| ||||
| ||||
| Что такое "пустая ключевая пара"? Есть в ней ключи или нет? Что фактически образуется при вызове CPGenKey с флагом CRYPT_PREGEN? Почему нельзя сразу создать непустой ключ? В чем смысл того, что параметры ключа устанавливаются функцией CPSetKeyParam? Зачем нужны "пустые пары"? | ||||
| Ответы: | ||||
| ||||
| > Что такое "пустая ключевая пара"? Параметры которой, в т.ч. значения собственно ключей, выставляются позже. > Есть в ней ключи или нет? Нет, до вызова CPSetKeyParam. > Что фактически образуется при вызове CPGenKey с флагом CRYPT_PREGEN? > Почему нельзя сразу создать непустой ключ? Можно сколько угодно - с другим алгоритмом. > В чем смысл того, что параметры ключа устанавливаются функцией CPSetKeyParam? В том, чтобы их можно было установить по желанию. > Зачем нужны "пустые пары"? Цитата из MSDN Generating Diffie-Hellman Keys The steps necessary for this are shown in the following procedure. To generate a Diffie-Hellman public key Call CryptAcquireContext to get a handle to the Microsoft Diffie-Hellman Cryptographic Provider. Generate the new key. There are two ways to accomplish this — by having CryptoAPI generate all new values for G, P, and X or by using existing values for G and P, and generating a new value for X. To generate the key by generating all new values Call CryptGenKey passing either CALG_DH_SF (store and forward) or CALG_DH_EPHEM (ephemeral) in the Algid parameter. The key will be generated, using new, random values for G and P, a newly calculated value for X, and its handle will be returned in the phKey parameter. The new key is now ready for use. Note that the values of G and P must be sent along with the key (or sent by some other method), when doing a key exchange. To generate the key by using predefined values for G and P Initialize a CRYPT_DATA_BLOB structure with the pbData member set to the G value. The BLOB contains no header information and the pbData member is in little-endian format. Initialize a CRYPT_DATA_BLOB structure with the pbData member set to the P value. The BLOB contains no header information and the pbData member is in little-endian format. Call CryptGenKey passing either CALG_DH_SF (store and forward) or CALG_DH_EPHEM (ephemeral) in the Algid parameter, and CRYPT_PREGEN for the dwFlags parameter. A key handle will be generated and returned in the phKey parameter. The value of G id set by calling CryptSetKeyParam, passing the key handle (retrieved in step c) in the hKey parameter, the KP_G flag in the dwParam parameter, and a pointer to the structure containing the value of G in the pbData parameter. The value of P is set by calling CryptSetKeyParam, passing the key handle (retrieved in step c) in the hKey parameter, the KP_P flag in the dwParam parameter, and a pointer to the structure containing the value of P in the pbData parameter. The value of X is generated by calling CryptSetKeyParam, passing the key handle (retrieved in step c) in the hKey parameter, the KP_X flag in the dwParam parameter, and NULL in the pbData parameter. If all the function calls succeeded, the DIFFIE-HELLMAN public key is ready for use. When the key is no longer needed, call CryptDestroyKey to destroy the key handle ( HCRYPTKEY). If CALG_DH_SF was specified in the previous procedures, the key values are persisted to storage with each call to CryptSetKeyParam. The G and P values can then be retrieved using CryptGetKeyParam. Some CSPs may have hard-coded G and P values. In this case a NTE_FIXEDPARAMETERS error will be returned if CryptSetKeyParam is called with KP_G or KP_P specified in the dwParam parameter. If CryptDestroyKey is called, the handle to the key is destroyed, but the key values are retained in the CSP. However, if CALG_DH_EPHEM was specified, the handle to the key is destroyed and all values are purged from the CSP. | ||||
Куликов Иван