Click here to Skip to main content
15,612,449 members
Articles / Security / Cryptography
Article
Posted 10 Dec 2001

Stats

155.3K views
1.6K downloads
43 bookmarked

Obtain the Plain Text Session Key using CryptoAPI

Rate me:
Please Sign up or sign in to vote.
4.90/5 (15 votes)
22 Sep 2022MIT
How to get plain text session using CryptoAPI
Generally, it's very important to obtain the value of session keys. However, the Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey() and CryptImportKey() require a valid key handle to encrypt and decrypt the session key, respectively.

Introduction

Sometimes, extracting raw session keys is necessary, particularly when implementing cryptographic protocols. However, Microsoft Cryptographic Providers (Base and Enhanced) do not support this feature. CryptExportKey() and CryptImportKey() require a valid key handle to encrypt and decrypt the session key, respectively. MSDN shows a way of doing this using a exponent-of-one private key. This article shows a better way to perform the same process. This way is faster and more straightforward.

It's ready to go, but you must set the following parameters at Project -> Settings (Visual Studio 6.0):

  • Add in C++/Preprocessor definitions: _WIN32_WINNT=0x0500, _CRYPT32_(WIN2K) or _WIN32_WINNT=0x0400, _CRYPT32_(NT4)
  • And Link this library crypt32.lib

Code Listing

C++
#include <windows.h>
#include <wincrypt.h>

#define KEY_PAIR_SIZE     dwSize - 12
#define SESSION_KEY_SIZE  dwKeyMaterial

void main()
{
    HCRYPTPROV hProv = 0;
    HCRYPTKEY hExchangeKeyPair = 0;
    HCRYPTKEY hSessionKey = 0;
    BYTE *pbKeyMaterial  = NULL;
    DWORD dwKeyMaterial ;   
    BYTE *pbExportedKeyBlob = NULL;
    BYTE *pbEncryptedKey    = NULL;
    DWORD dwSize;
    unsigned int c;

    __try
    {
        if (!CryptAcquireContext( &hProv, "Container Name", 
            MS_ENHANCED_PROV , PROV_RSA_FULL, CRYPT_MACHINE_KEYSET ))
        {
            __leave;
        }

        //---------------------------------------------------
        //Creating a session key. In this sample we'll use a 
        //3DES key with 168 bits

        if (!CryptGenKey(hProv,CALG_3DES,CRYPT_EXPORTABLE,
            &hSessionKey))
        {
            __leave;
        }

        //---------------------------------------------------
        //Getting a handle to the Exchange Key pair

        if (!CryptGetUserKey( hProv, AT_KEYEXCHANGE, 
            &hExchangeKeyPair))
        {
            __leave;
        }

        //--------------------------------------------------------
        //Encrypting the session key with the public key part
        //of the keypair. The first call gets the size necessary to 
        //hold the encrypted session key and the second exports it.

        if (!CryptExportKey( hSessionKey, hExchangeKeyPair, 
            SIMPLEBLOB, 0, NULL, &dwSize))
        {
            __leave;
        }

        pbExportedKeyBlob = new BYTE[dwSize];

        if (!CryptExportKey( hSessionKey, hExchangeKeyPair, SIMPLEBLOB, 
            0, pbExportedKeyBlob,  &dwSize))
        {
            __leave;
        }

        //--------------------------------------------------------
        //Let's  remove the first 12 bytes of Blob information 

        pbEncryptedKey  =  new BYTE [KEY_PAIR_SIZE];  

        for ( c = 0 ; c < KEY_PAIR_SIZE ; c++ )
        {
            pbEncryptedKey[c] =  pbExportedKeyBlob[c+12]; 
        }

        //--------------------------------------------------------
        //Now it's time to get the value of the session key, we'll
        //use the private part of the key pair. 

        if (!CryptDecrypt( hExchangeKeyPair,0, TRUE, 0,  
            pbEncryptedKey, &dwKeyMaterial))
        {
            __leave;
        }

        //-------------------------------------------------------
        //The pbKeyMaterial is the value of the key

        pbKeyMaterial = new BYTE[ SESSION_KEY_SIZE ];

        for ( c = 0; c <  SESSION_KEY_SIZE ; c++ )
        {
            pbKeyMaterial[c] = pbEncryptedKey[c];    
        }

        //-------------------------------------------------------
        //The key is in big-endian format, because that's the way
        //the encryption block is built.
    }
    __finally
    {
        if (pbKeyMaterial ) LocalFree(pbKeyMaterial );
        if (hSessionKey) CryptDestroyKey(hSessionKey);
        if (hExchangeKeyPair) CryptDestroyKey(hExchangeKeyPair);
        if (hProv) 
        {  
            CryptReleaseContext(hProv, 0);
        }
    }

