逆向一个程序用到了 CryptImportKey CryptEncrypt 进行加密
导入的Key数据为

BYTE key[] = {
        0x08,
        0x02,
        0x00,0x00,
        0x01,0x66,0x00,0x00,
        0x08,0x00,0x00,0x00,
        0x23,0xE2,0x55,0x17,0x92,0x68,0x53,0x32
    };
//上面的数据实际上对应的结构为
struct keyBlob
{
	BLOBHEADER hdr;
	DWORD keySize;
	BYTE bytes[8];
} blob;
typedef struct _PUBLICKEYSTRUC {
        BYTE    bType;
        BYTE    bVersion;
        WORD    reserved;
        ALG_ID  aiKeyAlg;
} BLOBHEADER, PUBLICKEYSTRUC;

根据以上结构, 从 wincrypt.h 头文件中可查得头定义实际为

BYTE key[] = {<br><br>
        0x08,                     //PLAINTEXTKEYBLOB
        0x02,                     //CUR_BLOB_VERSION
        0x00,0x00,<br><br>
        0x01,0x66,0x00,0x00,      //CALG_DES
        0x08,0x00,0x00,0x00,      //Key大小8字节
        0x23,0xE2,0x55,0x17,0x92,0x68,0x53,0x32  //Key
    };

转载请注明转自: 听风 , 本文固定链接: WinCrypt & CryptImportKey KeyBlob分析