Generating and Retrieving DSS Keys
DSS Keys may be generated with a call to CryptGenKey. The call to CryptGenKey requires either AT_SIGNATURE or CALG_DSS_SIGN be passed in the Algid argument. This call will generate the P (prime modulus), Q (prime), G (generator), X (secret exponent) and Y (public key) values from scratch and persist them in a key blob to local storage. The steps necessary for this are shown in the following procedure.
To generate a DSS signature key pair
-
Call CryptAcquireContext to get a pointer to the Microsoft DSS Cryptographic Provider.
-
Call CryptGenKey to generate the keys. Either AT_SIGNATURE or CALG_DSS_SIGN must be passed in for the Algid argument and the upper 16 bits of the dwFlags argument must be set to the desired key size. If the upper 16 bits are zero, then the default key size of 1,024 bits will be used. A HCRYPTKEY handle is returned in the hKey argument.
To retrieve a pointer to previously generated signature keys
-
Call CryptAcquireContext to get a pointer to the Microsoft DSS Cryptographic Provider.
-
Call CryptGetUserKey, with the dwKeySpec argument set to either AT_SIGNATURE or CALG_DSS_SIGN.
To retrieve the P,Q, and G values
-
Call CryptAcquireContext to get a pointer to the Microsoft DSS Cryptographic Provider.
-
Call CryptGetUserKey, with the dwKeySpec argument set to either AT_SIGNATURE or CALG_DSS_SIGN.
-
Call CryptGetKeyParam with the hKey argument set to the pointer retrieved in the previous step. The dwParam argument must be set to the desired flag; KP_P, KP_Q, or KP_G. The value is returned in the pbData argument and the length of the data is returned in the pcbData argument. The value is returned with no header information and in little-endian format.