Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Inserting Encrypted String in Registry

Posted on 2003-03-25
4
Medium Priority
?
249 Views
Last Modified: 2008-02-26
Hello Everybody,

I am using CryptoAPI in VB to encrypt a string. The encryption is working very perfectly (Thanks to Davis Chapman's book).

Now the problem is to insert this string into Registry. I am using the API RegSetKeyValueEx to set the string. For eg. I want to set the String value EDate as the encrypted string. This EDate is in HKEY_LOCAL_MACHINE\SOFTWARE\Synx\ExpiryDate. The encrypted string is actually the expiry date for my activex control. In every initialize I read and decrypt this string to check the expiry date. If it has expired, my activex control locks itself and does not work untill the customer pays me for renewal. The API is not allowing me to write the Encrypted String. The .reg file is also not working. It writes simple string not the string with special characters. According to WinError.h the Error Code that returns is Access Denied (Error no 5).

Please tell me what I am doing is proper or is there a better way to do it?

Regards
Madhur
0
Comment
Question by:hmadhur
4 Comments
 
LVL 28

Expert Comment

by:vinnyd79
ID: 8202764
It sounds like a permissions issue.Does it work if the user is logged in as administrator?
0
 
LVL 3

Expert Comment

by:Jonyv
ID: 8202795
Perhaps you should try to store the string as binary data (REG_BINARY) instead. This might work better if the encrypted string contains non-printable characters
0
 
LVL 3

Accepted Solution

by:
emadat earned 1000 total points
ID: 8203352
First:
When you encrypt data; you might get a character with ASCII value of 0 in your encrypted string. Although the string will be fully accessible from VB; when you try to pass this string to an API call it will ignore all the characters starting from that character till the end. This is because API functions expects ASCIZ which is simply a string terminated by character #0.

Their is a simple and nice solution for this:
We convert each character of the string into its 2 character hexadecimal representation.
Example:
Imagine an encrypted string containing two characters:
S = Chr(0) & "A"
The hexadecimal representation for this string will be "0041" which is a fully qualified string.

Here are two functions to convert to and from HexaDecimal Representation:
'=====================================================
Function ToHex(strIn As String) As String
Dim I%, sTemp, sResult
    If Len(strIn) = 0 Then
        ToHex = ""
        Exit Function
    End If
    sResult = ""
    For I = 1 To Len(strIn)
        sTemp = Hex(Asc(Mid(strIn, I, 1)))
        If Len(sTemp) < 2 Then sTemp = "0" & sTemp
        sResult = sResult & sTemp
    Next I
    ToHex = sResult
End Function
'=====================================================
Function FromHex(strIn As String) As String
Dim I%, sTemp, sResult
    If Len(strIn) = 0 Then
        FromHex = ""
        Exit Function
    End If
    sResult = ""
    For I = 1 To Len(strIn) Step 2
        sTemp = "&H0" & Mid(strIn, I, 2)
        sResult = sResult & Chr(CInt(sTemp))
    Next I
    FromHex = sResult
End Function
'=====================================================

Second, "Access Denied" may be caused by access rights of the user accessing the registery.

Some parts of the registery are restricted to users with Administrator privilege only. Others are available for all users.
Check the following link for more information: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/registry_key_security_and_access_rights.asp

Regards
0
 
LVL 1

Author Comment

by:hmadhur
ID: 8208636
Hi emadat,
Thanks for the help. Even though the Access Denied is still there, the .reg merge file is working. I went through the MSDN articles. But they are a bit dangerous settings to play with because the user will have some previleges to access the registry and modify it. So better use the .reg merge file. :~)

Thanks and Regards
Madhur
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question