### Author Topic: RSA CryptoImportKey  (Read 98 times)

#### drunkenmyno

• Regular Member
• Posts: 6
##### RSA CryptoImportKey
« on: January 08, 2020, 03:44:31 AM »
Hello Guys,

im trying to find out why my ImportKey function is not working i have a 1024 bit RSA key which is defined in rawBytes (RSA Private Key Blob)
i can see in debugger the right Format, i used the same on C++.

the CryptImportKey function returns in ASM false not true :(

Does anyone have a clue why?

In C++ i used the same way and the CryptImportKey returns a true

Code: [Select]
`Signing proto :DWORDHMAC             PROTO :DWORD,:DWORD,:DWORDHCRYPTPROV  TYPEDEF     DWORDHCRYPTKEY   TYPEDEF     DWORDHCRYPTHASH  TYPEDEF     DWORDincludelib \masm32\lib\advapi32.lib.data szDescription db "None",0 rawBytes dd 519, 9216, 843141970, 1024, 65537, 4019681269, 766412654, 1148339671, 3866187518 dd 2208827980, 3725094966, 3328195280, 279753705, 1185242044, 441431080, 338919816 dd 1189069500, 3421272584, 995117820, 2761590050, 1478749359, 3054043772, 1852434794 dd 1511026794, 60665850, 431488057, 1761925545, 2464878382,  17292288, 2464055766, 1391480318, 2432119691, 1276130207, 3342049767 dd 1199483438, 2706136194, 3158609378, 3648997927, 4289748319, 2112254099, 809163591, 2598171490, 2651196471, 1462967614, 999864054 dd 1701406992, 1042879468, 807054280, 2904857369, 82545403, 3487195402, 107665225, 4177176679, 3847817859, 2183183874, 65420134 dd 2263642747, 2457559605, 4150499079, 671441804, 2504352067, 513073965, 1722800881, 2340340157, 2113849822, 2630967230, 3143460073 dd 2443071714, 3247677803, 1600584253, 3194871878, 2464094644, 2526144991, 2620415525, 1295086982, 1794169127, 1249383001, 2120846881 dd 3727398376, 924069329, 2266696090, 4168236888, 3520046464, 146217402, 1960698674, 915096797, 7678332, 1434769760, 2996754898, 174259423 dd 2702328646, 1678846420, 1282527839, 1509313856, 4099963353, 3706094432, 1652060894 , 3799400480, 874534381, 1206300033, 823701122 dd 725569641, 3764666093, 4184631630, 2752519214, 2207957691, 1627685453, 3034486924, 926995118, 371308652, 3385529976, 2233341141, 4212945849 dd 766579896, 3918000119, 3525927196, 356385526, 3116687861, 838868864, 803251139, 2445458860, 304498296, 3419667450, 303472893 , 2575597453 dd 463342028, 890561905, 3269636090, 3994423602, 2233446350, 197291754, 2839409835, 4008012529, 1185794166, 951204057, 1400606485, 4191412566 dd 1446368551, 1227923537,  2716609714, 1124550373, 1374757809, 2526754295, 1879931556, 2880040433, 3107470658, 78399183,  826386004, 2855457678 .data?       .codeSigning proc hWin:DWORD LOCAL hProv:HCRYPTPROV LOCAL hHash:HCRYPTHASH LOCAL hKey:HCRYPTKEY  lea eax, hProv  invoke CryptAcquireContext, addr hProv, offset szDescription, NULL,PROV_RSA_FULL,CRYPT_DELETEKEYSET  invoke CryptAcquireContext, addr hProv, offset szDescription, NULL,PROV_RSA_FULL,0  invoke CryptAcquireContext, addr hProv, offset szDescription, NULL,PROV_RSA_FULL,CRYPT_NEWKEYSET  invoke CryptAcquireContext, addr hProv, offset szDescription, NULL,PROV_RSA_FULL,0 invoke CryptImportKey, addr hProv, addr rawBytes, 596,  0 , CRYPT_EXPORTABLE,  addr hKey         Ret Signing endp`

#### AW

• Member
• Posts: 2508
• Let's Make ASM Great Again!
##### Re: RSA CryptoImportKey
« Reply #1 on: January 08, 2020, 04:44:06 AM »
If it works in C++ and does not work in MASM is because you are not doing a proper conversion.
Use GetLastError to help you in the debug process. I am sure you will find the problem in 5 minutes (or less).

#### drunkenmyno

• Regular Member
• Posts: 6
##### Re: RSA CryptoImportKey
« Reply #2 on: January 08, 2020, 06:47:46 AM »
You are right it has somrthing todo with the conversion.. But i dont know why gestlasterror gives me 0x57 as

In debugger i See it correct and the size of 0x254 bytes But the cryptimportkey reads the privateKey blob wrong then

#### AW

• Member
• Posts: 2508
• Let's Make ASM Great Again!
##### Re: RSA CryptoImportKey
« Reply #3 on: January 08, 2020, 05:00:14 PM »
.. But i dont know why gestlasterror gives me 0x57 as
Good finding.
Now, you may suspect that the CryptImportKey declaration does not correspond to the one you are using.