Encrypting and Decrypting Simultaneously
When encrypting or decrypting two streams of data simultaneously with the same
cryptographic key, a certain amount of care must be taken. The same physical
session key must not be used for both operations, because every session key
contains internal state information and it will get mixed up if used for more than
one operation at a time. A fairly simple solution to this problem is to make a
copy of the session key. In this way, the original key can be used for one
operation and the copy used for the other.
Copying a session key is done by exporting the key with CryptExportKey
and then using CryptImportKey
to import it back in. When the key is imported, the CSP will give the "new"
key its own section of internal memory, as if it were not related at all to the
The following code fragment shows how a copy of a session key can be obtained.
HCRYPTPROV hProv; // Handle to a CSP.
HCRYPTKEY hKey; // Handle to a session key.
HCRYPTKEY hCopyKey = 0;
HCRYPTKEY hPubKey = 0;
// Get a handle to our own key exchange public key.
CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hPubKey);
// Export the session key into a key blob.
dwBlobLen = 256;
CryptExportKey(hKey, hPubKey, SIMPLEBLOB, 0, pbBlob, &dwBlobLen);
// Import the session key back into the CSP. This is stored separately
// from the original session key.
CryptImportKey(hProv, pbBlob, dwBlobLen, 0, 0, &hCopyKey);
// Use 'hKey' for one set of operations and 'hCopyKey' for the other.
Note that this technique should not be used with stream ciphers, as stream
cipher keys should never be used more than once. Instead, separate transmit and
receive keys should be used.
- Software for developers
Software for Android Developers
- More information resources
Unix Manual Pages
- Databases for Amazon shops developers
Amazon Categories Database
Browse Nodes Database