ImportCspBlob / ExportCspBlob implementation

Mar 1, 2011 at 11:44 PM

First of all: thank you for great library!

Any chance or maybe hint how to implement ImportCspBlob() method? Our service transmits ExportCspBlob(false) data and I have to restore it in SL client.

Thank you in advance.

Mar 2, 2011 at 12:32 PM
Edited Mar 2, 2011 at 1:51 PM
You're very welcome. I'll definitely have to look into it. CspBlob is the key storage mechanism or is it for the encrypted data?

Mar 2, 2011 at 1:14 PM

Thank you for quick answer.

Take a look at ICspAsymmetricAlgorithm.ImportCspBlob Method and ICspAsymmetricAlgorithm.ExportCspBlob Method

The ImportCspBlob method initializes the key data of an AsymmetricAlgorithm object using a blob that is compatible with the unmanaged Microsoft Cryptographic API (CAPI).

The ExportCspBlob method returns a blob that contains key information that is compatible with the unmanaged Microsoft Cryptographic API (CAPI).

I started to dig reference sources, I'll update with more info when it will be available.

Mar 2, 2011 at 1:50 PM
Edited Mar 2, 2011 at 1:51 PM

Makes much more sense now. I was pretty sure it was the key data you were referring to. I'll look into the CspBlob storage method and see if I can come up with a quick and easy way to either convert it to an XML Based key or extract the actual key values which can be used in an RSAParameters instance to load the key data.

Mar 2, 2011 at 1:53 PM

Thank you!

Mar 2, 2011 at 2:28 PM

You're very welcome.  I'll see how far I can get today but I may need you to assist with testing on the unmanaged API.  I can test with the CspImport and CspExport via the managed RSACryptoService provider.  I need to examine the data output by the CspExport function. 

To give you a better explanation of how it works, the CspBlob import and export actually use byte array representations of the key data.  I'll need to determine what the proper way is to parse the key data but it shouldn't be too difficult.  I believe it uses a NULL characarter ( byte 00 ) to separate the key values so I'll also need to determine what order (both byte order and key value order) is used.  This gave me a good excuse to fix my project structure anyway. 

In case you ever publish a project on CodePlex, be aware that the Subversion support is very wonky.  It uses a bridge to mimic subversion and actually communicates with TFS.  I managed to delete my trunk once and could no longer access it with Tortoise at all so I've moved to doing almost everything entirely with Team Explorer in VS2010.  The only thing I still use Tortoise for is to quickly create tags for specific versions.  I had to move my latest version to the trunk and re-branch the latest version because it wouldn't allow me to merge back into the trunk.  It's been giving me a headache for awhile now. :)

Mar 2, 2011 at 3:45 PM

We don't using unmanaged API. We stick with managed RSACryptoServiceProvider but for compatibility in past we decided to export CAPI-compatible key BLOB. So managed RSACryptoServiceProvider compatibility is really enough.

I found additional info:

CryptExportKey Function exports key in following format: Key BLOBs (don't confuse about Windows CE .NET it common for CAPI). There are all info about used structures.

Constants (e.g. "PUBLICKEYBLOB" in bType of PUBLICKEYSTRUC equals 0x6 and so on) and additional structures are defined in wincrypt.h. In case you don't have installed Windows SDK, I pasted it here

Offtopic: Thank you for CodePlex warning, I don't post any projects here yet. Personally and in our team projects we using DVCS for source control such as Mercurial or sometimes Git. Subversion is too bad when you want to branch or have distributed team, so we switched some time ago...

Mar 3, 2011 at 12:12 AM

I made quick implementation, hope it helps. There are also simple tests which my solution seems to passed.

Please check solution (VS 2010): RsaImportExport, you'll also need your own library recompiled to .NET 4 (just for testing purpose against RSACryptoServiceProvider): DH.Scrypt.NET4

Hope you can integrate this into your library if it works as expected.

Mar 3, 2011 at 12:37 AM

Thanks, I was overwhelmed with meetings all day today so all I had time to do was update the project structure in TFS.  I'll do some testing and work on getting your code implemented.  I'll make sure I credit you for the addition as well.

Mar 3, 2011 at 7:25 AM

Thank you for all your help and effort. I really appreciate it.

Mar 3, 2011 at 2:15 PM

Just a quick update, I'm in the process of testing your CspBlob implementation.  I must say I'm quite impressed!  There was quit a little thought and work you put into something that you call a "quick implementation". :)

If you'd like, send me a private mail with your full name, and a link to your website / blog if you have one so I can properly credit you for the work.