Windows Vista Security Policy 8
The calling application must specify the algorithm when calling this function.
Because this algorithm type is kept bundled with the key, the application does
not need to specify the algorithm later when the actual cryptographic operations
are performed.
Generation of a DSS key for signatures requires the operator to complete
several steps before a DSS key is generated. CryptGenKey is first called with
CRYPT_PREGEN set in the dwFlags parameter. The operator then sets the P,
Q, and G for the key generation via CryptSetKeyParam, once for each
parameter. The operator calls CryptSetKeyParam with KP_X set as dwParam
to complete the key generation.
Operators have two options while generating Diffie-Hellman keys for key
exchange purposes -- having CryptoAPI generate all new values for G, P, and
X or by using existing values for G and P, and generating a new value for X.
Generating completely new keys requires the operator to call CryptGenKey
passing either CALG_DH_SF or CALG_DH_EPHEM in the Algid parameter.
The key will be generated, using new, random values for G and P, a newly
calculated value for X, and its handle will be returned in the phKey parameter.
The process for generating keys using pre-defined G & P values is more
involved. Refer to http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/security/security/diffie_hellman_keys.asp for detailed directions on key
generation and the key establishment process.
CryptGenRandom
The CryptGenRandom function fills a buffer with random bytes. The random
number generation algorithm is the SHA-1 based RNG from FIPS 186 (FIPS
186-2 DSA random generator). During the function initialization, a seed, to
which SHA-1 is applied to create the output random, is created based on the
collection of all the data listed in the Miscellaneous section. CryptGenRandom
accepts caller supplied data through its in/out pbBuffer parameter. This data is
mixed with the seed
CryptGetKeyParam
The CryptGetKeyParam function retrieves data that governs the operations of a
key.
CryptGetUserKey
The CryptGetUserKey function retrieves a handle of one of a user's
public/private key pairs.