Crypto Key Generate Rsa Modulus 1024 Error Average ratng: 3,7/5 8556 reviews
  1. I did a little research and found out that if I removed the rsa key by using this command ' crypto key zeroize rsa' and then added the 'crypto key generate rsa generate-keys modulus 1024, then that would work. Any thoughts? No service pad. No service password-encryption. Hostname Sales-SW-ACC2. Ip domain name my.company.come.
  2. What exactly does 'crypto key generate rsa' do? Such that P.Q results in a number that matches the desired RSA Key size (512 bits, 1024 bits, 2048 bits, etc).
An example of asymmetric encryption in python using a public/private keypair - utilizes RSA from PyCrypto library

Microsoft has released a Microsoft security advisory for IT professionals. This advisory announces that the use of RSA certificates that have keys that are less than 1024 bits long will be blocked. To view the security advisory, go to the following Microsoft website. Why can't run crypto key generate rsa The 3548 was end of sales in July 2002 ( reference ). They do not support ssh (only telnet for vty access) and thus do not have the capability to generate an RSA key.

RSA_example.py
# Inspired from http://coding4streetcred.com/blog/post/Asymmetric-Encryption-Revisited-(in-PyCrypto)
# PyCrypto docs available at https://www.dlitz.net/software/pycrypto/api/2.6/
fromCryptoimportRandom
fromCrypto.PublicKeyimportRSA
importbase64
defgenerate_keys():
# RSA modulus length must be a multiple of 256 and >= 1024
modulus_length=256*4# use larger value in production
privatekey=RSA.generate(modulus_length, Random.new().read)
publickey=privatekey.publickey()
returnprivatekey, publickey
defencrypt_message(a_message , publickey):
encrypted_msg=publickey.encrypt(a_message, 32)[0]
encoded_encrypted_msg=base64.b64encode(encrypted_msg) # base64 encoded strings are database friendly
returnencoded_encrypted_msg
defdecrypt_message(encoded_encrypted_msg, privatekey):
decoded_encrypted_msg=base64.b64decode(encoded_encrypted_msg)
decoded_decrypted_msg=privatekey.decrypt(decoded_encrypted_msg)
returndecoded_decrypted_msg
########## BEGIN ##########
a_message='The quick brown fox jumped over the lazy dog'
privatekey , publickey=generate_keys()
encrypted_msg=encrypt_message(a_message , publickey)
decrypted_msg=decrypt_message(encrypted_msg, privatekey)
print'%s - (%d)'% (privatekey.exportKey() , len(privatekey.exportKey()))
print'%s - (%d)'% (publickey.exportKey() , len(publickey.exportKey()))
print' Original content: %s - (%d)'% (a_message, len(a_message))
print'Encrypted message: %s - (%d)'% (encrypted_msg, len(encrypted_msg))
print'Decrypted message: %s - (%d)'% (decrypted_msg, len(decrypted_msg))

commented Aug 11, 2018

I ran this code but got an error. It is python 3.7 running the latest PyCryptodome
Would you mind helping? I am a little lost..

File 'C:(the file location and name but i'm not going to list it).py', line 29
print '%s - (%d)' % (privatekey.exportKey() , len(privatekey.exportKey()))
^
SyntaxError: invalid syntax

commented Aug 15, 2018

@maxharrison These print statements indicate it was written for python 2. It could be easily fixable by making use of the print function instead of the print statement., however, no guarantees.

commented Aug 31, 2018

I am trying to learn this stuff. When I run this, I get the following error.
return (self.key._encrypt(c),) TypeError: argument 1 must be int, not str
I googled and found a bit on b64encode to be imported or encrypt(hash_pass, 32)[0] to include .encode('hex') but to no avail. Can you help?

commented Sep 18, 2018
edited

Hi @anoopsaxena76,

Just change the encryption line as this:
encrypted_msg = encrypt_message(a_message.encode('utf-8'), publickey)

I just did it myself, it works like a charm

commented Aug 28, 2019

I ran this code but got an error. It is python 3.7 running the latest PyCryptodome

