Export Public/Private Key Pairs

Introduction | Quick References | How Do I ... Topics | Built-in Tools | Scripting and Programming

There are two types of cryptographic keys: session keys and public/private key pairs. Session keys are used primarily for data encryption/decryption and are used with symmetric encryption algorithms. A public/private key pair is composed of two components: the public key and the private key. The public key is made available (via an Internet server, e-mail, or some other means) to whomever needs or wants it, while the private key, on the other hand, is kept secret. Only the owner of the key pair is allowed to possess the private key.

Each user generally has two public/private key pairs. One key pair is used to encrypt session keys and the other to create digital signatures. These are known as the key exchange key pair and the signature key pair, respectively.

There are some situations where you must export keys from the secure environment of the cryptographic service provider (CSP) and into your application's data space. Keys that have been exported are stored in encrypted data structures known as key blobs.

Key blobs are created by exporting an existing key out of the provider. Later, the key blob can be imported into a provider (often a different CSP on a different computer). This will create a key in the CSP that is a duplicate of the one that was exported. In this way, key blobs are used as the medium for securely transferring keys from one CSP to another.

Simple Key Blobs: A simple key blob is a session key encrypted with the key exchange public key of the destination user. This key blob type is used when storing a session key or transmitting a session key to another user.
Public Key Blobs: A public key blob contains the public key portion of a public/private key pair. These are not encrypted.
Private Key Blobs: A private key blob contains one complete public/private key pair. These blobs are typically kept encrypted with a session key.

To export a public/private key pair, a derived key can be used instead of storing a random session key blob. Derived session keys are created with a Base Message (password). In this way, to import the public/private key pair into another provider, a derived key can be created with the same password. For the purpose, the Hpmbcalc supplies the dialog to export key pairs from your CSPs and save the Key blobs to files. As the private key is extremely confidential and its stored key blob is totally dependent on the strength of your password, it is recommended that you use the function only for the purpose of testing.

To present the dialog

Choose Key Container Manager... item From the Tools menu to present the Key Container Manager dialog.
Within the Key Container Manager dialog, select the key container you want to export key pairs. Then, click Export Exchange Keys or Export Signature Keys to present the dialog.

To view command options

RC2 block cipher: Select it to specify using the RC2 block cipher algorithm to generates session key.

RC4 stream cipher: Select it to specify using the RC4 stream cipher algorithm to generates session key.

Base Message: Provides a space for you to feed the base message to derive the session key. All keys generated from the same base message will be identical, provided the same CSP and algorithms are used.

Folder: Shows the folder for saving key blobs.

Browse Folder: Browse a folder to save key blobs.

Public Key File: Provides a space for you to specify the public-blob file name. A public key blob is not encrypted.

Private Key File: Provides a space for you to specify the private-blob file name. The private key blob is kept encrypted with the session key derive from your Base Message.

Session Data MD5: Provides a space for you to specify the session-data file name. The session-data is a MD5 message digest created from your Base Message. The session key used to encrypt the private key blob is generated from the message digest.

Export: Export the key exchange or the signature public/private key pair.