The CNG key storage function, NCryptExportKey (), doesn't support BCRYPT_AES_WRAP_KEY_BLOB but the CNG cryptographic primitive function, BCryptExportKey(), supports it. Why Windows CNG doesn't support AES in key storage functions?
I guess that AES is symmetric encryption algorithm. The AES key is shared between two devices. For asymmetric encryption algorithm (e.g., RSA), only public key is shared and private key is kept and hidden in the owned device. The private key must be protected in a secure storage. Therefore Windows CNG provides key storage functions to store private keys of RSA. For AES key, it is not necessary to protect it. Therefore there is not AES in CNG key storage functions.
-Count
No comments:
Post a Comment