Hey, I'm trying to run this code on Python 3.7 too. What did you change apart from that print statement to adapt the code to Pycrytodome?
I get the error:

File 'C:/Users/..(don't want to show this bit)/Gavcoin3.py', line 15, in
from crypto.Hash import SHA
File 'C:Users(don't want to show this bit)AppDataLocalProgramsPythonPython37libsite-packagescryptoHashSHA.py', line 24, in
from Crypto.Hash.SHA1 import doc, new, block_size, digest_size
ModuleNotFoundError: No module named 'Crypto'

Please help!

commented Sep 13, 2019

Crypto Key Generate Rsa Modulus 1024 Error Code

Hi @GavinAren,

I hope you've already solved your issue but if not:
Look in your python directory for /Lib/site-packages/crypto and change it to Crypto. (Capital C)

commented Oct 2, 2019

I ran this code but got an error. It is python 3.7 running the latest PyCryptodome

Hey, I'm trying to run this code on Python 3.7 too. What did you change apart from that print statement to adapt the code to Pycrytodome?
I get the error:

File 'C:/Users/..(don't want to show this bit)/Gavcoin3.py', line 15, in
from crypto.Hash import SHA
File 'C:Users(don't want to show this bit)AppDataLocalProgramsPythonPython37libsite-packagescryptoHashSHA.py', line 24, in
from Crypto.Hash.SHA1 import doc, new, block_size, digest_size
ModuleNotFoundError: No module named 'Crypto'

Private KeyOn EC ecp256k1, any number between 1 to 2^256-1 is a valid private key. Generate eth address from private key. A good library generate a private key with taking sufficient randomness into account. There are standard libraries to generate Ethereum key pair in much safer way. In this article, just for demonstration, I will use elliptical curve to perform elliptical curve operations. Eliptical curve (EC) is intense mathematics, and there are a lot of great articles on internet covering deep details of elliptical curve.

Please help!

PyCrypto is written and tested using Python version 2.1 through 3.3. Python
1.5.2 is not supported. My POC resolves that pycrypto is obsoleted in python3.7. Pycryptodome is working alternative of it, but unfortunately it doesn't support plain RSA cryptography.

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
-->
Important This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases.
The CryptGenKey function generates a random cryptographic session key or a public/private key pair. A handle to the key or key pair is returned in phKey. This handle can then be used as needed with any CryptoAPI function that requires a key handle.

The calling application must specify the algorithm when calling this function. Because this algorithm type is kept bundled with the key, the application does not need to specify the algorithm later when the actual cryptographic operations are performed.

Syntax

Parameters

hProv

A handle to a cryptographic service provider (CSP) created by a call toCryptAcquireContext.

Rsa

Algid

AnALG_ID value that identifies the algorithm for which the key is to be generated. Values for this parameter vary depending on the CSP used.

For ALG_ID values to use with the Microsoft Base Cryptographic Provider, seeBase Provider Algorithms.

For ALG_ID values to use with the Microsoft Strong Cryptographic Provider or the Microsoft Enhanced Cryptographic Provider, seeEnhanced Provider Algorithms.

For a Diffie-Hellman CSP, use one of the following values.

ValueMeaning
CALG_DH_EPHEM
Specifies an 'Ephemeral' Diffie-Hellman key.
CALG_DH_SF
Specifies a 'Store and Forward' Diffie-Hellman key.

In addition to generating session keys for symmetric algorithms, this function can also generate public/private key pairs. Each CryptoAPI client generally possesses two public/private key pairs. To generate one of these key pairs, set the Algid parameter to one of the following values.

