This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 7.000000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hi Team,
I want to implement NCryptEncrypt and NCryptDecrypt methods using Microsoft Key Storage Provider.
Please find the below link.
https://learn.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptencrypt
https://learn.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptdecrypt
I have tried following code but in NCryptEncrypt method I don't know what are the parameter values needs to be passed?
Please help me on this.
using static PInvoke.NCrypt;
public static void Encrypt(string plainText)
{
SafeProviderHandle ProviderHandle;
SafeKeyHandle KeyHandle;
string KeyName = "SampleStrongKey";
byte[] plainText_bytes = Encoding.ASCII.GetBytes(plainText);
SECURITY_STATUS secStatus = NCryptOpenStorageProvider(out ProviderHandle, "Microsoft Software Key Storage Provider", 0);
secStatus = NCryptCreatePersistedKey(ProviderHandle, out KeyHandle, "AES", KeyName, LegacyKeySpec.AT_SIGNATURE, NCryptCreatePersistedKeyFlags.NCRYPT_OVERWRITE_KEY_FLAG);
secStatus = NCryptEncrypt(?????????);
}
Regards,
Prabhakaran
Could you please tell us what is the "PInvoke.NCrypt"?
Usually, we try to use the following code to use NCryptEncrypt in c#:
[DllImport("Ncrypt.dll", SetLastError = true, ExactSpelling = true)]
internal static extern int NCryptEncrypt(IntPtr hKey,
[MarshalAs(UnmanagedType.LPArray)] byte[] pbInput,
int cbInput,
IntPtr pPaddingInfo,
[MarshalAs(UnmanagedType.LPArray)] byte[] pbOutput,
int cbOutput,
ref int pcbResult,
int dwFlags);
Hi,
No need to create DllImport and extern methods. instead of that just install PInvoke.NCrypt in NuGet Package Manger.
We can invoke all the unmanaged methods in C# easily.
Could you please help me to implement NCryptEncrypt and NCryptDecrypt methods?
What are the parameter values needs to be passed?
Regards,
Prabs
See the MS sample RSACapiAndCngInterop.cpp, mainly the EncryptWithCngDecryptWithCapi function
Hi, Thanks for your response.
The code which you have shared developed in C++.
Can you please share me code in C#?
A quick conversion of MS code (Encrypt part) :
(test in a click of a Button)
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
//https://github.com/Microsoft/Windows-classic-samples/blob/main/Samples/Security/RSACapiAndCngInterop/cpp/RSACapiAndCngInterop.cpp
namespace CSharp_NCryptEncrypt
{
public partial class Form1 : Form
{
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptOpenStorageProvider(out IntPtr phProvider, string pszProviderName, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptCreatePersistedKey(IntPtr hProvider, out IntPtr phKey, string pszAlgId,
string pszKeyName, int dwLegacyKeySpec, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptSetProperty(IntPtr hObject, string pszProperty, [MarshalAs(UnmanagedType.LPArray)] byte[] pbInput, int cbInput, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptSetProperty(IntPtr hObject, string pszProperty, string pbInput, int cbInput, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptSetProperty(IntPtr hObject, string pszProperty, IntPtr pbInput, int cbInput, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptFinalizeKey(IntPtr hKey, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptEncrypt(IntPtr hKey, [In, MarshalAs(UnmanagedType.LPArray)] byte[] pbInput, int cbInput,
[In] IntPtr pvPadding, [Out, MarshalAs(UnmanagedType.LPArray)] byte[] pbOutput, int cbOutput,
[Out] out int pcbResult, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptExportKey(IntPtr hKey, IntPtr hExportKey, string pszBlobType, IntPtr pParameterList,
[Out, MarshalAs(UnmanagedType.LPArray)] byte[] pbOutput, int cbOutput, [Out] out int pcbResult, int dwFlags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptDeleteKey(IntPtr hKey, int flags);
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptFreeObject(IntPtr hObject);
[DllImport("Advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CryptDecrypt(IntPtr hKey, IntPtr hHash, bool Final, int dwFlags,
[In, Out, MarshalAs(UnmanagedType.LPArray)] byte[] pbData, [In, Out] int pdwDataLen);
