Re: Crypto problems in Vista
- From: Laszlo Hars <LaszloHars@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 5 Dec 2007 14:04:00 -0800
Thanks, Alun. Calling CryptGetKeyParam() was revealing...
1. The ciphertext is ALWAYS longer than the plaintext. This was my problem.
If the plaintext I encrypt is always 128 bits (16 bytes), there is no need
for padding, but I cannot switch it off. My question was if there is a way
(maybe undocumented) to somehow prevent padding. Padding seems to be always
active, which is a pity. CryptGetKeyParam() returns PKCS5_PADDING (1), no
matter what I select with CryptSetKeyParam().
In ECB mode, at encryption I can just discard the superfluous second block,
but at decryption I have to attach the encrypted 100..0 block (the padding),
which is a hassle.
CFB mode could be used as an AES stream cipher, but it also uses padding, so
no matter, which mode is selected the Vista CSP pads the input.
2. I could not find anywhere documented whether CRYPT_MODE_CTS is supported.
It is not. A call to CryptSetKeyParam with CRYPT_MODE_CTS(5) has no effect. A
subsequent CryptGetKeyParam shows CRYPT_MODE_CBC(1) set.
3. I missed the note in MSDN that OFB is not supported.
All together, the default Vista CSP: “Microsoft Enhanced RSA and AES
Cryptographic Provider” for AES is a disappointment. Padding cannot be
switched off, not even in CFB mode, and CTS and OFB modes are not implemented.
.
- Follow-Ups:
- Re: Crypto problems in Vista
- From: Andrew Tucker [MSFT]
- Re: Crypto problems in Vista
- References:
- Re: Crypto problems in Vista
- From: Alun Jones
- Re: Crypto problems in Vista
- Prev by Date: PFXImportCertStore is associated with windows password filter
- Next by Date: Creating Diffie-Hellman key exchange with known parameters
- Previous by thread: Re: Crypto problems in Vista
- Next by thread: Re: Crypto problems in Vista
- Index(es):
Relevant Pages
|
