在Windows 7 Pro x64上,我尝试使用下一代加密API创建持久性AES密钥。
问题是NCryptCreatePersistedKey函数返回NTE_NOT_SUPPORTED。
我的代码:
#include "Windows.h"
#include "bcrypt.h"
#include "ncrypt.h"
int main() {
NCRYPT_PROV_HANDLE hProvider;
NCRYPT_KEY_HANDLE hKey;
// Open storage provider
HRESULT status = NCryptOpenStorageProvider(&hProvider,
MS_KEY_STORAGE_PROVIDER, 0);
// Get stored cipher key
status = NCryptOpenKey(hProvider, &hKey, L"test-key", 0, 0);
// Create key if it doesn't exist
if (status == NTE_BAD_KEYSET) {
status = NCryptCreatePersistedKey(hProvider, &hKey,
BCRYPT_AES_ALGORITHM, L"test-key", 0, 0);
status = NCryptFinalizeKey(hKey, 0);
}
return 0;
}
适用于Windows 10 Pro x64。
文档说最低支持的客户端是Windows Vista ......
感谢您的帮助。
答案 0 :(得分:0)
MS_KEY_STORAGE_PROVIDER在Windows 7上不支持AES或3DES,它是8或8.1中添加的功能。我能找到的最好的来源是some test state for .NET Core。或者,你可以去wincrypt.h:
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_AES_ALGORITHM BCRYPT_AES_ALGORITHM
#define NCRYPT_RC2_ALGORITHM BCRYPT_RC2_ALGORITHM
#define NCRYPT_3DES_ALGORITHM BCRYPT_3DES_ALGORITHM
#define NCRYPT_DES_ALGORITHM BCRYPT_DES_ALGORITHM
#define NCRYPT_DESX_ALGORITHM BCRYPT_DESX_ALGORITHM
#define NCRYPT_3DES_112_ALGORITHM BCRYPT_3DES_112_ALGORITHM
#define NCRYPT_SP800108_CTR_HMAC_ALGORITHM BCRYPT_SP800108_CTR_HMAC_ALGORITHM
#define NCRYPT_SP80056A_CONCAT_ALGORITHM BCRYPT_SP80056A_CONCAT_ALGORITHM
#define NCRYPT_PBKDF2_ALGORITHM BCRYPT_PBKDF2_ALGORITHM
#define NCRYPT_CAPI_KDF_ALGORITHM BCRYPT_CAPI_KDF_ALGORITHM
#endif // (NTDDI_VERSION >= NTDDI_WIN8)
#defines的NCRYPT版本直到Windows 8才存在,这表明NCrypt(持久密钥)API并不期望在Windows 8之前进行AES。