[DllImport("Advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CryptImportKey(IntPtr hProv, [In, MarshalAs(UnmanagedType.LPArray)] byte[] pbData, int dwDataLen, IntPtr hPubKey, int dwFlags, [Out] out IntPtr phKey);
[DllImport("Advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CryptDestroyKey(IntPtr hKey);
[DllImport("Advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CryptAcquireContextW(out IntPtr phProv, string szContainer, string szProvider, int dwProvType, int dwFlags);
[DllImport("Advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CryptReleaseContext(IntPtr hProv,int dwFlags);
public const string MS_KEY_STORAGE_PROVIDER = "Microsoft Software Key Storage Provider";
public const string MS_SMART_CARD_KEY_STORAGE_PROVIDER= "Microsoft Smart Card Key Storage Provider";
public const string MS_PLATFORM_KEY_STORAGE_PROVIDER = "Microsoft Platform Crypto Provider";
public const string MS_NGC_KEY_STORAGE_PROVIDER = "Microsoft Passport Key Storage Provider";
public const string NCRYPT_RSA_ALGORITHM = "RSA";
public const string NCRYPT_AES_ALGORITHM = "AES";
public const int NCRYPT_OVERWRITE_KEY_FLAG = 0x00000080;
public const int NCRYPT_ALLOW_EXPORT_FLAG = 0x00000001;
public const int NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG = 0x00000002;
public const int NCRYPT_ALLOW_ARCHIVING_FLAG = 0x00000004;
public const int NCRYPT_ALLOW_PLAINTEXT_ARCHIVING_FLAG = 0x00000008;
public const string NCRYPT_UI_POLICY_PROPERTY = "UI Policy";
public const string NCRYPT_EXPORT_POLICY_PROPERTY = "Export Policy";
public const int NCRYPT_PERSIST_FLAG = unchecked((int)0x80000000);
public const int NCRYPT_PERSIST_ONLY_FLAG = 0x40000000;
public const int NCRYPT_NO_PADDING_FLAG = 0x00000001; // NCryptEncrypt/Decrypt
public const int NCRYPT_PAD_PKCS1_FLAG = 0x00000002; // NCryptEncrypt/Decrypt NCryptSignHash/VerifySignature
public const int NCRYPT_PAD_OAEP_FLAG = 0x00000004; // BCryptEncrypt/Decrypt
public const int NCRYPT_PAD_PSS_FLAG = 0x00000008; // BCryptSignHash/VerifySignature
public const int NCRYPT_PAD_CIPHER_FLAG = 0x00000010; // NCryptEncrypt/Decrypt
public const int NCRYPT_ATTESTATION_FLAG = 0x00000020; // NCryptDecrypt for key attestation
public const int NCRYPT_SEALING_FLAG = 0x00000100; // NCryptEncrypt/Decrypt for sealing
public const string BCRYPT_RSAPUBLIC_BLOB = "RSAPUBLICBLOB";
public const string BCRYPT_RSAPRIVATE_BLOB = "RSAPRIVATEBLOB";
public const string LEGACY_RSAPUBLIC_BLOB = "CAPIPUBLICBLOB";
public const string LEGACY_RSAPRIVATE_BLOB = "CAPIPRIVATEBLOB";
public Form1()
{
InitializeComponent();
}
private readonly byte[] Data = { 0x04, 0x87, 0xec, 0x66, 0xa8, 0xbf, 0x17, 0xa6, 0xe3, 0x62, 0x6f, 0x1a, 0x55, 0xe2, 0xaf, 0x5e, 0xbc, 0x54, 0xa4, 0xdc, 0x68, 0x19, 0x3e, 0x94 };
private void button1_Click(object sender, EventArgs e)
{
// EncryptWithCngDecryptWithCapi
IntPtr CngProviderHandle = IntPtr.Zero;
IntPtr CapiKeyHandle = IntPtr.Zero;
int Policy = NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG;
int ResultLength = 0;
int BlobLength = 0;
int secStatus = NCryptOpenStorageProvider(out CngProviderHandle, MS_KEY_STORAGE_PROVIDER,0);
if (secStatus == 0)
{
secStatus = NCryptCreatePersistedKey(
CngProviderHandle,
out CapiKeyHandle,
NCRYPT_RSA_ALGORITHM,
"test",
0,
NCRYPT_OVERWRITE_KEY_FLAG);
byte[] bytesPolicy = BitConverter.GetBytes(Policy);
secStatus = NCryptSetProperty(
CapiKeyHandle,
NCRYPT_EXPORT_POLICY_PROPERTY,
bytesPolicy,
bytesPolicy.Length,
NCRYPT_PERSIST_FLAG);
secStatus = NCryptFinalizeKey(CapiKeyHandle, 0);
int OutputLength = 0;
secStatus = NCryptEncrypt(
CapiKeyHandle,
Data,
Data.Length,
IntPtr.Zero,
null,
0,
out OutputLength,
NCRYPT_PAD_PKCS1_FLAG);
byte[] Output = new byte[OutputLength];
//IntPtr hGlobal = Marshal.AllocHGlobal(OutputLength);
//Output = (PBYTE)HeapAlloc(GetProcessHeap(), 0, OutputLength);
secStatus = NCryptEncrypt(
CapiKeyHandle,
Data,
Data.Length,
IntPtr.Zero,
Output,
OutputLength,
out ResultLength,
NCRYPT_PAD_PKCS1_FLAG);
secStatus = NCryptExportKey(
CapiKeyHandle,
IntPtr.Zero,
LEGACY_RSAPRIVATE_BLOB,
IntPtr.Zero,
null,
0,
out BlobLength,
0);
byte[] Blob = new byte[BlobLength];
secStatus = NCryptExportKey(
CapiKeyHandle,
IntPtr.Zero,
LEGACY_RSAPRIVATE_BLOB,
IntPtr.Zero,
Blob,
BlobLength,
out BlobLength,
0);
// Decrypt to be added...
