Encrypt with .Net, decrypt with Crypto API?

From: Trevor Barry (TrevorBarry_at_discussions.microsoft.com)
Date: 10/08/04 

Date: Fri, 8 Oct 2004 03:47:03 -0700

Hi

I have some server based .Net code that creates an encrypted blob that is
stored in active directory. The encryption is done with the
TripleDESCryptoServiceProvider which needs an 8 byte initialisation vector, a
key and the plaintext.

I have .Net client side code that picks up the value and decrypts it without
any problems. I now have a requirement to provide self contained client code
that runs without any extra installs on the client (i.e. no .Net Framework,
no VB6 runtime). The clients will be running Windows XP or Windows 2000. As
far as I can workout that leaves the Crypto API or providing my own hashing
and encryption alogrithms as the only options.

I believe CAPICom is an optional install and therefore can't be guaranteed
to be present? I can't require anything other than my .exe and the OS for
this solution.

I've put together C++ code to pull the blob from active directory and do
everything else I need but I can't work out how to use the Crypto API to
decrypt the data. As far as I can see the Crypto API 3DES function does not
need an initialisation vector. My shared key is generated from an MD5 hash of
some information that both the client and server know so I should be able to
calculate that on the client.

Does anyonw know if it is possible to use the Crypto API to decrypt
something encrypted by the .Net TripleDESCryptoServiceProvider?

What do I do about the IV used in .Net but not in the Crypto API? The .Net
decryption routines require the same IV as was used during encryption.

Does anyone have any thoughts about this? Sample code? Pointer to resources?

I have been through MSDN and am currently reading the O'Reilly Secure Code
book.

Trevor

Relevant Pages

  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ...
    (microsoft.public.platformsdk.security)
  • Re: cant copy encrypted files
    ... during which I was able to decrypt a good number of files, ... | another machine running XP. ... | either in ubuntu or through the network from the client machine running XP. ... | the irony is that I have the encryption certificate backed up in the client ...
    (microsoft.public.windowsxp.general)
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ...
    (microsoft.public.platformsdk.security)
  • Re: Encrypt in .Net. decrypt with Crypto API - help...
    ... I now have a requirement to provide self contained client ... > and encryption alogrithms as the only options. ... > everything else I need but I can't work out how to use the Crypto API to ... > Does anyonw know if it is possible to use the Crypto API to decrypt ...
    (microsoft.public.platformsdk.security)
  • Re: Encrypt with .Net, decrypt with Crypto API?
    ... I now have a requirement to provide self contained client ... > and encryption alogrithms as the only options. ... > everything else I need but I can't work out how to use the Crypto API to ... > Does anyonw know if it is possible to use the Crypto API to decrypt ...
    (microsoft.public.dotnet.security)
Loading