-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement RSA encrypt/decrypt and sign/verify #6
Conversation
bc513cf
to
844a921
Compare
a5be7e4
to
938ad52
Compare
844a921
to
690c698
Compare
9eae00e
to
09899dd
Compare
d65eeb2
to
e1f71ab
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a suggestion on a comment. 😄
We should just sync up with .NET runtime and see if they already went down this discussion path with CNG. Maybe they have the reply handy still. |
Made it about halfway through commits. Will pick up the rest tonight / tomorrow morning. |
Co-authored-by: Davis Goodin <[email protected]>
@jaredpar good point, who should I contact? |
Please review #5 first.
This PR implements the following RSA algorithms:
The Microsoft Windows Cryptographic Primitives Library Security Policy Document says that exporting the private components of RSA keys is not allowed in FIPS mode:
I haven't found any other way to implement
GenerateKeyRSA
, so at the moment I will use theBCRYPT_RSAFULLPRIVATE_BLOB
type and once all the bindings are done we can talk with the CNG team for support on all the pieces that are missing, listed in #4. On the other hand, .NET runtime uses it.