Re: Decrypting on different platforms
From: Ryan Menezes [MSFT] (ryanmen_at_online.microsoft.com)
Date: 05/27/05
- Next message: Rhett Gong [MSFT]: "Re: Setting Passwords via DSML with non-admin type Domain User Cre"
- Previous message: Ryan Menezes [MSFT]: "Re: advapi32.dll patch for Win2003 SP1"
- In reply to: Frank Perry: "Re: Decrypting on different platforms"
- Next in thread: Frank Perry: "Re: Decrypting on different platforms"
- Reply: Frank Perry: "Re: Decrypting on different platforms"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 20:15:32 -0700
Well RC2 is a symmetric block cipher. You will have to use AT_KEYEXCHANGE or
CALG_RSA_KEYX if you want an asymmetric key pair.
Thanks,
Ryan Menezes [MSFT]
-- This posting is provided "AS IS" with no warranties, and confers no rights. "Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm" "Frank Perry" <FrankPerry@discussions.microsoft.com> wrote in message news:F3570951-9B3F-465E-B4AF-BE0591A0F556@microsoft.com... > Howdy, > > Doesn't the call >> > if (!CryptGenKey (hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) > create an asysmmetric key? > > I've tried both paths through the sample. The top path is with out a > password and it uses CryptGenKey. That is where the CryptGetUserKey > fails. > The other pass is with a password. That works to encrypt and decrypt but > only on the same platform. > > I have looked further into the problem in the with password path. I had > tried to force the hash in the decrypt on the W2K machine to the hash I > found > on the CE machine. What I found is the function CryptSetHashParam fails > telling me the hash is not in the correct state. I wasn't able to persue > that further today. > > I'll pound on it tomorrow. > > -- > Frank Perry > LavaLeaf Software > > > "Ryan Menezes [MSFT]" wrote: > >> CryptGetUserKey failure is expected since you never created an asymmetric >> key using CryptGenKey in the first place. >> When creating the RC2 key, also look into specifying the >> KP_EFFECTIVE_KEYLEN >> flag using CryptSetKeyParam(). >> >> >> Thanks, >> Ryan Menezes [MSFT] >> >> -- >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> "Use of included script samples are subject to the terms specified at >> http://www.microsoft.com/info/cpyright.htm" >> >> >> >> "Frank Perry" <FrankPerry@discussions.microsoft.com> wrote in message >> news:06E49322-EE75-4623-B548-42555EE61558@microsoft.com... >> > Howdy, >> > >> > I am using the built in CSP. >> > >> > The code is lifted from the eMbedded Visual C++ help for encrypting and >> > decrypting data. Here are the sections that give me trouble. >> > >> > // Get the handle to the default provider. >> > if (!CryptAcquireContext (&hProv, NULL, NULL, PROV_RSA_FULL, 0)) >> > { >> > wprintf (TEXT("Error %x during CryptAcquireContext!\n"), >> > GetLastError ()); >> > goto exit; >> > } >> > >> > if (lpszPassword == NULL) >> > { >> > // Encrypt the file with a random session key. >> > >> > // Create a random session key. >> > if (!CryptGenKey (hProv, CALG_RC2, CRYPT_EXPORTABLE, &hKey)) >> > { >> > wprintf (TEXT("Error %x during CryptGenKey!\n"), >> > GetLastError ()); >> > goto exit; >> > } >> > >> > // Get the handle to the key exchange public key. >> > if (!CryptGetUserKey (hProv, AT_KEYEXCHANGE, &hXchgKey)) >> > { >> > wprintf (TEXT("Error %x during CryptGetUserKey!\n"), >> > GetLastError ()); >> > goto exit; >> > } >> > This is the path with no password. Here it should be giving me a key >> > that >> > I >> > can export to a blob and then save someplace. At this point, it always >> > fails >> > saying there is no key. >> > *** >> > } >> > else >> > { >> > // Encrypt the file with a session key derived from a password. >> > >> > // Create a hash object. >> > if (!CryptCreateHash (hProv, CALG_MD5, 0, 0, &hHash)) >> > { >> > wprintf (TEXT("Error %x during CryptCreateHash!\n"), >> > GetLastError ()); >> > goto exit; >> > } >> > >> > // Hash in the password data. >> > if (!CryptHashData (hHash, (PBYTE)lpszPassword, >> > wcslen (lpszPassword), 0)) >> > { >> > wprintf (TEXT("Error %x during CryptHashData!