VCKBASE ONLINE HELP JOURNAL NO.10
Data encryption with CryptoAPI, Nanjing University of Technology, computer system, Shu Jing Li Weiqing ---- Because it is very difficult to achieve too complex encryption algorithm, in the past, many applications can only use very simple encryption technology, the result of doing this is encrypted Data can be easily deciphered. The encrypted application interface (ie, Cryptography API) provided by Microsoft, or CryptoAPI can easily add powerful encryption functions in the application without having to consider the basic algorithm. This article will be a simple introduction to the principles of CryptoAPI and its data encryption, and then give the approximate steps to write encrypted programs with CryptoAPI. Finally, in the encryption of a file, the decryption program demonstrates partial features of CRYPTOAPI. ---- 1. CryptoAPI Introduction ---- CryptoAPI is a set of functions, in order to complete mathematical calculations, must have a password service provider module (CSP). Microsoft provides a CSP by bundling RSA Base Provider at the operating system level, using RSA's public key encryption algorithm, more CSP can be added to the application as needed. In fact, the CSP may be encrypted with special hardware devices (such as smart cards). The CryptoAPI interface allows simple function call to encrypt data, exchange public keys, hash a message to create summary and generate digital signatures. It also provides advanced management, such as using a CSP from a group of possible CSPs. In addition, CryptoAPI provides a basis for many advanced security services, including SETs for e-commerce, PCTs for encrypting client / server messages, and is used to pass back and forth in each platform. PFX, Code signature, etc. The architecture of CryptoAPI is as follows:
---- The Windows system currently supporting CryptoAPI has: Windows 95 OSR2, Windows NT SP3, and Subsessment, Windows 98, Windows 2000, etc. CryptoAPI configuration information is stored in the registry, including the following key: hkey_local_machine\software\
Microsoft / Cryptography / Defaults
HKEY_CURRENT_USER / SOFTWARE / Microsoft
/ Cryptography / Providers
---- 2. Data encryption principle ---- Data encryption process is shown below:
---- CryptoAPI uses two keys: session keys with public / private key pairs. The session key uses the same encryption and decryption key, which is faster, but must guarantee the secure transmission of the key. Public / private key uses a public key and a private key, the private key is only a special person to use, and the public key can be widely spread. If one of the key pairs is used for encryption, the other must be used for decryption. The public / private key is very slow, generally only for encrypted small batch data, such as for encrypted session keys. ---- CryptoAPI supports two basic coding methods: streaming coding and block encoding. Flow coding creates a coded bit on each bit of the coded text, fast speed, but is low. Block encoding on a complete block (typically 64 bits), you need to use a fill method to round the data to be encoded to form a plurality of complete blocks. This algorithm is slow, but safer. ---- 3. Application Example ---- The following is a case piece with two files encrypted and decrypted as an example, demonstrate the powerful function of CryptoAPI. Both the two programs are Win32 console applications, and the program omits the error handling, please join when actually runtime. ---- 1 File Encryption #include
#include
#include
/ / Determine the use of RC2 block encoding or RC4 streaming coding
#ifdef us_block_cipher
#define encrypt_algorithmcalg_rc2
#define encrypt_block_size8
#ELSE
#define encrypt_algorithmcalg_rc4
#define encrypt_block_size1
#ENDIF
Void Capidecryptfile (Pchar Szsource,
Pchar szdestination, pchar szpassword;
Void_cdecl main (int Argc, char * argv [])
{
Pchar szsource = NULL;
Pchar szdestination = NULL;
Pchar Szpassword = NULL;
// Verify the number of parameters
IF (argc! = 3 && argc! = 4) {
Printf ("Usage: Decrypt
Exit (1);
}
// read the parameters.
Szsource = argv [1];
Szdestination = argv [2];
IF (argc == 4) {
Szpassword = argv [3];
}
CapideCryptfile (Szsource, Szdestination, Szpassword);
}
/ * szsource is the name of the file to encrypted, SZDestination
For the encrypted file name, szpassword is an encrypted password * /
Void Capiencryptfile (pchar szsource, pchar
SZDESTINATION, PCHAR SZPASSWORD)
{
File * hSource = NULL;
File * hdestination = NULL;
INT EOF = 0;
HcryptProv HPROV = 0;
HcryptKey HKEY = 0;
HcryptKey HxChgKey = 0;
Hcrypthash hhash = 0; pBYTE PBKEYBLOB = NULL;
DWORD DWKEYBLOBLEN
PBYTE PBBUFFER = NULL;
DWORD DWBLOCKLEN;
DWORD dwbufferlen;
DWORD DWCOUNT;
HSource = FOPEN (Szsource, "RB")); // Open the source file.
HDestination = fopen (szdestination, "wb");
//. Open the target file
/ / Connect the default CSP
CryptacquiRecontext (& HPROV, NULL, NULL,
PROV_RSA_FULL, 0));
IF (szpassword == null) {
// password is empty, encrypt with randomized session key
// Generate an endless session key.
