The CryptImportKey docs says that NTE_BAD_DATA can occur when importing a key when
Either the algorithm that works with the public key to be imported is not supported by this CSP, or an attempt was made to import a session key that was encrypted with something other than one of your public keys.
This has been exactly the case in my scenario. I generate RSA public/private key pair using .NET and RSACryptoServiceProvider:
1: RSACryptoServiceProvider rsa = new RSACryptoServiceProvider( 2048 );
3: File.WriteAllBytes( @"capipublic.key", rsa.ExportCspBlob( false ) );
4: File.WriteAllBytes( @"capiprivate.key", rsa.ExportCspBlob( true ) );
and then try to use these keys to encrypt/decrypt data in C++ using CryptoAPI.
It seems that the default MS_DEF_PROV provider is uncapable of importing a 2048-bit key and it just returns with NTE_BAD_DATA.
However, initializing the crypto context (CryptAcquiteContext) with more powerful CSP is enough, in this case the the MS_STRONG_PROV.
More on Crypto Service Providers here.
Post a Comment