Analysis on the Key Storage Mechanism of the CNG Library
Abstract
Cryptographic libraries usually do not ensure the situation that the execution environment is rapidly and diversely changed because it has structural incompleteness by design. Microsoft announced the CNG library to solve this problem. Nevertheless, the CNG library does not have the verification tools regarding the execution results for developers, users or experts to assess the crypto system implemented using the library. It is essential for those tools to provide a method to verify the encryption and decryption functions with the related keys and it is difficult on CNG to trace the key storage mechanism in realtime, because almost all cryptographic functions are processed by handles. Thus, in this paper, we analyze how to trace the information for the key in the implemented products or when debugging in the development process. Namely, we analyze the key storage mechanism of the CNG library and verify the analyzed results. This study is expected to provide more convenient ways for identifying the key-related information for debugging and evaluation.