note that the restriction of 4 byte exponents are for MS CSPs only. CryptoAPI should be able to work with 5 byte exponents if using a third-party CSP.Read more: Decrypt my World
Posts
0 comments:
Post a Comment