Encrypt with .Net, decrypt with Crypto API?
From: Trevor Barry (TrevorBarry_at_discussions.microsoft.com)
Date: Fri, 8 Oct 2004 03:47:03 -0700
I have some server based .Net code that creates an encrypted blob that is
stored in active directory. The encryption is done with the
TripleDESCryptoServiceProvider which needs an 8 byte initialisation vector, a
key and the plaintext.
I have .Net client side code that picks up the value and decrypts it without
any problems. I now have a requirement to provide self contained client code
that runs without any extra installs on the client (i.e. no .Net Framework,
no VB6 runtime). The clients will be running Windows XP or Windows 2000. As
far as I can workout that leaves the Crypto API or providing my own hashing
and encryption alogrithms as the only options.
I believe CAPICom is an optional install and therefore can't be guaranteed
to be present? I can't require anything other than my .exe and the OS for
I've put together C++ code to pull the blob from active directory and do
everything else I need but I can't work out how to use the Crypto API to
decrypt the data. As far as I can see the Crypto API 3DES function does not
need an initialisation vector. My shared key is generated from an MD5 hash of
some information that both the client and server know so I should be able to
calculate that on the client.
Does anyonw know if it is possible to use the Crypto API to decrypt
something encrypted by the .Net TripleDESCryptoServiceProvider?
What do I do about the IV used in .Net but not in the Crypto API? The .Net
decryption routines require the same IV as was used during encryption.
Does anyone have any thoughts about this? Sample code? Pointer to resources?
I have been through MSDN and am currently reading the O'Reilly Secure Code