Solved

Encrypting string through CryptAPI

Posted on 2006-10-25
3
277 Views
Last Modified: 2012-06-21
We are attempting to encrypt/decrypt a string through CryptoAPI functions passing a known string key

Encrypt
======
// Get handle to user default provider.
      if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))      
      {
            // Create hash object.            
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))            
            {
                  // Hash password string.                  
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                  
                  {
                        // Create block cipher session key based on hash of the password.
                  if (CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey))                        {
                              // Determine number of bytes to encrypt at a time.
                              dwLength = sizeof(TCHAR)*_tcslen(szdata);      
                              bResult = CryptEncrypt(
                                          hKey,            // Key obtained earlier
                                          0,               // No hashing of data
                                          TRUE,            // Final or only buffer of data
                                          0,               // Must be zero
                                          NULL,            // No data yet, simply return size
                                          &dwLength,         // Size of data
                                          dwLength);         // Size of block

                              // Allocate memory.
                              BYTE *pbBuffer = (BYTE *)malloc(dwLength);                                    if (pbBuffer != NULL)                                                      {
                                    memcpy(pbBuffer, szdata, dwLength);                                          // Encrypt data
                        if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))                         {
                              // return encrypted string
                              memcpy(szEncryptData, pbBuffer, dwLength);}
........      
                               CryptDestroyKey(hKey);  // Release provider handle.      
                        ......
                  CryptDestroyHash(hHash);
            ........
            CryptReleaseContext(hProv, 0);      


Decrypt
=====
if (CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0))            
      {
            // Create hash object.                  
            if (CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
            {                        
                  // Hash password string.
                  dwLength = sizeof(TCHAR)*_tcslen(szKey);
                  if (CryptHashData(hHash, (BYTE *)szKey, dwLength, 0))                                          {
                        // Create block cipher session key based on hash of the password.
            if (CryptDeriveKey(hProv, MY_ENCRYPT, hHash, CRYPT_EXPORTABLE, &hKey))                                                {
                              // we know the encrypted data  and the lengt
                        dwLength = sizeof(TCHAR)*_tcslen(szEncryptdata);      
                         _tcscpy(szdataTemp,szEncryptdata);
                  if (!CryptDecrypt(hKey, 0, TRUE, 0, (BYTE *)szdataTemp, &dwLength))
                                    bResult = FALSE;      

                              ......
                              CryptDestroyKey(hKey);  // Release provider handle.                                    _tcscpy(szdata,szdataTemp);
                        }                              
                        .....
            .....
            CryptReleaseContext(hProv, 0);      


A string of 497 bytes gets compressed to 426 bytes on encryption;But while decrypting the length of the original string retrieved is 426 only - and we get just that much of the original string back!!!!!
I am a novice in cryptology and need help in gettign out of this.
0
Comment
Question by:ranadhir
3 Comments
 
LVL 39

Accepted Solution

by:
itsmeandnobodyelse earned 125 total points
ID: 17804319
MSDN says:
------------------------------------------------------------
As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
------------------------------------------------------------

That means that the error already occured when encrypting.

>>>> if (CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength))

Here that call might be wrong: you use dwLength both for a in/out argument and a further in argument. CryptEncrpyt function might go wrong because it uses two variables which have the same storage.

MSDN:
------------------------------------------------------------
pcbData
The address of the data length. Before calling this function, the caller should set this parameter to the number of bytes to be encrypted. Upon return, this address will contain the number of bytes of encrypted data.
If the buffer specified by pbData is not large enough to hold the data, the function returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required buffer size, in bytes, into the variable pointed to by pcbData.

If pbData is NULL, then no error is returned, and the function stores the size of the data, in bytes, in the variable pointed to be pcbData. This lets an application determine the correct buffer size unambiguously.

When a block cipher is used, this data length must be a multiple of the block size, unless this is the final section of data to be encrypted and the Final flag is TRUE.

cbBuffer
The number of bytes in the pbData buffer.
Note that, depending on the algorithm used, the encrypted text can be slightly larger than the original plaintext. In this case, the pbData buffer needs to be sized accordingly.

As a rule, if a stream cipher is used the ciphertext will be the same size as the plaintext. If a block cipher is used, the ciphertext will be up to a "block length" larger than the plaintext.
-----------------------------------------------------------------------

That means, you should call CryptEncrpyt two times, first with a buffer == NULL and *pcbData == number of encrypted bytes (dwLength). Use a different variable for pcbData and for cbBuffer. Then CryptEncrypt will return TRUE and filled the  pcbData argument with the number of bytes required for output. Allocate an appropriate buffer and call CryptEncrypt with pcbData unchanged (== size of the new buffer)  and use the dwLength for the following argument which is the number of bytes to encrypt.

Regards, Alex




0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now