Is there a way to generate a private key using CryptoAPI and running it?

Question

Is there a way to generate a private key using CryptoAPI and running it?

We need to create a private key that is exposed from 2 plaintext keys. The 2 plaintext keys are maintained by different managers. This should satisfy the dual-key key requirements we have. We can combine two keys into one seed. However, after reading the Microsoft CryptoAPI documentation, all key generations are completely random and do not yield a seed. It's true? If so, can you suggest an alternative solution for generating this key?

Note. The key will be stored in the key container and marked as non-exportable.

+1

cryptography cryptoapi

MrB 20 nov. 08:15 PM

source to share

1 answer

Nick johnson · Accepted Answer · 2008-11-21T08:28:01+0000

Why not do it the other way around? Create a private key and then split it into two key shares, with each manager only having one. For a simple 2-out-of-2 scheme, all you have to do is create a block of random (truly random, not pseudo-random) key-sized data, xor with its generated key and give one manager the random data and the other manager the encrypted key ...

Then, when you need to use the key, both managers provide their data and restore it, deleting it when you're done.

Is there a way to generate a private key using CryptoAPI and running it?

More articles: