Solved

Encrypting string through CryptAPI

Posted on 2006-10-25
3
278 Views
Last Modified: 2012-06-21
We are attempting to encrypt/decrypt a string through CryptoAPI functions passing a known string key

Encrypt
======
// Get handle to user default provider.
      if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))      
      {
            // Create hash object.            
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))            
            {
                  // Hash password string.                  
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                  
                  {
                        // Create block cipher session key based on hash of the password.
                  if (CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey))                        {
                              // Determine number of bytes to encrypt at a time.
                              dwLength = sizeof(TCHAR)*_tcslen(szdata);      
                              bResult = CryptEncrypt(
                                          hKey,            // Key obtained earlier
                                          0,               // No hashing of data
                                          TRUE,            // Final or only buffer of data
                                          0,               // Must be zero
                                          NULL,            // No data yet, simply return size
                                          &dwLength,         // Size of data
                                          dwLength);         // Size of block

                              // Allocate memory.
                              BYTE *pbBuffer = (BYTE *)malloc(dwLength);                                    if (pbBuffer != NULL)                                                      {
                                    memcpy(pbBuffer, szdata, dwLength);                                          // Encrypt data
                        if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))                         {
                              // return encrypted string
                              memcpy(szEncryptData, pbBuffer, dwLength);}
........      
                               CryptDestroyKey(hKey);  // Release provider handle.      
                        ......
                  CryptDestroyHash(hHash);
            ........
            CryptReleaseContext(hProv, 0);      


Decrypt
=====
if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))            
      {
            // Create hash object.                  
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
            {                        
                  // Hash password string.
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                                          {
                        // Create block cipher session key based on hash of the password.
            if (CryptDeriveKey(hProv, MY_ENCRYPT, hHash, CRYPT_EXPORTABLE, &hKey))                                                {
                              // we know the encrypted data  and the lengt
                        dwLength = sizeof(TCHAR)*_tcslen(szEncryptdata);      
                         _tcscpy(szdataTemp,szEncryptdata);
                  if (!CryptDecrypt(hKey, 0, TRUE, 0, (BYTE *)szdataTemp, &dwLength))
                                    bResult = FALSE;      

                              ......
                              CryptDestroyKey(hKey);  // Release provider handle.                                    _tcscpy(szdata,szdataTemp);
                        }                              
                        .....
            .....
            CryptReleaseContext(hProv, 0);      


A string of 497 bytes gets compressed to 426 bytes on encryption;But while decrypting the length of the original string retrieved is 426 only - and we get just that much of the original string back!!!!!
I am a novice in cryptology and need help in gettign out of this.
0
Comment
Question by:ranadhir
3 Comments
 
LVL 39

Accepted Solution

by:
itsmeandnobodyelse earned 125 total points
ID: 17804319
MSDN says:
------------------------------------------------------------
As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
------------------------------------------------------------

That means that the error already occured when encrypting.

>>>> if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))

Here that call might be wrong: you use dwLength both for a in/out argument and a further in argument. CryptEncrpyt function might go wrong because it uses two variables which have the same storage.

MSDN:
------------------------------------------------------------
pcbData
The address of the data length. Before calling this function, the caller should set this parameter to the number of bytes to be encrypted. Upon return, this address will contain the number of bytes of encrypted data.
If the buffer specified by pbData is not large enough to hold the data, the function returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required buffer size, in bytes, into the variable pointed to by pcbData.

If pbData is NULL, then no error is returned, and the function stores the size of the data, in bytes, in the variable pointed to be pcbData. This lets an application determine the correct buffer size unambiguously.

When a block cipher is used, this data length must be a multiple of the block size, unless this is the final section of data to be encrypted and the Final flag is TRUE.

cbBuffer
The number of bytes in the pbData buffer.
Note that, depending on the algorithm used, the encrypted text can be slightly larger than the original plaintext. In this case, the pbData buffer needs to be sized accordingly.

As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
-----------------------------------------------------------------------

That means, you should call CryptEncrpyt two times, first with a buffer == NULL and *pcbData == number of encrypted bytes (dwLength). Use a different variable for pcbData and for cbBuffer. Then CryptEncrypt will return TRUE and filled the  pcbData argument with the number of bytes required for output. Allocate an appropriate buffer and call CryptEncrypt with pcbData unchanged (== size of the new buffer)  and use the dwLength for the following argument which is the number of bytes to encrypt.

Regards, Alex




0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question