} // End Main

History

  • 11th December, 2001: Initial version
  • 22nd December, 2022: Update - Corrected some problems in the text and the license 

License

This article, along with any associated source code and files, is licensed under The MIT License


Written By
Technical Lead doma.com
United States United States
• Has Acted as Software Architect and Technical Leader in many projects
• Good knowledge of Windows Internals
• More than 10 years of software design and development experience in Visual C/C++.
• More than 10 years of experience in Security/Cryptography software design and programming.
• Fluent in Java language.
• Fluent in Lua Scripting language.
• 4 years experience with OpenFlow. Building 2 controllers (Lua and Java) from the ground up.
• Good knowledge of .NET framework and C# language, also using ASP.NET.
• Good knowledge of Objective C and Cocoa.
• Good knowledge of MacOSX/Linux programming in C++
• Some knowledge of Carbon and Qt application development C++.

Certified ScrumMaster (CSM) - #108416

Specialties: Visual C++® and C, MFC, ATL, COM, STL, ActiveX, Lua, OpenFlow, Cocoa, Carbon and Qt application development, C# and Java (J2SE and J2ME), Brew Framework for CDMA, Linux Programming in C++, PocketPC (embedded C++ and .NET Compact Framework) , Device Driver Development , SQL Server 6.5/7/2000/2005, MySQL, IBM DB2 and Access
Visual C++ 6.0, Visual Studio (all versions), Eclipse, NetBeans, XCode, Qt Creator and Carbide.
Microsoft Windows NT to 7, Windows CE 3.0/5.0/6.0, Mac OS X and Linux.

Comments and Discussions

 
GeneralHere is a link to some associated documentation Pin
Paul Sanders (the other one)21-Oct-07 3:52
Paul Sanders (the other one)21-Oct-07 3:52 
GeneralKudos Pin
Ashutosh Arya2-Oct-07 19:59
Ashutosh Arya2-Oct-07 19:59 
QuestionHow to use publickey of another user Pin
chakra_r24-Mar-04 10:21
chakra_r24-Mar-04 10:21 
AnswerRe: How to use publickey of another user Pin
Anonymous24-Mar-04 15:26
Anonymous24-Mar-04 15:26 
Generalerror include wincrypt.h Pin
LoLem23-Mar-04 23:18
LoLem23-Mar-04 23:18 
GeneralRe: error include wincrypt.h Pin
Raphael Amorim22-Apr-04 1:07
professionalRaphael Amorim22-Apr-04 1:07 
GeneralThanks, Bug &amp; Suggestion Pin
C. Jayachandran20-Nov-03 21:57
sussC. Jayachandran20-Nov-03 21:57 
GeneralRe: Thanks, Bug &amp; Suggestion Pin
Raphael Amorim19-Apr-05 16:02
professionalRaphael Amorim19-Apr-05 16:02 
QuestionWhy CryptGetUserKey returned the same key every time called at one machine? Pin
zy_ball10-Nov-03 15:02
zy_ball10-Nov-03 15:02 
AnswerRe: Why CryptGetUserKey returned the same key every time called at one machine? Pin
Raphael Amorim24-Nov-03 9:33
professionalRaphael Amorim24-Nov-03 9:33 
GeneralRe: Why CryptGetUserKey returned the same key every time called at one machine? Pin
zy_ball24-Nov-03 13:38
zy_ball24-Nov-03 13:38 
GeneralWindows XP != Windows 2000 Pin
William huang8-Aug-03 12:10
William huang8-Aug-03 12:10 
GeneralImporting it back Pin
User 988511-Mar-03 3:41
User 988511-Mar-03 3:41 
GeneralRe: Importing it back Pin
Raphael Amorim11-Mar-03 5:30
professionalRaphael Amorim11-Mar-03 5:30 
GeneralCAPI in a vc++ app Pin
Nnamdi Onyeyiri12-Dec-01 3:27
Nnamdi Onyeyiri12-Dec-01 3:27 
GeneralRe: Could you be an more lamer? Pin
15-Dec-01 0:04
suss15-Dec-01 0:04 
GeneralRe: Could you be an more lamer? Pin
#realJSOP15-Dec-01 1:30
mva#realJSOP15-Dec-01 1:30 
GeneralRe: Could you be an more lamer? Pin
Raphael Amorim15-Dec-01 9:23
professionalRaphael Amorim15-Dec-01 9:23 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.