// ReverseBytes(Output, OutputLength);
//if (CngTmpKeyHandle != IntPtr.Zero)
//{
// CryptDestroyKey(CngTmpKeyHandle);
//}
//if (CapiLocProvHandle != IntPtr.Zero)
//{
// CryptReleaseContext(CapiLocProvHandle, 0);
//}
if (CapiKeyHandle != IntPtr.Zero)
{
NCryptDeleteKey(CapiKeyHandle, 0);
}
if (CngProviderHandle != IntPtr.Zero)
{
NCryptFreeObject(CngProviderHandle);
}
}
}
}
}
Hi, Thanks for your response.
Could you please share me code for NCryptOpenKey method in C#?
[DllImport("Ncrypt.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern int NCryptOpenKey(IntPtr hProvider, out IntPtr phKey, string pszKeyName, int dwLegacyKeySpec, int dwFlags);
public const int NCRYPT_MACHINE_KEY_FLAG = 0x00000020; // same as CAPI CRYPT_MACHINE_KEYSET
public const int NCRYPT_SILENT_FLAG = 0x00000040; // same as CAPI CRYPT_SILENT
public const int AT_KEYEXCHANGE = 1;
public const int AT_SIGNATURE = 2;
Then
secStatus = NCryptOpenKey(
CngProviderHandle,
&CapiKeyHandle,
L"test",
0,
0);
Thanks for your quick response.
What is the useful of NCryptExportKey and NCryptImportKey methods in Microsoft Key Storage Provider?
Could you please provide sample code of NCryptExportKey and NCryptImportKey functions in C#?
See the MSDN doc for NCryptExportKey/ NCryptImportKey
NCryptExportKey is already in the posted code
NCryptImportKey has the same code, just copy-paste...
Hi,
Where is the exported key path in Windows OS?
iI knew keys are located in %APPDATA%\Microsoft\Crypto\Keys
If I call NCryptExportKey method, Where does key will be exported?
See the doc : "The NCryptExportKey function exports a CNG key to a memory BLOB."
Hi,
Thanks for your response.
I did not get the concept of memory blob.
What is memory blob? Is it RAM memory?
According to the Doc: "BLOB: A generic sequence of bits that contain one or more fixed-length header structures plus context specific data."
A binary large object (BLOB) is a collection of binary data stored as a single entity.
I have tried export and import key methods.
export key is working fine. import key method is not working.
Please find my code below.
Please help me on this.
public static void ImportKey()
{
IntPtr CngProviderHandle = IntPtr.Zero;
IntPtr CapiKeyHandle = IntPtr.Zero;
string KeyName = "SampleStrongKey";
int BlobLength = 0;
int secStatus = NCryptOpenStorageProvider(out CngProviderHandle, MS_KEY_STORAGE_PROVIDER, 0);
if (secStatus == 0)
{
secStatus = NCryptOpenKey(CngProviderHandle, out CapiKeyHandle, KeyName, 0, 0);
secStatus = NCryptImportKey(
CapiKeyHandle,
IntPtr.Zero,
LEGACY_RSAPRIVATE_BLOB,
IntPtr.Zero,
null,
0,
out BlobLength,
0);
byte[] Blob = new byte[BlobLength];
secStatus = NCryptImportKey(
CapiKeyHandle,
IntPtr.Zero,
LEGACY_RSAPRIVATE_BLOB,
IntPtr.Zero,
Blob,
BlobLength,
out BlobLength,
0);
secStatus = NCryptFinalizeKey(CapiKeyHandle, 0);
if (CngProviderHandle != IntPtr.Zero)
{
NCryptFreeObject(CngProviderHandle);
}
}
}
I suggest you could refer to the thread: https://learn.microsoft.com/en-us/answers/questions/656282/how-to-implement-ncryptimportkey-method-in-c.html