想法是让两个应用程序具有CNG共享机密。
应用程序A和B创建(或导入)证书。如果创建,它将使用NCryptCreatePersistedKey()和CertSerializeCertificateStoreElement()句柄。
应用程序将其证书(CertAddSerializedElementToStore())序列化并传输到另一端。
应用程序A重新创建B证书(NCryptSecretAgreement()),反之亦然。
现在,我应该使用BCryptSecretAgreement()或CryptImportPublicKeyInfoEx2()来创建共享密钥。问题是CryptAcquireCertificatePrivateKey()将(接收到的证书的)公共密钥导入到BCRYPT_KEY_HANDLE中,在那里我需要一个NCRYPT_KEY_HANDLE来调用NCryptSecretAgreement()。如果我想使用BCryptSecretAgreement(),那么我需要一个BCRYPT_KEY_HANDLE,而不是shared_ptr<NcryptObject> CreateShared(CertX& priv,CertX& pub)
{
shared_ptr<NcryptObject> o;
HCRYPTPROV_OR_NCRYPT_KEY_HANDLE h1 = 0;
DWORD kt = 0;
BOOL kb = 0;
CryptAcquireCertificatePrivateKey(priv.h(), CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG, 0, &h1, &kt, &kb);
if (!h1)
return nullptr;
shared_ptr<NcryptObject> k1;
if (kb)
k1 = make_shared<NcryptObject>(h1);
BCRYPT_KEY_HANDLE bc = 0;
CryptImportPublicKeyInfoEx2(X509_ASN_ENCODING,&pub.h()->pCertInfo->SubjectPublicKeyInfo, 0, 0, &bc);
if (!bc)
return 0;
// whops.
NCRYPT_SECRET_HANDLE se = 0;
auto e1 = NCryptSecretAgreement(h1,(NCRYPT_KEY_HANDLE)bc, &se, 0);
BCRYPT_SECRET_HANDLE se2 = 0;
auto e2 = BCryptSecretAgreement((BCRYPT_KEY_HANDLE)h1, bc, &se2, 0);
}
会返回。
如何从这里继续?
-- assessment contains the different assignments & labs that
-- students may submit their code to.
CREATE TABLE assessment (
id SERIAL PRIMARY KEY,
name VARCHAR(255) UNIQUE NOT NULL,
comments TEXT NOT NULL,
type ASSESSMENT_TYPE NOT NULL,
course_id SERIAL NOT NULL,
FOREIGN KEY (course_id) REFERENCES courses(id)
);
-- courses contains the information about a course. Since
-- the same course can run multiple times, a single course
-- is uniquely identified by (course_code, year, period)
CREATE TABLE courses (
id SERIAL PRIMARY KEY,
name VARCHAR(255) UNIQUE NOT NULL, -- Unique within all courses. Wrong!
course_code VARCHAR(20) NOT NULL,
period PERIOD NOT NULL,
year INTEGER NOT NULL
);