How to Export Private Key For ECDiffieHellmanCng

Kevin Junghans Published at Dev

Kevin Junghans

I am trying to export the keys from a new instance of a ECDiffieHellmanCng object so I can create an instance of it later with the same keys. But I am getting an error when trying to export it.

//Create new ECDiffieHellmanCng which automatically creates new keys
var ecdh = new ECDiffieHellmanCng();
//Export the keys
var privateKey = ecdh.Key.Export(CngKeyBlobFormat.EccPrivateBlob);

I am getting a CryptographicException when I call the Export method with the message "The requested operation is not supported." After putting some breakpoints in the code it looks like it is throwing the exception before even executing the method. Looking at the definition of the Export method it is adorned with a SecuritySafeCriticalAttribute so I am suspicious that this attribute is actually throwing the exception. What is causing this exception? How can I save the keys so I can create an instance of the same ECDiffieHellmanCng object at a later time?

vcsjones

By default, keys aren't exportable - they are securely stored in the KSP. When creating the key, it needs to be marked allowed for export. Example:

var ecdh = new ECDiffieHellmanCng(CngKey.Create(CngAlgorithm.ECDiffieHellmanP256, null, new CngKeyCreationParameters {ExportPolicy = CngExportPolicies.AllowPlaintextExport}));
//Export the keys
var privateKey = ecdh.Key.Export(CngKeyBlobFormat.EccPrivateBlob);

To make this simpler, we can just export it from the CngKey directly and not use the algorithm if all you want to do is create a new key and export the private key.

var cngKey = CngKey.Create(CngAlgorithm.ECDiffieHellmanP256, null, new CngKeyCreationParameters {ExportPolicy = CngExportPolicies.AllowPlaintextExport});
var privateKey = cngKey.Export(CngKeyBlobFormat.EccPrivateBlob);

You can re-create the CngKey from the exported blob by using CngKey.Import(yourBlob, CngKeyBlobFormat.EccPrivateBlob) and passing that to the constructor of ECDiffieHellmanCng.

SecuritySafeCriticalAttribute is part of the .NET Security Transparency model. It is not the source of your errors.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2021-02-4

Comments

0 comments

From Dev

Related Related

Article

How to Export Private Key For ECDiffieHellmanCng

How to Export Private Key For ECDiffieHellmanCng

How to export a GPG private key and public key to a file

How to export Certificate and private key as a single file using java code?

How to convert a private key to an RSA private key?

How do I export a single private key from the command line in OSX?

How can I export a (PKCS#8?) private key in Putty or Puttygen readable format?

How to rsync with a private key?

Export Token Signing certificate private key from ADFS

How to retrieve passphrase for private key?

How to find Private Key Location

How to retrieve passphrase for private key?

How to encrypt a file with private key

How to install ssh private key?

How to convert String to Private key?

ECC key pair - how to print private key?

How to store private key in Key Container?

How to export symmetric encryption key?

How to export symmetric encryption key?

Use PHP to generate a public/private key pair and export public key as a .der encoded string

How to obtain private RSA key(private) as byte array in pgp file?

How to obtain private RSA key(private) as byte array in pgp file?

How to encrypt data with RSA private key in python?

How to store ECDSA private key in Go

How to calculate the coefficient of a rsa private key?

php openssl: how to match the private key with the certificate

How to enter private key password with ansible

How to generate certificate if private key is in HSM?

JSch how to use with PuTTY private key

How to use encrypted RSA private key with PyCrypto?

How to load a private key from a JWK into openSSL?