RE: How to find best available encryption for MSOffice apps



1. Yes, you can select the provider directly in the CryptAcquireContext's
pszProvider parameter. Most of Microsoft's standard providers are always
available on all Windows versions. (see the names in wincrypt.h as
MS_DEF_PROV, MS_STRONG_PROV, etc.)

Note that the Enhanced provider (MS_ENHANCED_PROV) may NOT be available on
all systems - only on those where the 128-bit encryption is installed.

2. For the algo you can either loop through (PP_ENUMALGS_EX) or you can try
to generate a key with the desired algo. If key gen suceeds the algo is
supported.
(Since key gen for symmetric keys is nothing more than generating random
bytes it's very fast.) You can simply release the key handle after that.

Laszlo Elteto
SafeNet, Inc.

"Stretchcoder" wrote:

I am writing a program that updates password protection for various types of
Office Documents behind the scenes.

I want to offer my users the "most compatible" and "best available"
protection for their PC.

Most compatible basically equals MS Office 97/2000 Encryption

Best available is a little more tricky. I have figured out how to loop
through all of the algorithms provided by one CryptProvider, but is there a
way for me to check for one particular provider and algorithm?

For example, if I want to see if the user has Microsoft Strong Encryption
Provider RC4 algorithm available. Right now I cycle through ALL of the
various Provider Types based on SDK documentation (see very bottom) and ALL
of the algorithms for each provider type until I hit on the right combination
of
"Microsoft Strong Cryptographic Provider" and "RC4"
Outer loop -
CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_AES, 0);
CryptGetProvParam(hCryptProv, PP_NAME, pbData, &cbData, 0); //provider name

Inner loop -
CryptGetProvParam(hCryptProv, PP_ENUMALGS_EX, (BYTE *) &EnumAlgs,
&cbData, dFlag)) //algorithm name is in EnumAlgs.szName

There HAS to be an easier way!!!
Any suggestions?

Thanks!

*** From Platform SDK***
There are currently a number of predefined provider types. The next sections
provide information on the following provider types:

PROV_RSA_FULL
PROV_RSA_AES
PROV_RSA_SIG
PROV_RSA_SCHANNEL
PROV_DSS
PROV_DSS_DH
PROV_DH_SCHANNEL
PROV_FORTEZZA
PROV_MS_EXCHANGE
PROV_SSL

.



Relevant Pages

  • Re: How to schedule script without cron?
    ... > that is in a loop: ... > wait until nextintervaltime ... I was looking at DDNS a few weeks ago, but decided to go with a hosting ... I do not have access to the server at my hosting provider, so, as you say, ...
    (comp.lang.php)
  • Re: FlexiProvider: an open source cryptography provider for the JCA/JCE
    ... >> With this email we would like to introduce the FlexiProvider, ... >> source cryptography service provider for the Java Cryptography ... It currently includes the following algorithms: ... More portable (i.e. provider independent) is to search the list of keys ...
    (sci.crypt)
  • Re: FlexiProvider: an open source cryptography provider for the JCA/JCE
    ... >> With this email we would like to introduce the FlexiProvider, ... >> source cryptography service provider for the Java Cryptography ... It currently includes the following algorithms: ... More portable (i.e. provider independent) is to search the list of keys ...
    (sci.crypt)
  • Re: Microsoft CryptoAPI CSP Availability
    ... what makes you think that you do not have these algorithms installed? ... "Microsoft Strong Cryptographic Provider" providers ... the SHA-1 algorithm has shipped with every version of Windows ...
    (microsoft.public.dotnet.security)
  • Re: 3DES with PROV_RSA_FULL ???
    ... Hi Mark, ... using CryptoAPI and as for anything new I just refer to the ... each provider must be used with a provider type. ... >> algorithms supported by the Provider. ...
    (microsoft.public.win2000.security)