CryptGenkey (HPROV, Encrypt_Algorithm,
Crypt_exportable, & hkey)
// Get the public key of the key exchange pair
CryptgetuserKey (HPROV, AT_KEYEXCHANGE, & HXCHGKEY);
/ / Calculate the length of the coding and allocate the buffer
CryptexportKey (HKEY, HXCHGKEY, SIMPLEBLOB, 0,
NULL, & DWKEYBLOBLEN
PBKEYBLOB = Malloc (dwkeybloblen) == null);
// output the session key to the cod
CryptexportKey (HKEY, HXCHGKEY, SIMPLEBLOB,
0, PBKEYBLOB, & DWKEYBLOBLEN);
// Release the handle of the key exchange pair
CryptDestroyKey (HXCHGKEY);
HxChgKey = 0;
// Write the length of the coding to the target file
FWRITE (& DWKEYBLOBLEN, SIZEOF (DWORD), 1, HDESTINATION
// Write the length of the coding to the target file
FWRITE (PBKEYBLOB, 1, DWKEYBLOBLEN, HDESTINATION);
} else {
// Password is not empty, use the key encrypted file from the password
Cryptcreatehash (HPROV, CALG_MD5, 0, 0, & HHASH);
// Establish a hash table
CrypthashData (Hhash, Szpassword, Strlen (Szpassword), 0);
// Hatup password
// Send a key from the hash table
CryptderiveKey (HPROV, ENCRYPT_ALGORITHM, HHASH, 0, & HKEY);
// Delete a list of lashes
CryptDestroyhash (Hhash);
Hhash = 0;
}
/ / Calculate the number of data bytes of the encrypted data, must be an integer multiple of Encrypt_block_size
DWBLOCKLEN = 1000 - 1000% encrypt_block_size;
// If you use block encoding, you need additional space.
IF (Encrypt_Block_size> 1) {
Dwbufferlen = dwblocklen encrypt_block_size;
} else {
DWBUFFERLEN = dwblocklen;
}
// Assign buffer
PBBuffer = malloc (dwbufferlen);
// Encrypted source file and write to the target file
Do {
// Read DWBLOCKLEN by DWBLOCKLEN from the source file DWCount = FREAD (pbuffer, 1, dwblocklen, hsource);
EOF = Feof (hSource);
// Encrypted data
Cryptencrypt (HKEY, 0, EOF, 0, PBBUFFER,
& dwcount, dwbufferlen;
// Write the encrypted data to the target file
FWRITE (PBBuffer, 1, dwcount, hdestination);
} while (! feof (hsource));
Printf ("ok / n");
... // Close the file, release memory
}
2 file decryption
Void CapideCryptfile (Pchar Szsource, Pchar
SZDESTINATION, PCHAR SZPASSWORD)
{
... // Variable Declaration, File Operation with Document Encryption Program
CryptacquiRecontext (& HPROV, NULL, NULL, PROV_RSA_FULL, 0);
IF (szpassword == null) {
// password is empty, use the session key in the encrypted file to decrypt
// Read the length of the coding and allocate memory
Fread (& DwKeybloblen, Sizeof (DWORD), 1, HSOURCE;
PBKEYBLOB = Malloc (dwkeybloblen) == null);
// Read the courination from the source file.
Fread (pbkeyblob, 1, dwkeybloblen, hsource);
// Enter the hidden code CSP
CryptimportKey (HPROV, PBKEYBLOB,
DWKEYBLOBLEN, 0, 0, & HKEY);
} else {
// password is not empty, use the key to decrypt file from the password
Cryptcreatehash (HPROV, CALG_MD5, 0, 0, & HHASH);
CrypthashData (Hhash, Szpassword, Strlen (Szpassword), 0);
CryptderiveKey (HPROV, Encrypt_Algorithm,
Hhash, 0, & hkey);
CryptDestroyhash (Hhash);
Hhash = 0;
}
DWBLOCKLEN = 1000 - 1000% encrypt_block_size;
IF (Encrypt_Block_size> 1) {
Dwbufferlen = dwblocklen encrypt_block_size;
} else {
DWBUFFERLEN = dwblocklen;
}
PBBuffer = malloc (dwbufferlen);
// Decrypt the source file and write to the target file
Do {
DWCount = FREAD (PBBuffer, 1, dwblocklen, hsource);
EOF = Feof (hSource);
// Decrypt data
CryptDecrypt (HKEY, 0, EOF, 0, PBBUFFER, & DWCOUNT);
// Write the decrypted data to the target file
FWRITE (PBBuffer, 1, dwcount, hdestination);
} while (! feof (hsource));
Printf ("ok / n");
... // Close the file, release memory
}
---- The above code is compiled in the Windows NT4.0, the Visual C 6.0 environment. ---- In addition to direct use of encrypted data, CryptoAPI is also widely used to generate and confirm digital signatures, here is not a way to say, interested readers can refer to MSDN documents. © 1997-2000 vckbase.com All rights reserved.
