Problems with the Crypt functions.

I am trying to encrypt small strings of data. I am trying to use the Crypt functions. I think the sequence that I use this functions is as follows -

Encryption
1/ CryptAcquireContext
2/ CryptGenKey
3/ CryptCreateHash
4/CryptHashData
5/ CryptEncrypt

Question 1/ Should ever one of these items be destroyed.
Question 2/ Is there a way that I can not use the Hash key, as it is not all that necessary. The Hash key is the digital signature??
Decryption
1/ call the CryptDecrypt function.

Question3 - How do you use the same key for the decryption as the encryption. When the application has being exited, and entered at a different date. Is the "cryptographic key from a key blob " involved.

N. B Question 4 - When I try to use the CryptAcquireContext function, there is a big problem. I used the code
#include <wincrypt.h>

      HCRYPTPROV hProv = 0;
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))
AfxMessageBox("ERROR");

I get the error message, i.e. the context is not being created.
I am using Visual C++ version 5 professional edition.
 The operating system that I am using is Windows 95 on a Fujitsu machine. In the help files, it says that this function applies to windows 95 OSR2, seen as I am using win95 with fujitsu hardware, it should satisfy this requirment.
 In the wincrypt.h there is a #if statement who*s braces enclose the entire page of code -
#if(_WIN32_WINNT >= 0x0400)
If the OS is NT v4, or greater, the expression evaluates to false. By commenting out this line, the page of code is executed, i.e. the       HCRYPTPROV hProv = 0 declaration is recognized, It wasn*t before the #if was commented out.
I also tried the same thing on an NT machine that was version 4, and it didn*t work either. So what am I doing wrong, or is it possible to use these function at all in the environment that I using them.

Question 5 - Is there another way of doing encryption in VC. The level of encryption that I require is quite low.
martythegreatAsked:
Who is Participating?
 
rsongcoConnect With a Mentor Commented:
1. When you're done with your encryption and decryption tasks you should do some cleanup by destroying all the keys you have created and releasing the cryptographic context handle.  To destroy a key, use the function CryptDestroyKey(hKey).  To release the context handle, call CryptReleaseContext(hProv, 0).

2.  If you have no need for authentication, then you don't have to use a hash key and the hashing functions.

3. I would infer that you want to use a session key for this.  You need to export the session key into a key blob so that you can store it as ASCII characters (in a file, for example).  Then when you need the key again, read the key blob and extract the session key from it.  

To export the session key:
if RCRYPT_FAILED(CryptExportKey(hSesKey,
     hXchgKey, SIMPLEBLOB, 0, pBuffer, pdwBufferSize))
          AfxMessageBox("Error");

You need to pass a public key as one of the parameters (hXchgKey) in order to protect the session key that you're trying to extract.  pBuffer now contains the key blob representing your session key.  You can save this for later use.

Side note: to retrieve/create your public key,
if (RCRYPT_FAILED(CryptGetUserKey(hProv,
     AT_KEYEXCHANGE, &hXchgKey)))
          if (RCRYPT_FAILED(CryptGenKey(hProv, CALG_RSA_KEYX,                               CRYPT_EXPORTABLE, &hXchgKey)))
                    AfxMessageBox("Error");

The first function attempts to retrieve the public/private key pair from your system.  It fails if you have no key set.  You then create a new pair of keys.

To retrieve the session key:
if RCRYPT_FAILED(CryptImportKey(hProv, pBuffer, dwSize, NULL, 0, &hSesKey))
     AfxMessageBox("Error");

Here, your personal public key will be used to decrypt and retrieve the session key.  The public key associated with your account is permanent in your system unless you deliberately create a new one.

4. Use RCRYPT_FAILED instead of checking the value yourself.  Write it as follows:

if (RCRYPT_FAILED(CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))
// then if this crypt function fails, it means that there is as yet no existing key container  
// associated with your user account; so you create one
{
     if (RCRYPT_FAILED(CryptAcquireContext(&m_hProv, NULL, NULL,
          PROV_RSA_FULL, CRYPT_NEWKEYSET)))
               AfxMessageBox("ERROR");
}

5. To get around the preprocessor definition limiting the usage of CryptoAPI to NT4 machines or later, include the following in your source code:

#define _WIN32_WINNT      0x400


0
 
thresher_sharkCommented:
Question 5 - You could always write your own encryption/decryption scheme.  It would probably provide and interesting challenge if you have nothing else to do :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.