CODEWITHSUNDEEP
.netwindowscryptographycryptoapicng
wilkexx
wilkexx

Reputation: 113

Windows CNG custom key storage provider

How to register a custom key storage provider in CNG with its own key BLOB format, etc? What I really want to do is to provide an ability to handle a custom CNG key BLOB format in .NET. I've read in CNG docs that it provides a way to add third-party KSPs but could't find any sample or tutorial how to do that.

Upvotes: 2

Views: 4091

Answers (1)

CristianTM
CristianTM

Reputation: 338

How to register a custom key storage provider in CNG with its own key BLOB format, etc?

Since you only want to register, I´m assuming you already have the custom KSP ready, just need to register it. Anyway, you can do it programatically.

The following code is from the Sample KSP provided with the Cryptographic Provider Development Kit (http://www.microsoft.com/en-us/download/details.aspx?id=30688)

    void
RegisterProvider(
    void
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;

    //
    // Make CNG aware that our provider
    // exists...
    //
    ntStatus = BCryptRegisterProvider(
                    SAMPLEKSP_PROVIDER_NAME,
                    0,                          // Flags: fail if provider is already registered
                    &SampleKSPProvider
                    );
    if (!NT_SUCCESS(ntStatus))
    {
        wprintf(L"BCryptRegisterProvider failed with error code 0x%08x\n", ntStatus);
    }

    //
    // Add the algorithm name to the priority list of the
    // symmetric cipher algorithm class. (This makes it
    // visible to BCryptResolveProviders.)
    //
    ntStatus = BCryptAddContextFunction(
                    CRYPT_LOCAL,                    // Scope: local machine only
                    NULL,                           // Application context: default
                    NCRYPT_KEY_STORAGE_INTERFACE,   // Algorithm class
                    NCRYPT_KEY_STORAGE_ALGORITHM,   // Algorithm name
                    CRYPT_PRIORITY_BOTTOM           // Lowest priority
                    );
    if ( !NT_SUCCESS(ntStatus))
    {
        wprintf(L"BCryptAddContextFunction failed with error code 0x%08x\n", ntStatus);
    }

    //
    // Identify our new provider as someone who exposes
    // an implementation of the new algorithm.
    //
    ntStatus = BCryptAddContextFunctionProvider(
                    CRYPT_LOCAL,                    // Scope: local machine only
                    NULL,                           // Application context: default
                    NCRYPT_KEY_STORAGE_INTERFACE,   // Algorithm class
                    NCRYPT_KEY_STORAGE_ALGORITHM,   // Algorithm name
                    SAMPLEKSP_PROVIDER_NAME,        // Provider name
                    CRYPT_PRIORITY_BOTTOM           // Lowest priority
                    );
    if ( !NT_SUCCESS(ntStatus))
    {
        wprintf(L"BCryptAddContextFunctionProvider failed with error code 0x%08x\n", ntStatus);
    }
}

Upvotes: 3

Related Questions