RE: How to use szOID_PKCS_1 ID to encrypt?

Even with only four bytes you don't encrypt data directly with PKCS#1. What
you do is
1. pick a good SYMMETRIC crypto algo (AES is preferred, but for first
testing you can stick with RC4)
2. generate a RANDOM secret key (called session key)
3. encrypt your data using the key from 2 with ango 1
4. encrypt (wrap) the key 2 with an RSA public key
Send the recipien both 3 (encrypted data) and 4 (encrypted key)

Now the recipient will first decrypt the secret key using the RSA private
key then decrypt the data using that key.

Laszlo Elteto
SafeNet, Inc.

"Raj" wrote:

Hi,

I have to encrypt a 4 byte value with PKCS#1 algorithm.
I am using CryptEncryptMessage API with szOID_PKCS_1 as Object ID in
CRYPT_ALGORITHM_IDENTIFIER sturcture. API is returing following error code.

0x80091002 :: Unknown cryptographic algorithm.

This is really my first attempt to use Crypto API and new to RSA algorithms.
Please let me know how to use Crypto API to encrypt with szOID_PKCS_1.

Here I am posting the code what I used. I found the code in MSDN and just
changed algorithm ID. When I try with szOID_RSA_RC4, API is encrypting.


pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,
pDecodedCert, iDecodedCertSize);
free(pDecodedCert);
if(pCertContext == NULL)
{
//*ErrorCode = GetLastError();
return NULL;
}

///Prepare for encryption

PCCERT_CONTEXT RecipientCertArray[1];
CRYPT_ENCRYPT_MESSAGE_PARA EncryptParams={0};
CRYPT_ALGORITHM_IDENTIFIER EncryptAlgorithm={0};
DWORD
EncryptAlgSize=sizeof(EncryptAlgorithm),EncryptParamsSize=sizeof(EncryptParams),cbEncryptedBlob=0;

BYTE* pbEncryptedBlob = NULL;

// Create a RecipientCertArray.
RecipientCertArray[0] = pCertContext;
// Initialize the algorithm identifier structure.
EncryptAlgorithm.pszObjId = szOID_PKCS_1;

// Initialize the CRYPT_ENCRYPT_MESSAGE_PARA structure.
EncryptParams.cbSize = EncryptParamsSize;
EncryptParams.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING ;
EncryptParams.hCryptProv = NULL;
EncryptParams.ContentEncryptionAlgorithm = EncryptAlgorithm;

if(CryptEncryptMessage(&EncryptParams,1,RecipientCertArray,(const
PBYTE)&m_IssueSeed,sizeof(m_IssueSeed),NULL,&cbEncryptedBlob))
{
pbEncryptedBlob = (PBYTE)malloc(cbEncryptedBlob);

if(CryptEncryptMessage(&EncryptParams,1,RecipientCertArray,(const
PBYTE)&m_IssueSeed,sizeof(m_IssueSeed),pbEncryptedBlob,&cbEncryptedBlob))
{
//success.
}
else
{
//*ErrorCode = GetLastError();
}
}
else
{
//*ErrorCode = GetLastError();
}





.

Relevant Pages

  • Re: Possible new crypto system
    ... Standard cryptographic advice is never to touch any secret algorithm ... if I had a way to encrypt a "text" (some binary data ... Those are the basic requirements for any crypto system. ... Any good modern crypto system is proof against brute force. ...
    (sci.crypt)
  • Improving the AONT pakagetransform
    ... That aside in in Ron's all or nothing package transform you take a ... a long message of English text you first encrypt it say with AES in a ... At this point say your stuck with 40 bit crypto you then encrypt ... Yet the fact is such an attack even with the larger ...
    (sci.crypt)
  • How to use szOID_PKCS_1 ID to encrypt?
    ... I have to encrypt a 4 byte value with PKCS#1 algorithm. ... API is returing following error code. ... This is really my first attempt to use Crypto API and new to RSA algorithms. ... Please let me know how to use Crypto API to encrypt with szOID_PKCS_1. ...
    (microsoft.public.platformsdk.security)
  • Re: Protect exe code against being decompiled
    ... encrypt it then it has what it needs to unencrypt it to ... your own crypto code. ... > because users can't run anauthorized executables. ... > Somebody knows some tool to encrypt an EXE file of such ...
    (microsoft.public.security)
  • Re: Need simple lib for asymetric encryption
    ... I would like to encrypt some data with key1 and decrypt it again with key2. ... as 'public key' and to key2 as 'private key'. ... Public key crypto is abysmally slow. ...
    (sci.crypt)