How to import private key in PEM format using WinCrypt and C++?

nikloskoda picture nikloskoda · Dec 7, 2011 · Viewed 9.6k times · Source

I'm trying to use the WinCrypt API in C++.

My application need to cipher, decipher, sign and verify files, and I know how to do that once I have the correct keys. But my problem is actually that that is NOT the same application which generates those keys.

What I have is public and private keys in files in PEM format :

-----BEGIN RSA PRIVATE KEY-----
[Base64 encoded]
-----END RSA PRIVATE KEY-----

And :

-----BEGIN RSA PUBLIC KEY-----
[Base64 encoded]
-----END RSA PUBLIC KEY-----

After some research, I have found how to import the public key : here and here, using the following methods :

  • CreateFile & ReadFile to read the file content
  • CryptStringToBinary, with CRYPT_STRING_BASE64HEADER to convert from PEM format to DER format (remove header and footer and decode from base64)
  • CryptDecodeObjectEx with X509_PUBLIC_KEY_INFO
  • CryptImportPublicKeyInfo, to import the key

But now, my problem is to do the same thing whith the private key. Any help would be really really appreciated :) Thank you.

Answer

Mounir IDRASSI picture Mounir IDRASSI · May 31, 2012

A PEM private key can be imported into CAPI by using CryptDecodeObjectEx with PKCS_RSA_PRIVATE_KEY and then calling CryptImportKey.

I have written a sample that shows how to use a PEM encoded RSA private key for signing data using CAPI. Here is a link to it : http://www.idrix.fr/Root/Samples/capi_pem.cpp

I hope this will help.