Encrypting string through CryptAPI

We are attempting to encrypt/decrypt a string through CryptoAPI functions passing a known string key

Encrypt
======
// Get handle to user default provider.
      if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))      
      {
            // Create hash object.            
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))            
            {
                  // Hash password string.                  
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                  
                  {
                        // Create block cipher session key based on hash of the password.
                  if (CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey))                        {
                              // Determine number of bytes to encrypt at a time.
                              dwLength = sizeof(TCHAR)*_tcslen(szdata);      
                              bResult = CryptEncrypt(
                                          hKey,            // Key obtained earlier
                                          0,               // No hashing of data
                                          TRUE,            // Final or only buffer of data
                                          0,               // Must be zero
                                          NULL,            // No data yet, simply return size
                                          &dwLength,         // Size of data
                                          dwLength);         // Size of block

                              // Allocate memory.
                              BYTE *pbBuffer = (BYTE *)malloc(dwLength);                                    if (pbBuffer != NULL)                                                      {
                                    memcpy(pbBuffer, szdata, dwLength);                                          // Encrypt data
                        if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))                         {
                              // return encrypted string
                              memcpy(szEncryptData, pbBuffer, dwLength);}
........      
                               CryptDestroyKey(hKey);  // Release provider handle.      
                        ......
                  CryptDestroyHash(hHash);
            ........
            CryptReleaseContext(hProv, 0);      


Decrypt
=====
if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))            
      {
            // Create hash object.                  
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
            {                        
                  // Hash password string.
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                                          {
                        // Create block cipher session key based on hash of the password.
            if (CryptDeriveKey(hProv, MY_ENCRYPT, hHash, CRYPT_EXPORTABLE, &hKey))                                                {
                              // we know the encrypted data  and the lengt
                        dwLength = sizeof(TCHAR)*_tcslen(szEncryptdata);      
                         _tcscpy(szdataTemp,szEncryptdata);
                  if (!CryptDecrypt(hKey, 0, TRUE, 0, (BYTE *)szdataTemp, &dwLength))
                                    bResult = FALSE;      

                              ......
                              CryptDestroyKey(hKey);  // Release provider handle.                                    _tcscpy(szdata,szdataTemp);
                        }                              
                        .....
            .....
            CryptReleaseContext(hProv, 0);      


A string of 497 bytes gets compressed to 426 bytes on encryption;But while decrypting the length of the original string retrieved is 426 only - and we get just that much of the original string back!!!!!
I am a novice in cryptology and need help in gettign out of this.
ranadhirAsked:
Who is Participating?
 
itsmeandnobodyelseConnect With a Mentor Commented:
MSDN says:
------------------------------------------------------------
As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
------------------------------------------------------------

That means that the error already occured when encrypting.

>>>> if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))

Here that call might be wrong: you use dwLength both for a in/out argument and a further in argument. CryptEncrpyt function might go wrong because it uses two variables which have the same storage.

MSDN:
------------------------------------------------------------
pcbData
The address of the data length. Before calling this function, the caller should set this parameter to the number of bytes to be encrypted. Upon return, this address will contain the number of bytes of encrypted data.
If the buffer specified by pbData is not large enough to hold the data, the function returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required buffer size, in bytes, into the variable pointed to by pcbData.

If pbData is NULL, then no error is returned, and the function stores the size of the data, in bytes, in the variable pointed to be pcbData. This lets an application determine the correct buffer size unambiguously.

When a block cipher is used, this data length must be a multiple of the block size, unless this is the final section of data to be encrypted and the Final flag is TRUE.

cbBuffer
The number of bytes in the pbData buffer.
Note that, depending on the algorithm used, the encrypted text can be slightly larger than the original plaintext. In this case, the pbData buffer needs to be sized accordingly.

As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
-----------------------------------------------------------------------

That means, you should call CryptEncrpyt two times, first with a buffer == NULL and *pcbData == number of encrypted bytes (dwLength). Use a different variable for pcbData and for cbBuffer. Then CryptEncrypt will return TRUE and filled the  pcbData argument with the number of bytes required for output. Allocate an appropriate buffer and call CryptEncrypt with pcbData unchanged (== size of the new buffer)  and use the dwLength for the following argument which is the number of bytes to encrypt.

Regards, Alex




0
All Courses

From novice to tech pro — start learning today.