VC ++ network security programming example (15)-export session keys

the key (cryptographic key) is a mail encryption software based on the RSA public key encryption system. It can add a digital signature to your email so that the recipient can be sure that the email was sent by you. It allows you to securely communicate with people you have never seen before, without any confidential channels to transmit keys. It adopts: prudent key management, a combination of RSA and traditional encryption algorithm , used for the e-mail Digest algorithm of digital signatures, pre-encryption compression and so on, there is also a good human-machine engineering design. It has powerful functions and a fast speed. Cryptographic key is the session (balanced) key used in the encryption and decryption processes, and the public key and private key used in the authentication process. Among the three keys, the session key and private key must be kept confidential. (

The PGP encryption system uses a combination of public key encryption and traditional key encryption technology. It uses a pair of mathematical related keys. One (Public Key) is used to encrypt information, and the other (Private Key) is used to decrypt information. The key used by the traditional encryption technology department used by PGP is called the "session key" (SEK ). During each use, PGP generates a 128-bit idea session key randomly to encrypt packets. The public key and private key in the public key encryption technology are used to encrypt the session key and indirectly protect the message content. Each public key and private key in PGP are accompanied by a key certificate. It generally contains the following content: key content (represented by a hundred-bit large number) Key type (indicating whether the key is a public key or a private key) key length (the length of the key, key ID (used to uniquely identify the key) User ID (Key creator information, such as name, email, etc.) Key fingerprint (a 128-bit number, it is the digest of the key content that indicates the unique characteristics of the key. The intermediary signature (the digital signature of the intermediary, which declares the authenticity of the key and its owner, including the intermediary's key number and ID information) PGP stores the public key and private key in the keyr file. PGP provides effective algorithms to find the keys required by users. PGP requires a password in multiple locations, which protects the private key. Because the private key is too long and irregular, it is hard to remember. PGP encrypts it with a password and saves it to the key ring, so that you can use the easy-to-remember password to indirectly use the private key. Each private key of PGP is encrypted by a corresponding password. PGP requires the user to enter the password at three points: to unlock the encrypted information, PGP requires the user to enter the password and retrieve the private key to decrypt the information. When the user needs to sign the file or information, you need to enter the password when entering the password and getting the private key to encrypt the files on the disk.

 

Let's use VC ++ to export session keys.Program, SeeCodeImplementation and comments

# Include <stdio. h> <br/> # include <windows. h> <br/> # include <wincrypt. h> <br/> # define my_encoding_type (pkcs_7_asn_encoding | x509_asn_encoding) <br/> hcryptprov getcryptprov (); <br/> void handleerror (char * s ); </P> <p> void main (void) <br/>{< br/> // -------------------------------------------------------------------- <br/> // variable declaration and initialization </P> <p> hcryptprov hprov; // CSP handle <br/> hcryptkey hxchgkey; // exchange key pair handle <br /> Hcryptkey hkey; // session key handle <br/> byte * pbkeyblob; // simple key block pointer <br/> DWORD dwbloblen; // key block length </P> <p> // secret <br/> // obtain the encryption service provider handle <br/> hprov = getcryptprov (); </P> <p> // encrypt <br/> // create an exchange key <br/> If (cryptgenkey (<br/> hprov, <br/> at_keyexchange, <br/> 0, <br/> & hxchgkey) <br/> {<Br/> printf ("the exchange key has been created. \ n "); <br/>}< br/> else <br/> {<br/> handleerror (" An error occurred while trying to create a swap key. \ n "); <br/>}</P> <p> // ---------------------------------------------------------------- <br/> // create a session key. </P> <p> If (cryptgenkey (<br/> hprov, <br/> calg_rc4, <br/> crypt_exportable, <br/> & hkey )) <br/> {<br/> printf ("the original session key is created. \ n "); <br/>}< br/> else <br/> {<br/> handleerror (" error -- cryptgenkey. "); <br/>}< br/> // Determine the length of the key data block. </P> <p> If (cryptexportkey (<br/> hkey, // key to be exported <br/> hxchgkey, // use this key to encrypt the key data block <br/> simpleblob, <br/> 0, <br/> null, // key block, if it is null, the length of the key block is returned. <br/> & dwbloblen )) // key block Data Length <br/>{< br/> printf ("the session key data block length has been determined. \ n "); <br/>}< br/> else <br/> {<br/> handleerror (" An error occurred while calculating the length of the key data block. "); <br/>}</P> <p> If (pbkeyblob = (byte *) malloc (dwbloblen )) <br/> {<br/> printf ("memory space has been allocated for this data block. \ n "); <br/>}< br/> else <br/> {< Br/> handleerror ("the memory is insufficient. \ n "); <br/>}< br/> // export <br/> // export the key to a simple key data block </P> <p> If (cryptexportkey (<br/> hkey, // The Key to be exported <br/> hxchgkey, // use this key to encrypt the key data block <br/> simpleblob, // type of the key block to be exported <br/> 0, <br/> pbkeyblob, // key block <br/> & dwbloblen )) // key block Data Length <br/>{< br/> printf ("the content of the key to be exported has been written into this data block. \ n "); <br/>}< br/> else <br/> {<br/> handleerror (" error Duri Ng cryptexportkey. "); <br/>}< br/> // ------------------------------------------------------------------ <br/> // After exporting the key from CSP to the key data block, you can save the key block through other processing methods. <br/> // For example, you can write the key data block to a file. </P> <p> // -------------------------------------------------------------------- <br/> // release the memory of the key data block. <br/> free (pbkeyblob); </P> <p> // destroy the session key. <br/> If (hkey) <br/> cryptdestroykey (hkey); </P> <p> // destroy the exchange key pair <br/> If (hxchgkey) <br/> cryptdestroy Key (hxchgkey); </P> <p> // release the CSP handle <br/> If (hprov) <br/> cryptreleasecontext (hprov, 0 ); </P> <p> printf ("the program is running correctly. \ n "); </P> <p >}// end of main </P> <p> // obtain the encryption provider handle <br/> hcryptprov getcryptprov () <br/>{< br/> hcryptprov; // encryption service provider handle </P> <p> // obtain the encryption provider handle <br/> If (cryptacquirecontext (<br/> & hcryptprov, // encryption service provider handle <br/> null, // key container name. Here, use the login user name <br/> ms_enhanced_prov, // encryption service provider <br/> prov_rsa_full, // Data encryption service provider type, which can provide encryption, signature, and other functions <br/> 0 )) // flag <br/>{< br/> printf ("the encryption service provider handle is obtained successfully! \ N "); <br/>}< br/> else <br/>{</P> <p> // create a new key set <br/> If (! Cryptacquirecontext (& hcryptprov, null, ms_enhanced_prov, prov_rsa_full, crypt_newkeyset) <br/>{< br/> handleerror ("An error occurred while recreating a new key set! "); <Br/>}</P> <p >}< br/> return hcryptprov; <br/>}</P> <p> // handleerror: error handler, print error information, and exit the Program <br/> void handleerror (char * s) <br/>{< br/> printf ("an error occurred during program execution! \ N "); <br/> printf (" % s \ n ", S); <br/> printf (" error code: % x. \ n ", getlasterror (); <br/> printf (" the program is terminated! \ N "); <br/> exit (1); <br/>}< br/>