ValueMeaning
AT_KEYEXCHANGE
Key exchange
AT_SIGNATURE
Digital signature
Note When key specifications AT_KEYEXCHANGE and AT_SIGNATURE are specified, the algorithm identifiers that are used to generate the key depend on the provider used. As a result, for these key specifications, the values returned from CryptGetKeyParam (when the KP_ALGID parameter is specified) depend on the provider used. To determine which algorithm identifier is used by the different providers for the key specs AT_KEYEXCHANGE and AT_SIGNATURE, see ALG_ID.

dwFlags

Specifies the type of key generated. The sizes of a session key, RSA signature key, and RSA key exchange keys can be set when the key is generated. The key size, representing the length of the key modulus in bits, is set with the upper 16 bits of this parameter. Thus, if a 2,048-bit RSA signature key is to be generated, the value 0x08000000 is combined with any other dwFlags predefined value with a bitwise-OR operation. The upper 16 bits of 0x08000000 is 0x0800, or decimal 2,048. The RSA1024BIT_KEY value can be used to specify a 1024-bit RSA key.

Due to changing export control restrictions, the default CSP and default key length may change between operating system versions. It is important that both the encryption and decryption use the same CSP and that the key length be explicitly set using the dwFlags parameter to ensure interoperability on different operating system platforms.

In particular, the default RSA Full Cryptographic Service Provider is the Microsoft RSA Strong Cryptographic Provider. The default DSS Signature Diffie-Hellman Cryptographic Service Provider is the Microsoft Enhanced DSS Diffie-Hellman Cryptographic Provider. Each of these CSPs has a default 128-bit symmetric key length for RC2 and RC4 and a 1,024-bit default key length for public key algorithms.

If the upper 16 bits is zero, the default key size is generated. If a key larger than the maximum or smaller than the minimum is specified, the call fails with the ERROR_INVALID_PARAMETER code.

The following table lists minimum, default, and maximum signature and exchange key lengths beginning with Windows XP.

Key type and providerMinimum lengthDefault lengthMaximum length
RSA Base Provider

Signature and ExchangeKeys

38451216,384
RSA Strong and Enhanced Providers

Signature and Exchange Keys

3841,02416,384
DSS Base Providers

Signature Keys

5121,0241,024
DSS Base Providers

Exchange Keys

Not applicableNot applicableNot applicable
DSS/DH Base Providers

Signature Keys

5121,0241,024
DSS/DH Base Providers

Exchange Keys

5125121,024
DSS/DH Enhanced Providers

Signature Keys

5121,0241,024
DSS/DH Enhanced Providers

Exchange Keys

5121,0244,096

For session key lengths, see CryptDeriveKey.

For more information about keys generated using Microsoft providers, seeMicrosoft Cryptographic Service Providers.

The lower 16-bits of this parameter can be zero or a combination of one or more of the following values.

ValueMeaning
CRYPT_ARCHIVABLE
If this flag is set, the key can be exported until its handle is closed by a call to CryptDestroyKey. This allows newly generated keys to be exported upon creation for archiving or key recovery. After the handle is closed, the key is no longer exportable.
CRYPT_CREATE_IV
This flag is not used.
CRYPT_CREATE_SALT
If this flag is set, then the key is assigned a random salt value automatically. You can retrieve this salt value by using the CryptGetKeyParam function with the dwParam parameter set to KP_SALT.

If this flag is not set, then the key is given a salt value of zero.

When keys with nonzero salt values are exported (throughCryptExportKey), then the salt value must also be obtained and kept with the key BLOB.

CRYPT_DATA_KEY
This flag is not used.
CRYPT_EXPORTABLE
If this flag is set, then the key can be transferred out of the CSP into a key BLOB by using the CryptExportKey function. Because session keys generally must be exportable, this flag should usually be set when they are created.

If this flag is not set, then the key is not exportable. For a session key, this means that the key is available only within the current session and only the application that created it will be able to use it. For a public/private key pair, this means that the private key cannot be transported or backed up.

This flag applies only to session key and private key BLOBs. It does not apply to public keys, which are always exportable.

CRYPT_FORCE_KEY_PROTECTION_HIGH
This flag specifies strong key protection. When this flag is set, the user is prompted to enter a password for the key when the key is created. The user will be prompted to enter the password whenever this key is used.

