SSPI encryption/decryption problem
Posted on 2002-07-10
I have a client/server system that uses the Windows SSPI interface to authenticate NT user accounts and allow encrypted data to be passed across the network (via NTLM / Kerberos). It all works fine but there is a problem with the encrypted data transfer.
If a encrypt a message on the client side and then decrypt it on the server everything is ok. If I encrypt the data on the client side, then encrypt another message on the server side and try to decrypt the original message, I get SEC_E_MESSAGE_ALTERED returned from both DecryptMessage calls. Obviously it doesn't like the fact that the message Encrypt / Decrypt sequence is not in order, but I need to send encrypted messages in both directions at any time.
I have tried removing the ISC_REQ_SEQUENCE_DETECT and ISC_REQ_REPLAY_DETECT flags in InitializeSecurityContext but this has no effect. I've also tried jst about everything else I can think of.
Happens under NT4 and Win2K.