Re: CAPICOM enveloped data interop question

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 03/26/04

  • Next message: Jonathan Ruckert: "RE: ? - Database Query & Saving to Application Cache" 
    Date: Thu, 25 Mar 2004 22:25:11 -0600

    Thanks Mitch!

    Joe K.
      "Michel Gallant" <neutron@NOSPAMistar.ca> wrote in message news:ekk8ONtEEHA.3016@TK2MSFTNGP11.phx.gbl...
      Hi Joe,

      The comment from that article you reference below specifically applies to CAPICOM EncryptedData format.
      However, CAPICOM EnvelopedData produces standard CMS/PKCS #7 messages with good interop.

      However, there are some issues with enveloping binary files using .NET and CAPICOM interop having to do with marshalling from CAPICOM bstr to .NET managed code. A workaround was posted to the capicom maillist but involves dis/reassembling the Interop.CAPICOM.dll.
      Strangely enough, Microsoft's Java (MS-JVM) does not have this problem due to better support for COM variants and marshalling, so the following Enveloping utility I wrote handles any binary file:
         http://www.jensign.com/JavaScience/cryptoutils/jacrypt

      If your can use scripting, it is easly to use CAPICOM and generate EnvelopedData (then sign it) for any binary data file.

      - Mitch Gallant
        MVP Security

        "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:OVLNoNrEEHA.1228@TK2MSFTNGP11.phx.gbl...
        Hi all,

        I'm building an application that will create files to be exchanged with a vendor. The design specifies that the data in the files must be encrypted via RSA with a vendor-supplied certificate and signed with a trusted certificate provided by me. Files use standard PKCS#7 enveloped data to accomplish this. We'll use 3DES for the symmetric algorithm, so the details are in place.

        Given that .NET doesn't have much if any support for enveloped data in System.Security.Cryptography, I thought I would be most productive using CAPICOM via interop to generate the enveloped data. However, I noticed this from MSDN documentation

        http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/encrypting_and_decrypting_data.asp?frame=true

        which indicates that CAPICOM creates non-standard enrypteddata files that can only be read with CAPICOM. I need standard PKCS#7. My question is, does the restriction above apply to enveloped data that is encrypted AND signed, or just encrypted data? I'm still a novice with crypto and the distinctions to me are not clear.

        Any help would be greatly appreciated.

        Thanks!

        Joe K.

  • Next message: Jonathan Ruckert: "RE: ? - Database Query & Saving to Application Cache"

    Relevant Pages

    • Re: CAPICOM enveloped data interop question
      ... The comment from that article you reference below specifically applies to CAPICOM EncryptedData format. ... CAPICOM EnvelopedData produces standard CMS/PKCS #7 messages with good interop. ... it is easly to use CAPICOM and generate EnvelopedData for any binary data file. ...
      (microsoft.public.dotnet.security)
    • Re: CAPICOM DataEnvelopes and SMIME in C#
      ... You need more than just CAPICOM to deal with S/MIME. ... > Envelopes and SMIME. ... > EnvelopedData class to decrypt the data. ... In the results from this decryption, ...
      (microsoft.public.dotnet.security)
    • Re: Java EnvelopedData --> CAPICOM.Decrypt
      ... > EnvelopedData created with Java IAIK toolkit. ... > CAPICOM doesn't understand, but don't know what it may be. ... You can use the dumpasn1 tool: ...
      (microsoft.public.platformsdk.security)
    • Re: Java EnvelopedData --> CAPICOM.Decrypt
      ... I finally built a PKCS7 quite similar to that of CAPICOM: ... >> EnvelopedData created with Java IAIK toolkit. ... > You can use the dumpasn1 tool: ...
      (microsoft.public.platformsdk.security)