Thanks for the reply. I've read the various MSDN documents concerning this, and I don't really see anything helpful. The support guy at Microsoft seems clueless and I'm still waiting to hear back from him. So putting aside how to do the conversions, is there no standard format that most crypto libs use? I've written apps with RSA BSAFE Crypto-C ME, and Certicom libraries and they all can do a DH key exchange with each other and OpenSSL nicely; it's just CAPI that is the problem. I'd rather like to avoid having to convert to MS's stupid format since they seem to be the one not playing nice with everyone else and because the client can be either a CAPI client, or OpenSSL client, and I think it would be ugly to have to send additional info indicating the crypto lib being used and then have a special case in the server to handle different libs differently.
At the risk of asking too much, could you point me to where I can find more info on converting to and from the two formats used by OpenSSL and CAPI? The only thing I've seen on MSDN talks about the BLOB headers and stuff. That's all fine, I've figured all that out. And I'm left with the modulus (excuse me if the terminology is wrong) which I believe is what is being exchanged. Then converting from big to little endian or vice versa still doesn't work. Excuse me if I'm sounding a little desperate, but I am. I've scoured the MSDN docs. I've searched thru the OpenSSL mail archives, and I can't seem to find anything that helps, but this is obviously something that people have done. I tried making an https connection using WinInet to my OpenSSL server to see if I can debug the DH key exchange, but seems like it is doing RSA instead. If I disable RSA, the SSL handshake seems to fail, I think because the client won't do a DH key exchange. So I'm pretty much F'd at this point as to what to do next. Thanks, Ed -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Saturday, January 13, 2007 11:05 AM To: openssl-users@openssl.org Subject: Re: Doing a DH key exchange between OpenSSL and MS CryptoAPI On Sat, Jan 13, 2007, Edward Chan wrote: > I do call the OpenSSL DH crypto API's in my openssl client. But in my > Microsoft CryptoAPI client, the way they show you how to do a DH key > exchange seems like it only works between two MS CryptoAPI end points. > CAPI to CAPI works. OpenSSL to OpenSSL works. I just can't get OpenSSL > to CAPI to work. And I believe it has something to do with the > Microsoft formatting of their keys when exported. So I was wondering if > anybody here has had to develop an app that needs to interoperate with a > CAPI client/server. > > I've done some CAPI/OpenSSL interop. It is just a case of reading the relevant documents and converting between the key formats. CryptoAPI generally uses little endian format while OpenSSL uses BIGNUMs which can be converted to big endian format and from that to little endian. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
