Skip to content

Use correct CNG-key value for 'dwKeySpec' when setting key provider info#1062

Merged
hslatman merged 2 commits into
masterfrom
josh/capi-fix-dwkeyspec
Jun 24, 2026
Merged

Use correct CNG-key value for 'dwKeySpec' when setting key provider info#1062
hslatman merged 2 commits into
masterfrom
josh/capi-fix-dwkeyspec

Conversation

@joshdrake

@joshdrake joshdrake commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

When the dwProvType member is 0 (which is the case for CNG keys), this value is passed as the dwLegacyKeySpec parameter to the NCryptOpenKey function. The correct dwLegacyKeySpec value for non-legacy CNG keys is 0.

https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_key_prov_info

💔Thank you!

@CLAassistant

CLAassistant commented Jun 24, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

darkfronza
darkfronza previously approved these changes Jun 24, 2026
View reviewed changes
hslatman
hslatman previously approved these changes Jun 24, 2026
View reviewed changes
hslatman
hslatman reviewed Jun 24, 2026
View reviewed changes
Comment thread kms/capi/capi.go
flags |= CRYPT_MACHINE_KEYSET
}
if err := setCertificateKeyProvInfo(certContext, u.keyContainerName, u.providerName, flags, ncryptKeySpec); err != nil {
if err := setCertificateKeyProvInfo(certContext, u.keyContainerName, u.providerName, flags, LEGACY_KEY_SPEC_NONE); err != nil {

@hslatman hslatman Jun 24, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor, but the comment on setCertificateKeyProvInfo refers to CERT_NCRYPT_KEY_SPEC. That could be updated to refer to LEGACY_KEY_SPEC_NONE.

@joshdrake joshdrake Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

520ec32

@joshdrake joshdrake dismissed stale reviews from hslatman and darkfronza via 520ec32 June 24, 2026 16:02
@joshdrake joshdrake requested a review from hslatman June 24, 2026 16:04
@hslatman hslatman merged commit fd2c8a0 into master Jun 24, 2026
11 checks passed
@hslatman hslatman deleted the josh/capi-fix-dwkeyspec branch June 24, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hslatman hslatman hslatman approved these changes
@darkfronza darkfronza darkfronza left review comments

Assignees

No one assigned

Labels

needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@joshdrake @CLAassistant @darkfronza @hslatman @step-ci