This flag is only used by the CSPs that are provided by Microsoft. Third party CSPs will define their own behavior for strong key protection.

Specifying this flag causes the same result as calling this function with the CRYPT_USER_PROTECTED flag when strong key protection is specified in the system registry.

If this flag is specified and the provider handle in the hProv parameter was created by using the CRYPT_VERIFYCONTEXT or CRYPT_SILENT flag, this function will set the last error to NTE_SILENT_CONTEXT and return zero.

Windows Server 2003 and Windows XP: This flag is not supported.

CRYPT_KEK
This flag is not used.
CRYPT_INITIATOR
This flag is not used.
CRYPT_NO_SALT
This flag specifies that a no salt value gets allocated for a forty-bit symmetric key. For more information, see Salt Value Functionality.
CRYPT_ONLINE
This flag is not used.
CRYPT_PREGEN
This flag specifies an initial Diffie-Hellman or DSS key generation. This flag is useful only with Diffie-Hellman and DSS CSPs. When used, a default key length will be used unless a key length is specified in the upper 16 bits of the dwFlags parameter. If parameters that involve key lengths are set on a PREGEN Diffie-Hellman or DSS key using CryptSetKeyParam, the key lengths must be compatible with the key length set here.
CRYPT_RECIPIENT
This flag is not used.
CRYPT_SF
This flag is not used.
CRYPT_SGCKEY
This flag is not used.
CRYPT_USER_PROTECTED
If this flag is set, the user is notified through a dialog box or another method when certain actions are attempting to use this key. The precise behavior is specified by the CSP being used. If the provider context was opened with the CRYPT_SILENT flag set, using this flag causes a failure and the last error is set to NTE_SILENT_CONTEXT.
CRYPT_VOLATILE
This flag is not used.

phKey

Address to which the function copies the handle of the newly generated key. When you have finished using the key, delete the handle to the key by calling the CryptDestroyKey function.

Return value

Returns nonzero if successful or zero otherwise.

For extended error information, callGetLastError.

The error codes prefaced by 'NTE' are generated by the particular CSP being used. Some possible error codes are listed in the following table.

Generate rsa key command
Return codeDescription
ERROR_INVALID_HANDLE
One of the parameters specifies a handle that is not valid.
ERROR_INVALID_PARAMETER
One of the parameters contains a value that is not valid. This is most often a pointer that is not valid.
NTE_BAD_ALGID
The Algid parameter specifies an algorithm that this CSP does not support.
NTE_BAD_FLAGS
The dwFlags parameter contains a value that is not valid.
NTE_BAD_UID
The hProv parameter does not contain a valid context handle.
NTE_FAIL
The function failed in some unexpected way.
NTE_SILENT_CONTEXT
The provider could not perform the action because the context was acquired as silent.

Remarks

If keys are generated for symmetricblock ciphers, the key, by default, is set up in cipher block chaining (CBC) mode with an initialization vector of zero. This cipher mode provides a good default method for bulk encrypting data. To change these parameters, use theCryptSetKeyParam function.

To choose an appropriate key length, the following methods are recommended:

  • Enumerate the algorithms that the CSP supports and get maximum and minimum key lengths for each algorithm. To do this, call CryptGetProvParam with PP_ENUMALGS_EX.
  • Use the minimum and maximum lengths to choose an appropriate key length. It is not always advisable to choose the maximum length because this can lead to performance issues.
  • After the desired key length has been chosen, use the upper 16 bits of the dwFlags parameter to specify the key length.

Examples

The following example shows the creation of a random session key. For an example that includes the complete context for this example, see Example C Program: Encrypting a File. For another example that uses this function, see Example C Program: Decrypting a File.

Requirements

Minimum supported clientWindows XP [desktop apps only]
Minimum supported serverWindows Server 2003 [desktop apps only]
Target PlatformWindows
Headerwincrypt.h
LibraryAdvapi32.lib
DLLAdvapi32.dll

Crypto Key Generate Rsa Modulus 1024 Error

See also