I’m trying to rework the CNG encryption example in the Microsoft documentation. One peculiar thing about the example is that the encryption IV is hard coded. I don’t know a lot about encryption but my understanding is that it is more secure to generate a random IV for each encrypted data. Does anyone have any ..
On Windows Server A, we can generate a key in an HSM, and make it available to AD CS. The key is used to generate a CSR, which is signed by a public CA, and imported into the cert store on the same host. Can use certutil -repairstore to link the signed cert to the ..
I’d like to implement data encryption and decryption in a C++ application running on Windows. I’ve spent considerable time looking around the Web and am thinking I should probably use the Windows Cryptography API: Next Generation (CNG) functions (although I’m open to better alternatives). What I find everywhere are complex examples that do all sorts ..
I need to invoke the following function in Powershell: https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptenumkeys I am calling https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptenumstorageproviders and then I loop https://docs.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptopenstorageprovider These two functions NCryptEnumStorageProviders and NCryptOpenStorageProvider are working fine and I am getting the right handles, the right results, etc. I want to then enumerate keys stored by these providers by using NCryptEnumKeys function. This is ..
I have a HSM (Nitrokey Pro 2), on which i stored ECC keys. I’m still able to use it for encryption/decryption via the Windows Cryptographic API : Next Generation, but i am always asked for a passphrase. Since my program have to run unsupervised, i need a way to provide a password, when accessing the ..
I am developing an application that needs a secure connection through TCP/IP and I want to use Windows Cryptography API: Next Generation (CNG) for security. I searching for client and server programs which is implemented with windows CNG but I didn’t find a proper sample code. Please help me with some sample code for the ..
I am developing an application that needs a secure connection through TCP/IP and I want to use Windows Cryptography API: Next Generation (CNG)/Schannel for SSL/TLS. I searching for sample client and server programs which is implemented with windows CNG but I didn’t find a proper sample code. Please help me with some sample code for ..
Is it possible, using Windows CNG API and AES in GCM mode, to encrypt a buffer of data with a size that is not a multiple of 16 bytes (128 bits) when chaining is enabled? When I try to pass a buffer of 60 bytes to the BCryptEncrypt function with chaining enabled, I get the ..
Concert RSA public key in PEM format to BCRYPT_KEY_HANDLE I’m working on a custom CNG provider that will be integrated with a private HSM API. I’m trying to parse the public key provided by the HSM API to BCRYPT_KEY_HANDLE. However, the public key is in PEM format and BCryptImportKeyPair expects public key as a blob. ..