Analysis of Key Storage Mechanism of Asymmetric Key-Related Functions in CNG Crypto Library

Abstract

During the implementation of a crypto system, distributed cryptographic libraries are unable to endure situations where the execution environment rapidly changes because of a structural vulnerability that is by design. For this reason, Microsoft announced a CNG library to solve this problem; however, the CNG does not comprise verification tools regarding the execution results for developers, users, or experts to assess the crypto system. In addition, the CNG design means that it is difficult to ensure that the encryption or decryption keys can be found in real-time processing because almost all cryptographic functions are processed by handles. This paper analyzes the way that key information is found to assure the security of the implemented products or to debug them in the development process. For this reason, we analyze the key storage mechanism of asymmetric-key-related functions in the CNG library. This study provides more convenient ways to identify key-related information, such as debugging and evaluation, when a crypto system is implemented using the CNG library.