Re: Crypto problems in Vista
- From: "Alun Jones" <alun@xxxxxxxxxxxxx>
- Date: Wed, 5 Dec 2007 08:30:37 -0800
"Laszlo Hars" <Laszlo Hars@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CEC21216-2439-4BC7-94B0-ED22DB1F9A07@xxxxxxxxxxxxxxxx
My Crypto questions remained unanswered in the MSDN Forum for over a week:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2457667&SiteID=1
Is there a way to get some more information about the cryptographic CSP of
Windows Vista?
I managed to call AES and SHA-1 functions from the "Microsoft Enhanced RSA
and AES Cryptographic Provider" CSP in Vista. It works, I can encrypt and
hash messages, export and import keys. However, something is funny with
AES
encryption:
1. Messages are always padded. I need to encrypt 16-byte blocks, and the
padding algorithm makes them all 32-bytes. Does anyone know a way to
switch
off padding? I tried calling from the advapi32.dll CryptSetKeyParam() with
dwParam = KP_PADDING and pbData pointing to a DWORD containing one of the
numbers -1,0,1,2,3., without any effects.
AES is a block cipher with a 16 byte block-length. However, as noted on the
MSDN documentation:
"As a rule, if a stream cipher is used, the ciphertext is the same size as
the plaintext. If a block cipher is used, the ciphertext is up to a block
length larger than the plaintext." (From
http://msdn2.microsoft.com/en-us/library/aa379924.aspx, documentation for
CryptEncrypt)
Okay, so the ciphertext may be as much as a block length larger than the
plaintext. That appears to be what you are seeing, though I'm perhaps not
the expert you wanted.
2. Selecting CRYPT_MODE_CTS (CipherText Stealing) mode should return a
ciphertext of the same length as the plaintext, but it always rounds up
the
length to an integer multiple of 16 bytes, the block length of AES. I
could
not find any difference between it and CRYPT_MODE_CBC (Cipher Block
Chaining)
mode. Is CTS supported? If yes, how to invoke it?
If CryptSetKeyParam appears to accept CRYPT_MODE_CTS, but you see no sign
that it's working, you might call CryptGetKeyParam to see whether the mode
was set. Maybe CryptSetKeyParam is ignoring an option it can't accept?
3. CRYPT_MODE_CFB seems to work, but CRYPT_MODE_OFB does not. When this
encryption mode is selected, the buffer of both CryptEncrypt() and
CryptDecrypt() remains unchanged. Is OFB supported?
http://msdn2.microsoft.com/en-us/library/aa379949.aspx - "CRYPT_MODE_OFB -
The cipher mode is Output Feedback (OFB). Microsoft CSPs currently do not
support Output Feedback Mode."
Doesn't look supported to me.
Alun.
~~~~
.
- Follow-Ups:
- Re: Crypto problems in Vista
- From: Laszlo Hars
- Re: Crypto problems in Vista
- Prev by Date: SChannel SEC_I_RENEGOTIATE after DecryptMessage
- Next by Date: PFXImportCertStore is associated with windows password filter
- Previous by thread: SChannel SEC_I_RENEGOTIATE after DecryptMessage
- Next by thread: Re: Crypto problems in Vista
- Index(es):
Relevant Pages
|
