-
Notifications
You must be signed in to change notification settings - Fork 5
/
notes.txt
80 lines (51 loc) · 2.06 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
http://nagareshwar.securityxploded.com/2010/10/22/cryptocode-generate-sha1sha256-hash-using-windows-cryptography-library/
Q: according to this link...
https://blogs.msdn.microsoft.com/alejacma/2009/01/23/sha-2-support-on-windows-xp/
CALG_SHA_256 is only supported by the "Microsooft Enhanced RSA and AES
Cryptographic Provider", which is not the same as the the provider
being used by p11-capi, "Microsoft Base Smart Card Crypto Provider".
The latter is clearly of type PROV_RSA_FUL, but neets to be of type
PROV_RSA_AES, to use SHA-2 algorithms. So... the question is, can I
use two different CSPs - one to compute the hash and the other to sign
it?
As it turns out (for me), the Base Smart Card Crypto Provider will
work with the SHA-2 algs, at least on Win8. Probably on WinXP SP3,
and any Windows newer than that. The issue is that CertOIDToAlgId()
does not return the correct AlgId for SHA-2 algorithms, even when they
will work. Instead it returns 0xFFFFFFFF (CALC_OID_INFO_CNG_ONLY), which
is misleading, since CNG is *not* required to use SHA-2.
CryptDecodeObject
CryptHashCertificate
CryptEncodeObject
CryptAcquireContextW
CryptGetUserKey
CryptReleaseContext
CryptExportKey
CryptDestroyKey
CryptEnumKeyIdentifierProperties
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
BOOL WINAPI CryptSignHash(
_In_ HCRYPTHASH hHash,
_In_ DWORD dwKeySpec,
_In_ LPCTSTR sDescription,
_In_ DWORD dwFlags,
_Out_ BYTE *pbSignature,
_Inout_ DWORD *pdwSigLen
); //https://msdn.microsoft.com/en-us/library/windows/desktop/aa380280%28v=vs.85%29.aspx
NTSTATUS WINAPI BCryptSignHash
(
_In_ BCRYPT_KEY_HANDLE hKey,
_In_opt_ VOID *pPaddingInfo,
_In_ PBYTE pbInput,
_In_ DWORD cbInput,
_Out_ PBYTE pbOutput,
_In_ DWORD cbOutput,
_Out_ DWORD *pcbResult,
_In_ ULONG dwFlags
); //https://msdn.microsoft.com/en-us/library/windows/desktop/aa375510%28v=vs.85%29.aspx
CryptDestroyHash
CryptDecrypt
CryptoContext
Q: