Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Encrypting string through CryptAPI

Posted on 2006-10-25
3
Medium Priority
?
284 Views
Last Modified: 2012-06-21
We are attempting to encrypt/decrypt a string through CryptoAPI functions passing a known string key

Encrypt
======
// Get handle to user default provider.
      if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))      
      {
            // Create hash object.            
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))            
            {
                  // Hash password string.                  
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                  
                  {
                        // Create block cipher session key based on hash of the password.
                  if (CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey))                        {
                              // Determine number of bytes to encrypt at a time.
                              dwLength = sizeof(TCHAR)*_tcslen(szdata);      
                              bResult = CryptEncrypt(
                                          hKey,            // Key obtained earlier
                                          0,               // No hashing of data
                                          TRUE,            // Final or only buffer of data
                                          0,               // Must be zero
                                          NULL,            // No data yet, simply return size
                                          &dwLength,         // Size of data
                                          dwLength);         // Size of block

                              // Allocate memory.
                              BYTE *pbBuffer = (BYTE *)malloc(dwLength);                                    if (pbBuffer != NULL)                                                      {
                                    memcpy(pbBuffer, szdata, dwLength);                                          // Encrypt data
                        if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))                         {
                              // return encrypted string
                              memcpy(szEncryptData, pbBuffer, dwLength);}
........      
                               CryptDestroyKey(hKey);  // Release provider handle.      
                        ......
                  CryptDestroyHash(hHash);
            ........
            CryptReleaseContext(hProv, 0);      


Decrypt
=====
if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))            
      {
            // Create hash object.                  
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
            {                        
                  // Hash password string.
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                                          {
                        // Create block cipher session key based on hash of the password.
            if (CryptDeriveKey(hProv, MY_ENCRYPT, hHash, CRYPT_EXPORTABLE, &hKey))                                                {
                              // we know the encrypted data  and the lengt
                        dwLength = sizeof(TCHAR)*_tcslen(szEncryptdata);      
                         _tcscpy(szdataTemp,szEncryptdata);
                  if (!CryptDecrypt(hKey, 0, TRUE, 0, (BYTE *)szdataTemp, &dwLength))
                                    bResult = FALSE;      

                              ......
                              CryptDestroyKey(hKey);  // Release provider handle.                                    _tcscpy(szdata,szdataTemp);
                        }                              
                        .....
            .....
            CryptReleaseContext(hProv, 0);      


A string of 497 bytes gets compressed to 426 bytes on encryption;But while decrypting the length of the original string retrieved is 426 only - and we get just that much of the original string back!!!!!
I am a novice in cryptology and need help in gettign out of this.
0
Comment
Question by:ranadhir
1 Comment
 
LVL 39

Accepted Solution

by:
itsmeandnobodyelse earned 500 total points
ID: 17804319
MSDN says:
------------------------------------------------------------
As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
------------------------------------------------------------

That means that the error already occured when encrypting.

>>>> if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))

Here that call might be wrong: you use dwLength both for a in/out argument and a further in argument. CryptEncrpyt function might go wrong because it uses two variables which have the same storage.

MSDN:
------------------------------------------------------------
pcbData
The address of the data length. Before calling this function, the caller should set this parameter to the number of bytes to be encrypted. Upon return, this address will contain the number of bytes of encrypted data.
If the buffer specified by pbData is not large enough to hold the data, the function returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required buffer size, in bytes, into the variable pointed to by pcbData.

If pbData is NULL, then no error is returned, and the function stores the size of the data, in bytes, in the variable pointed to be pcbData. This lets an application determine the correct buffer size unambiguously.

When a block cipher is used, this data length must be a multiple of the block size, unless this is the final section of data to be encrypted and the Final flag is TRUE.

cbBuffer
The number of bytes in the pbData buffer.
Note that, depending on the algorithm used, the encrypted text can be slightly larger than the original plaintext. In this case, the pbData buffer needs to be sized accordingly.

As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
-----------------------------------------------------------------------

That means, you should call CryptEncrpyt two times, first with a buffer == NULL and *pcbData == number of encrypted bytes (dwLength). Use a different variable for pcbData and for cbBuffer. Then CryptEncrypt will return TRUE and filled the  pcbData argument with the number of bytes required for output. Allocate an appropriate buffer and call CryptEncrypt with pcbData unchanged (== size of the new buffer)  and use the dwLength for the following argument which is the number of bytes to encrypt.

Regards, Alex




0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unlike C#, C++ doesn't have native support for sealing classes (so they cannot be sub-classed). At the cost of a virtual base class pointer it is possible to implement a pseudo sealing mechanism The trick is to virtually inherit from a base class…
This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question