Generate a secret: CryptderiveKey, CryptGenkey, CryptDestroyKey
These three functions are used to generate a secret handle:
The CryptderiveKey function generates a secret from a specified password (Password). The CryptGenKey function generates a secret from a randomized value. The CryptDestroyKey function releases the secret object.
When using the CryptGenKey function, it is recommended to use the CRYPT_EXPORTABLE parameter to create a derived session. This will create a value that can be moved from one machine to another machine. This parameter is not provided, and the return value is only valid in this machine / session.
Here's an example of using the CryptderiveKey function, assuming that PPAssword points to a user specified password, dwpasswordLength is a password length.
#include
/ *
For non-C / C users, the constants used here are as follows:
#define alg_class_hash (4 << 13)
#define alg_type_any (0)
#define alg_sid_md5 3
#define calg_md5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define crypt_exportable 0x00000001
#define alg_class_data_encrypt (3 << 13)
#define alg_type_stream (4 << 9)
#define alg_sid_rc2 2
#define calg_rc4 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_RC4)
* /
Bool Bresult;
Hcrypthash hhash;
HcryptKey HKey;
// Get a hash object handle
BRESULT = CRYPTCREATEHASH
HPROV, / / CSP handle
CALG_MD5, // hash algorithm
0, // Non-dense hash
0, // set 0
& hhash); / / Save the variable of the hash object handle
// hash data
BRESULT = CRYPTHASHDATA (
Hhash, // has a sanctuary
Pointer Pointer Pointer
DwpasswordLength, // data length
0); // Undeflected value
/ / Generate a secret from the specified password
BRESULT = CRYPTDERIVEKEY
HPROV, / / CSP handle
Calg_rc4, // stream encryption
Hhash, // password hash after object handle
Crypt_exportable, // demon
& hkey); / / Save the variable of the secret object handle
.
.
.
// Operate with a secret
.
.
.
// Release the hash object
CryptDestroyhash (Hhash);
/ / Release the secret object
CryptDestroyKey (HKEY);
Encryption and decryption data: CrypTencrypt, cryptDecrypt, although not fully paired, encryption API processing data is a CrypTencrypt and decryption (CRYPTDECRYPT).
These two functions are very easy to use, but they need to explain their parameters:
The six parameters of each function are the same head two parameters are only the third parameter of the secret selection and an optional hash object. This value remains false before the last piece of data. Let the function specially processed the last piece of data. The last piece of data is set to true. The fourth parameter is the flag value and a pointer to the encrypted or decrypted data. The sixth parameter is the number of characters to be encrypted in the buffer. The seventh parameters are usually the same as the sixth parameters, which indicates the length of the data block. This is because for many algorithms, the encrypted data size is the same as the decryption data size. However, some algorithms increase the length of the encrypted data. In this case, the buffer in the fifth parameter must be large enough to accommodate additional data.
The problem of the length of the buffer can be resolved by calling the CrypTencrypt function before encryption to resolve the size of the module. The following example code demonstrates this technology. In this example, some values have been assumed before, we only encrypt the DWDATALEN byte length in the buffer pointing to the PDATA.
Bool Bresult;
PBYTE PBUFFER;
DWORD DWSIZE;
// Put the data length in the buffer to the variable
DWSIZE = DWDATALEN;
/ / Let the API return to the buffer length we need
BRESULT = CRYPTENCRYPT
HKEY, / / I have obtained before
0, // no sink data
TRUE, / / Last or buffered data
0, // must set 0
NULL, / / No data, simple return size
& dwsize, // Data size
DWSIZE); // Data block size
/ / Now get an output buffer size, create this buffer
PBuffer = new char [dwsize];
// Encrypted data
BRESULT = CRYPTENCRYPT
HKEY, / / I have obtained before
0, // no sink data
TRUE, / / Last or buffered data
0, // must set 0
PBuffer, // data buffer
& dwsize, // data size
DWSIZE); // Data block size
Encryption and decryption simultaneously
Some measures must be taken when using the same secret to encrypt or decrypt two data streams. The same physical session is not allowed to be used for the same operation, because the internal status information of each session demon container is confusing at the same time. A simple solution to this issue is to make a copy of the session. Thus, the original secret is performed, and another operation is made.
Making a copy of a session that can be adjusted
CryptexportKey
Export secret, then adjust
CryptimportKey
Guide it. After the introduction is imported,
CSP
Will give this "new" secretly assign its internal memory area, just like it is not completely associated with the original secret.
