Generally, it's very important to obtain the value of session keys. However, the Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey() and CryptImportKey() require a valid key handle to encrypt and decrypt the session key, respectively.
Introduction
Sometimes, extracting raw session keys is necessary, particularly when implementing cryptographic protocols. However, Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey()
and CryptImportKey()
require a valid key handle to encrypt and decrypt the session key, respectively. MSDN shows a way of doing this using a exponent-of-one private key. This article shows a better way to perform the same process. This way is faster and more straightforward.
It's ready to go, but you must set the following parameters at Project -> Settings (Visual Studio 6.0):
- Add in C++/Preprocessor definitions:
_WIN32_WINNT=0x0500
, _CRYPT32_(WIN2K)
or _WIN32_WINNT=0x0400
, _CRYPT32_(NT4)
- And Link this library crypt32.lib
Code Listing
#include <windows.h>
#include <wincrypt.h>
#define KEY_PAIR_SIZE dwSize - 12
#define SESSION_KEY_SIZE dwKeyMaterial
void main()
{
HCRYPTPROV hProv = 0;
HCRYPTKEY hExchangeKeyPair = 0;
HCRYPTKEY hSessionKey = 0;
BYTE *pbKeyMaterial = NULL;
DWORD dwKeyMaterial ;
BYTE *pbExportedKeyBlob = NULL;
BYTE *pbEncryptedKey = NULL;
DWORD dwSize;
unsigned int c;
__try
{
if (!CryptAcquireContext( &hProv, "Container Name",
MS_ENHANCED_PROV , PROV_RSA_FULL, CRYPT_MACHINE_KEYSET ))
{
__leave;
}
if (!CryptGenKey(hProv,CALG_3DES,CRYPT_EXPORTABLE,
&hSessionKey))
{
__leave;
}
if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE,
&hExchangeKeyPair))
{
__leave;
}
if (!CryptExportKey( hSessionKey, hExchangeKeyPair,
SIMPLEBLOB, 0, NULL, &dwSize))
{
__leave;
}
pbExportedKeyBlob = new BYTE[dwSize];
if (!CryptExportKey( hSessionKey, hExchangeKeyPair, SIMPLEBLOB,
0, pbExportedKeyBlob, &dwSize))
{
__leave;
}
pbEncryptedKey = new BYTE [KEY_PAIR_SIZE];
for ( c = 0 ; c < KEY_PAIR_SIZE ; c++ )
{
pbEncryptedKey[c] = pbExportedKeyBlob[c+12];
}
if (!CryptDecrypt( hExchangeKeyPair,0, TRUE, 0,
pbEncryptedKey, &dwKeyMaterial))
{
__leave;
}
pbKeyMaterial = new BYTE[ SESSION_KEY_SIZE ];
for ( c = 0; c < SESSION_KEY_SIZE ; c++ )
{
pbKeyMaterial[c] = pbEncryptedKey[c];
}
}
__finally
{
if (pbKeyMaterial ) LocalFree(pbKeyMaterial );
if (hSessionKey) CryptDestroyKey(hSessionKey);
if (hExchangeKeyPair) CryptDestroyKey(hExchangeKeyPair);
if (hProv)
{
CryptReleaseContext(hProv, 0);
}
}
}
History
- 11th December, 2001: Initial version
- 22nd December, 2022: Update - Corrected some problems in the text and the license