RE: How to find best available encryption for MSOffice apps



1. Yes, you can select the provider directly in the CryptAcquireContext's
pszProvider parameter. Most of Microsoft's standard providers are always
available on all Windows versions. (see the names in wincrypt.h as
MS_DEF_PROV, MS_STRONG_PROV, etc.)

Note that the Enhanced provider (MS_ENHANCED_PROV) may NOT be available on
all systems - only on those where the 128-bit encryption is installed.

2. For the algo you can either loop through (PP_ENUMALGS_EX) or you can try
to generate a key with the desired algo. If key gen suceeds the algo is
supported.
(Since key gen for symmetric keys is nothing more than generating random
bytes it's very fast.) You can simply release the key handle after that.

Laszlo Elteto
SafeNet, Inc.

"Stretchcoder" wrote:

I am writing a program that updates password protection for various types of
Office Documents behind the scenes.

I want to offer my users the "most compatible" and "best available"
protection for their PC.

Most compatible basically equals MS Office 97/2000 Encryption

Best available is a little more tricky. I have figured out how to loop
through all of the algorithms provided by one CryptProvider, but is there a
way for me to check for one particular provider and algorithm?

For example, if I want to see if the user has Microsoft Strong Encryption
Provider RC4 algorithm available. Right now I cycle through ALL of the
various Provider Types based on SDK documentation (see very bottom) and ALL
of the algorithms for each provider type until I hit on the right combination
of
"Microsoft Strong Cryptographic Provider" and "RC4"
Outer loop -
CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_AES, 0);
CryptGetProvParam(hCryptProv, PP_NAME, pbData, &cbData, 0); //provider name

Inner loop -
CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, (BYTE *) &EnumAlgs,
&cbData, dFlag)) //algorithm name is in EnumAlgs.szName

There HAS to be an easier way!!!
Any suggestions?

Thanks!

*** From Platform SDK***
There are currently a number of predefined provider types. The next sections
provide information on the following provider types:

PROV_RSA_FULL
PROV_RSA_AES
PROV_RSA_SIG
PROV_RSA_SCHANNEL
PROV_DSS
PROV_DSS_DH
PROV_DH_SCHANNEL
PROV_FORTEZZA
PROV_MS_EXCHANGE
PROV_SSL

.