Load an PEM encoded X.509 certificate into Windows CryptoAPI

by

KJKHyperion said in his answer:

I discovered the “magic” sequence of calls to import a RSA public key in PEM format. Here you go:

  1. decode the key into a binary blob with CryptStringToBinary; pass CRYPT_STRING_BASE64HEADER in dwFlags
  2. decode the binary key blob into a CERT_PUBLIC_KEY_INFO with CryptDecodeObjectEx; pass X509_ASN_ENCODING in dwCertEncodingType and X509_PUBLIC_KEY_INFO in lpszStructType
  3. decode the PublicKey blob from the CERT_PUBLIC_KEY_INFO into a RSA key blob with CryptDecodeObjectEx; pass X509_ASN_ENCODING in dwCertEncodingType and RSA_CSP_PUBLICKEYBLOB in lpszStructType
  4. import the RSA key blob with CryptImportKey

This sequence really helped me understand what’s going on, but it didn’t work for me as-is. The second call to CryptDecodeObjectEx gave me an error:
“ASN.1 bad tag value met”.
After many attempts at understanding Microsoft documentation, I finally realized that the output of the fist decode cannot be decoded as ASN again, and that it is actually ready for import. With this understanding I found the answer in the following link:

http://www.ms-news.net/f2748/problem-importing-public-key-4052577.html

Following is my own program that imports a public key from a .pem file to a CryptApi context:

int main()
{
    char           pemPubKey[2048];
    int            readLen;
    char           derPubKey[2048];
    size_t         derPubKeyLen = 2048;
    CERT_PUBLIC_KEY_INFO *publicKeyInfo;
    int            publicKeyInfoLen;
    HANDLE         hFile;
    HCRYPTPROV     hProv = 0;
    HCRYPTKEY      hKey = 0;

    /*
     * Read the public key cert from the file
     */
    hFile = CreateFileA( "c:\\pub.pem", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );
    if ( hFile == INVALID_HANDLE_VALUE )
    {
        fprintf( stderr, "Failed to open file. error: %d\n", GetLastError() );
    }

    if ( !ReadFile( hFile, pemPubKey, 2048, &readLen, NULL ) )
    {
        fprintf( stderr, "Failed to read file. error: %d\n", GetLastError() );
    }

    /*
     * Convert from PEM format to DER format - removes header and footer and decodes from base64
     */
    if ( !CryptStringToBinaryA( pemPubKey, 0, CRYPT_STRING_BASE64HEADER, derPubKey, &derPubKeyLen, NULL, NULL ) )
    {
        fprintf( stderr, "CryptStringToBinary failed. Err: %d\n", GetLastError() );
    }

    /*
     * Decode from DER format to CERT_PUBLIC_KEY_INFO
     */
    if ( !CryptDecodeObjectEx( X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, derPubKey, derPubKeyLen, 
                               CRYPT_ENCODE_ALLOC_FLAG, NULL, &publicKeyInfo, &publicKeyInfoLen ) )
    {
        fprintf( stderr, "CryptDecodeObjectEx 1 failed. Err: %p\n", GetLastError() );
        return -1;
    }

    /*
     * Acquire context 
     */
    if( !CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) )
    {
        {
            printf( "CryptAcquireContext failed - err=0x%x.\n", GetLastError() );
            return -1;
        }
    }

    /*
     * Import the public key using the context
     */
    if ( !CryptImportPublicKeyInfo( hProv, X509_ASN_ENCODING, publicKeyInfo, &hKey ) )
    {
        fprintf( stderr, "CryptImportPublicKeyInfo failed. error: %d\n", GetLastError() );
        return -1;
    }
    LocalFree( publicKeyInfo );

    /*
     * Now use hKey to encrypt whatever you need.
     */

    return 0;
}

More Related Contents:

  1. Windows C/C++ Crypto API Examples and tips
  2. What’s the best free C++ profiler for Windows? [closed]
  3. Is TCHAR still relevant?
  4. How to get main window handle from process id?
  5. Deploying Qt 5 App on Windows
  6. Is there a limit on number of open files in Windows
  7. OpenCV with Network Cameras
  8. Qt 5.1.1: Application failed to start because platform plugin “windows” is missing
  9. Start Windows Service From Application without Admin right(c++)
  10. Create a directory if it doesn’t exist
  11. How do I input variables using cin without creating a new line?
  12. C++ compiling on Windows and Linux: ifdef switch [duplicate]
  13. Can I use CreateFile, but force the handle into a std::ofstream?
  14. What is the meaning and usage of __stdcall?
  15. C++, How to determine if a Windows Process is running?
  16. How to properly uninitialize OpenSSL
  17. How should I use FormatMessage() properly in C++?
  18. Creating, opening and printing a word file from C++
  19. track C++ memory allocations
  20. How do I tell CMake to use Clang on Windows?
  21. What std::locale names are available on common windows compilers?
  22. Converting YUV into BGR or RGB in OpenCV
  23. Why does Windows 10 start extra threads in my program?
  24. Check the file-size without opening file in C++?
  25. How do I clear the console in BOTH Windows and Linux using C++
  26. Windows & C++: extern & __declspec(dllimport)
  27. Is rebasing DLLs (or providing an appropriate default load address) worth the trouble?
  28. “APIENTRY _tWinMain” and “WINAPI WinMain” difference
  29. How to get the Executable name of a window
  30. How do I get at the exception information when using MiniDumpWriteDump out-of-process?

Leave a Comment