\n"), >> > GetLastError ()); >> > goto exit; >> > } >> > >> > // Derive a session key from the hash object. >> > if (!CryptDeriveKey (hProv, CALG_RC2, hHash, 0, &hKey)) >> > { >> > wprintf (TEXT("Error %x during CryptDeriveKey!\n"), >> > GetLastError ()); >> > goto exit; >> > } >> > } >> > >> > If I give it a pass word, this section works fine but the same pass >> > word >> > on >> > the CE machine does not work on the W2K machine. It does work on a >> > different >> > CE machine. (I have converted both to bytes so the CE machine is not >> > encrypting Unicode.) >> > >> > For the first example, I have tried running it on both the systems and >> > get >> > the same failure. My current thinking is that the is a security >> > setting >> > at >> > the OS level that is preventing me from exporting a key. If so, the >> > sample >> > code should say something about it, but doesn't. >> > >> > For the second, I have looked at the hash and found the hash was >> > different >> > between the machines. I took the hash from one machine and force the >> > hash >> > in >> > the other machine to the same value. But that didn't help. I would >> > force >> > the key but I can't get an exportable key. >> > >> > Any ideas? As I said, I'm looking at the security settings to see if >> > there >> > is something that could block me from making an exportable key. >> > -- >> > Frank Perry >> > LavaLeaf Software >> > >> > >> > "Ryan Menezes [MSFT]" wrote: >> > >> >> Which encryption algorithm are you using and what are the default CSPs >> >> on >> >> those machines ? >> >> >> >> Would definetely help if you can post some sample code. >> >> >> >> Thanks, >> >> Ryan Menezes [MSFT] >> >> >> >> - >> >> This posting is provided "AS IS" with no warranties, and confers no >> >> rights. >> >> "Use of included script samples are subject to the terms specified at >> >> http://www.microsoft.com/info/cpyright.htm" >> >> >> >> >> >> >> >> "Frank Perry" <FrankPerry@discussions.microsoft.com> wrote in message >> >> news:03189DBD-7470-4C7A-97D3-50F68764BCED@microsoft.com... >> >> > Howdy, >> >> > >> >> > I forgot to mention that I have both machines using 40 bit key >> >> > lengths. >> >> > >> >> > -- >> >> > Frank Perry >> >> > LavaLeaf Software >> >> > >> >> > >> >> > "Frank Perry" wrote: >> >> > >> >> >> Howdy, >> >> >> >> >> >> I have been using the sample code for encrypting and decrypting >> >> >> files. >> >> >> I >> >> >> have no trouble using the password version to encrypt a file and >> >> >> decrypt >> >> >> it >> >> >> on the same machine. But when I move the file to a different >> >> >> machine >> >> >> with a >> >> >> different OS, it fails. The two OSs are W2K and CE. >> >> >> >> >> >> So far, I have found the the hash created from the same password is >> >> >> different on the two machines. I have tried forcing the same hash >> >> >> on >> >> >> both >> >> >> machines but that doesn't get me anywhere either. I haven't seen >> >> >> the >> >> >> CE >> >> >> side, but the KP_IV of the W2K side is all 0's. >> >> >> >> >> >> I would try transfering the key itself, but on a different problem, >> >> >> I >> >> >> can't >> >> >> get CryptGetUserKey to return a key. I am using the code from the >> >> >> example >> >> >> but nothing comes back. I get the error that there is no key. >> >> >> >> >> >> Are there any ideas about either of these problems? >> >> >> >> >> >> Thanks in advance. >> >> >> -- >> >> >> Frank Perry >> >> >> LavaLeaf Software >> >> >> >> >> >> >> >> >>
- Next message: Rhett Gong [MSFT]: "Re: Setting Passwords via DSML with non-admin type Domain User Cre"
- Previous message: Ryan Menezes [MSFT]: "Re: advapi32.dll patch for Win2003 SP1"
- In reply to: Frank Perry: "Re: Decrypting on different platforms"
- Next in thread: Frank Perry: "Re: Decrypting on different platforms"
- Reply: Frank Perry: "Re: Decrypting on different platforms"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
