CryptoSys PKI Toolkit Manual

RSA_KemWrap

RSA_KemWrap Wraps (encrypts) secret key material using RSA-KEM ("Simple RSA") with the recipient's RSA public key.

VB6/VBA Syntax

Public Declare Function RSA_KemWrap Lib "diCrPKI.dll" (ByRef abOutput As Byte, ByVal nOutBytes As Long, ByRef abData As Byte, ByVal nDataLen As Long, ByVal strPublicKey As String, ByVal nOptions As Long) As Long

nRet = RSA_KemWrap(abOutput(0), nOutBytes, abData(0), nDataLen, strPublicKey, nOptions)

Parameters

abOutput
[out] Byte array to receive the encrypted output.
nOutBytes
[in] Long specifying the maximum length of the output array in bytes.
abData
[in] Byte array containing the key material data to be wrapped.
nDataLen
[in] Long specifying the number of bytes in the data.
strPublicKey
[in] String containing the recipient's public key in "internal" format.
nOptions
[in] Long option flags. Select one block cipher algorithm for the data encapsulation mechanism from
PKI_BC_AES128 to use aes128-Wrap (default)
PKI_BC_AES192 to use aes192-Wrap
PKI_BC_AES256 to use aes256-Wrap
PKI_BC_3DES to use cms3DESWrap
and select one KDF2-HashFunction from
PKI_HASH_SHA1 to use sha1 (default)
PKI_HASH_SHA224 to use sha224
PKI_HASH_SHA256 to use sha256
PKI_HASH_SHA384 to use sha384
PKI_HASH_SHA512 to use sha512

C/C++ Syntax

long _stdcall RSA_KemWrap(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpData, long nDataLen, const char *szPublicKey, long nOptions);

Returns (VB6/C)

Long: If successful, the return value is the number of bytes in the output array; otherwise it returns a negative error code.

.NET Equivalent

Rsa.KemWrap Method

[C#]
public static byte[] KemWrap( byte[] data, string publicKey, WrapAlgorithm wrap, KdfFunc kdf, HashAlgorithm kdfHashFunc );
[VB.NET]
Public Shared Function KemWrap( ByVal message As Byte(), ByVal publicKey As String, ByVal wrap As WrapAlgorithm, ByVal kdf As KdfFunc, ByVal kdfHashFunc As HashAlgorithm ) As Byte()

.NET Return Value

Wrapped key.

Refer to the .NET Help File for more details of the .NET equivalent methods.

Remarks

This function uses the RSA-KEM key transport algorithm to wrap keying data using the recipient's RSA public key. The input data to be wrapped must be a valid length for the underlying data encapsulation mechanism; specifically, at least 16 bytes and a multiple of 8 bytes for AES, or exactly 24 bytes for Triple DES. The output is the exact octet string that would be used as the EncryptedKey value in an CMS enveloped-data object (see CMS_MakeEnvData). Specify a zero value for nOutBytes to find the required length for the output. The default algorithms used are aes128-Wrap for key wrapping, kdf-kdf2 as the key derivation function, and sha1 for the KDF-HashFunction. Only KDF2 is currently provided for the key derivation function. No parity bit checks or changes are made for a Triple-DES key. To carry out the underlying key wrap operation with a block cipher, use CIPHER_KeyWrap.

Example

Dim strPriKeyFile As String
Dim strPrivateKey As String
Dim strCertFile As String
Dim strPublicKey As String
Dim abKeyData() As Byte
Dim abEncKey() As Byte
Dim kdLen As Long
Dim ekLen As Long

' PART 1. Wrap some key data with recipient's public key
Debug.Print "WRAP SOME KEY DATA"
abKeyData = cnvBytesFromHexStr("00112233445566778899aabbccddeeff")
Debug.Print "K= " & cnvHexStrFromBytes(abKeyData)
kdLen = UBound(abKeyData) - LBound(abKeyData) + 1
Debug.Print "kdLen=" & kdLen

' Get the recipient's public key from his certificate
strCertFile = "C:\Test\BobRSASignByCarl.cer"
strPublicKey = rsaGetPublicKeyFromCert(strCertFile)
If Len(strPublicKey) = 0 Then
    Debug.Print "Error reading public key"
    Exit Sub
End If
Debug.Print "nLen =" & RSA_KeyBytes(strPublicKey)

' How long is the encrypted key?
ekLen = RSA_KemWrap(0, 0, abKeyData(0), kdLen, strPublicKey, 0)
Debug.Print "ekLen=" & ekLen
If ekLen <= 0 Then
    Debug.Print "Invalid EK length"
    Exit Sub
End If

' Derive the Encrypted Key value
ReDim abEncKey(ekLen - 1)
ekLen = RSA_KemWrap(abEncKey(0), ekLen, abKeyData(0), kdLen, strPublicKey, 0)
If ekLen <= 0 Then
    Debug.Print "RSA_KemWrap failed"
    Exit Sub
End If
Debug.Print "EK=" & cnvHexStrFromBytes(abEncKey)


' PART 2. Unwrap using the private key
Debug.Print
Debug.Print "UNWRAP SOME KEY DATA"
strPriKeyFile = "C:\Test\BobPrivRSAEncrypt.epk"
strPrivateKey = rsaReadPrivateKey(strPriKeyFile, "password")
If Len(strPrivateKey) = 0 Then
    MsgBox "Cannot read private key"
    Exit Sub
End If
Debug.Print "nLen =" & RSA_KeyBytes(strPrivateKey)

' How long is the unwrapped key data?
kdLen = RSA_KemUnwrap(0, 0, abEncKey(0), ekLen, strPrivateKey, 0)
Debug.Print "kdLen=" & kdLen
If kdLen <= 0 Then
    Debug.Print "RSA_KemUnwrap failed"
    Exit Sub
End If

' Unwrap the encrypted key
ReDim abKeyData(kdLen - 1)
kdLen = RSA_KemUnwrap(abKeyData(0), kdLen, abEncKey(0), ekLen, strPrivateKey, 0)
If kdLen <= 0 Then
    Debug.Print "RSA_KemUnwrap failed"
    Exit Sub
End If
Debug.Print "KD=" & cnvHexStrFromBytes(abKeyData)

Some sample output from this looks like (it will be different each time because of random input)

WRAP SOME KEY DATA
K= 00112233445566778899AABBCCDDEEFF
kdLen=16
nLen =128
ekLen=152
EK=
60443303A5A5F12A83A5085C4B2271E6EDDD51C560C7B19A0611F15014A669C93F00FFA1A64E2578
EF267CB568F4B4CBBE695492D1D6F464E5F25C0E586C91F69CA10F1CA5523665C90ADD95865AC358
E10DB79CDB93CE0B08C7B6559504AEA37E6CAF949FD9D20B07899376C10DB8EACED6CB3DE5BF2C6B
F7107FB41E2CC14D1FE87AFCEB04D0F66A815D69C6103D64AC44F0E6EDC7937C

UNWRAP SOME KEY DATA
nLen =128
kdLen=16
KD=00112233445566778899AABBCCDDEEFF

See Also

RSA_KemUnwrap CIPHER_KeyWrap CIPHER_KeyUnwrap

[Contents] [Index]

[HOME]   [NEXT: RSA_KemUnwrap...]
Copyright © 2004-9 D.I. Management Services Pty Ltd. All rights reserved.