The IX509PrivateKey::Import method cannot import ECDH key blobs without first setting the private key algorithm property, and cannot import ECDSA key blobs without first setting the private key algorithm and private key KeyUsage properties.
The private key class defaults to RSA when the algorithm is not specified, and defaults to preferring encryption algorithms when the ECC algorithms are used.
These defaults conflict with the algorithms used for ECDH and ECDSA private keys.
To import an ECDH or ECDSA key using the IX509PrivateKey::Import method, you must first set the algorithm property to an IObjectId instance initialized for "1.2.840.10045.3.1.7" (the OID used for both ECDSA_P256 and ECDH_P256).
To import an ECDSA key, you must also first set the private key KeyUsage property to XCN_NCRYPT_ALLOW_SIGNING_FLAG.
Otherwise, the default algorithm and/or KeyUsage values will conflict with the imported private key blob algorithm and the import will fail.
The following example creates an ECDSA private key, exports it, and re-imports it.
Option Explicit Public Const XCN_CRYPT_STRING_BASE64 = 1 Public Const XCN_CRYPT_STRING_HEXASCII = 5 Public Const XCN_CRYPT_STRING_HEXRAW = &Hc Public Const XCN_CRYPT_PUBKEY_ALG_OID_GROUP_ID = 3 Public Const XCN_CRYPT_OID_INFO_PUBKEY_ANY = 0 Public Const AlgorithmFlagsNone = 0 ' AlgorithmOperationFlags: Public Const XCN_NCRYPT_NO_OPERATION = &H00000000 Public Const XCN_NCRYPT_CIPHER_OPERATION = &H00000001 Public Const XCN_NCRYPT_HASH_OPERATION = &H00000002 Public Const XCN_NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION = &H00000004 Public Const XCN_NCRYPT_SECRET_AGREEMENT_OPERATION = &H00000008 Public Const XCN_NCRYPT_SIGNATURE_OPERATION = &H00000010 Public Const XCN_NCRYPT_RNG_OPERATION = &H00000020 Public Const XCN_NCRYPT_ANY_ASYMMETRIC_OPERATION = &H0000001c Public Const XCN_NCRYPT_PREFER_SIGNATURE_ONLY_OPERATION = &H00200000 Public Const XCN_NCRYPT_PREFER_NON_SIGNATURE_OPERATION = &H00400000 Public Const XCN_NCRYPT_EXACT_MATCH_OPERATION = &H00800000 Public Const XCN_NCRYPT_PREFERENCE_MASK_OPERATION = &H00e00000 ' X509PrivateKeyExportFlags: Public Const XCN_NCRYPT_ALLOW_EXPORT_FLAG = &H00000001 Public Const XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG = &H00000002 ' X509PrivateKeyUsageFlags: Public Const XCN_NCRYPT_ALLOW_DECRYPT_FLAG = &H00000001 Public Const XCN_NCRYPT_ALLOW_SIGNING_FLAG = &H00000002 Public Const XCN_NCRYPT_ALLOW_KEY_AGREEMENT_FLAG = &H00000004 Public Const XCN_NCRYPT_ALLOW_ALL_USAGES = &H00ffffff SubDeleteKey( _ ByVal ContainerName) DimPrivateKeyDelete SetPrivateKeyDelete = CreateObject("X509Enrollment.CX509PrivateKey") PrivateKeyDelete.ContainerName =ContainerName PrivateKeyDelete.ProviderName = "Microsoft Software Key Storage Provider" On Error Resume Next PrivateKeyDelete.Delete() On Error GoTo 0 End Sub DimContainerName DimPrivateKey Dim Algorithm DimExportedKey Dim PrivateKey2 Dim ExportedKey2 ContainerName = "TestECDSA" Wscript.echo "Deleting old test keys..." DeleteKey(ContainerName) DeleteKey(ContainerName & "2") Wscript.echo "Creating objects..." SetPrivateKey = CreateObject("X509Enrollment.CX509PrivateKey") PrivateKey.ContainerName =ContainerName PrivateKey.ProviderName = "Microsoft Software Key Storage Provider" Set Algorithm = CreateObject("X509Enrollment.CObjectId") Algorithm.InitializeFromAlgorithmName _ XCN_CRYPT_PUBKEY_ALG_OID_GROUP_ID, _ XCN_CRYPT_OID_INFO_PUBKEY_ANY, _ AlgorithmFlagsNone, _ "ECDSA_P256" PrivateKey.Algorithm = Algorithm PrivateKey.KeyUsage = XCN_NCRYPT_ALLOW_SIGNING_FLAG PrivateKey.ExportPolicy = XCN_NCRYPT_ALLOW_EXPORT_FLAG Or _ XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG PrivateKey.Create() ExportedKey =PrivateKey.Export("PRIVATEBLOB", XCN_CRYPT_STRING_HEXASCII) Wscript.echo "Exported private key:" Wscript.echo ExportedKey Set PrivateKey2 = CreateObject("X509Enrollment.CX509PrivateKey") PrivateKey2.ContainerName =ContainerName & "2" PrivateKey2.LegacyCsp = False PrivateKey2.Algorithm = Algorithm PrivateKey2.KeyUsage = XCN_NCRYPT_ALLOW_SIGNING_FLAG PrivateKey2.ExportPolicy = XCN_NCRYPT_ALLOW_EXPORT_FLAG Or _ XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG PrivateKey2.Import "PRIVATEBLOB", ExportedKey, XCN_CRYPT_STRING_HEXASCII ExportedKey2 = PrivateKey2.Export("PRIVATEBLOB", XCN_CRYPT_STRING_HEXASCII) Wscript.echo "Exported private key (after import):" Wscript.echo ExportedKey2 Wscript.echo "Done." Wscript.Quit 0
Sample output
Deleting old test keys... Creating objects... Exported private key: 45 43 53 32 20 00 00 00 6f 31 07 ae 02 85 43 0b ECS2 ...o1....C. 68 29 29 3c 40 9f 0b fb d5 18 32 c4 1a d7 ac f4 h))<@.....2..... 81 68 03 cd 6e de 5b 39 3d b7 7a ce 8c 1a 57 21 .h..n.[9=.z...W! e1 92 15 e5 d1 40 c4 9a e8 92 99 28 13 8a e2 da .....@.....(.... b4 3a 78 9a c5 d3 22 ea 2a fd 57 24 0e 0e b6 39 .:x...".*.W$...9 f8 3a ae 11 ff 46 80 82 86 2c cb 8b 49 98 e8 9c .:...F...,..I... 93 af b4 21 5c 25 ec 3f ...!\%.? Exported private key (after import): 45 43 53 32 20 00 00 00 6f 31 07 ae 02 85 43 0b ECS2 ...o1....C. 68 29 29 3c 40 9f 0b fb d5 18 32 c4 1a d7 ac f4 h))<@.....2..... 81 68 03 cd 6e de 5b 39 3d b7 7a ce 8c 1a 57 21 .h..n.[9=.z...W! e1 92 15 e5 d1 40 c4 9a e8 92 99 28 13 8a e2 da .....@.....(.... b4 3a 78 9a c5 d3 22 ea 2a fd 57 24 0e 0e b6 39 .:x...".*.W$...9 f8 3a ae 11 ff 46 80 82 86 2c cb 8b 49 98 e8 9c .:...F...,..I... 93 af b4 21 5c 25 ec 3f ...!\%.? Done. Deleting old test keys... Creating objects... Exported private key: 45 43 4b 32 20 00 00 00 92 84 36 ca 13 2e f9 a3 ECK2 .....6..... d0 8e c4 52 4f 58 48 70 fe 71 16 7d a1 be 5b 08 ...ROXHp.q.}..[. cc ad fb 9b 4d de fd 2e 0b c7 39 17 27 5f 06 66 ....M.....9.'_.f 83 74 e1 b2 f6 fd d8 1b a7 3b a7 6b 59 69 11 e9 .t.......;.kYi.. 6f 10 ac 35 98 2b be 16 45 34 40 b0 de 14 42 47 o..5.+..E4@...BG c6 5d 63 d8 85 01 1a c6 92 c0 0f af 57 47 50 fd .]c.........WGP. a0 bd 03 7e 0a 60 c8 e2 ...~.`.. Exported private key (after import): 45 43 4b 32 20 00 00 00 92 84 36 ca 13 2e f9 a3 ECK2 .....6..... d0 8e c4 52 4f 58 48 70 fe 71 16 7d a1 be 5b 08 ...ROXHp.q.}..[. cc ad fb 9b 4d de fd 2e 0b c7 39 17 27 5f 06 66 ....M.....9.'_.f 83 74 e1 b2 f6 fd d8 1b a7 3b a7 6b 59 69 11 e9 .t.......;.kYi.. 6f 10 ac 35 98 2b be 16 45 34 40 b0 de 14 42 47 o..5.+..E4@...BG c6 5d 63 d8 85 01 1a c6 92 c0 0f af 57 47 50 fd .]c.........WGP. a0 bd 03 7e 0a 60 c8 e2 ...~.`.. Done.
See Also List of Technologies and Related Topics Wiki: Development Portal
Carsten Siemens edited Revision 5. Comment: Added tags: en-US, has comment, has TOC, has See Also, has code
Eric Battalio MSFT edited Original. Comment: applied h2 style, moved "following example" before example
Ed Price MSFT edited Revision 2. Comment: Added "See Also" section.
Fernando Lugão Veltem edited Revision 4. Comment: added toc
Interesting
Good Article.