Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Wed, 16 Apr 2008 20:17:00 -0700,    group: microsoft.public.platformsdk.security        back       


How to use szOID_PKCS_1 ID to encrypt?    
Hi, 

I have to encrypt a 4 byte value with PKCS#1 algorithm. 
I am using CryptEncryptMessage API with szOID_PKCS_1 as Object ID in 
CRYPT_ALGORITHM_IDENTIFIER sturcture. API is returing following error code.

0x80091002 :: Unknown cryptographic algorithm. 

This is really my first attempt to use Crypto API and new to RSA algorithms.
Please let me know how to use Crypto API to encrypt with szOID_PKCS_1.

Here I am posting the code what I used. I found the code in MSDN and just 
changed algorithm ID. When I try with szOID_RSA_RC4, API is encrypting.


	pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, 
pDecodedCert, iDecodedCertSize);
	free(pDecodedCert);
	if(pCertContext == NULL)
	{
		//*ErrorCode = GetLastError();
		return NULL;
	}

	///Prepare for encryption

	PCCERT_CONTEXT RecipientCertArray[1];
	CRYPT_ENCRYPT_MESSAGE_PARA EncryptParams={0};
	CRYPT_ALGORITHM_IDENTIFIER EncryptAlgorithm={0};
	DWORD 
EncryptAlgSize=sizeof(EncryptAlgorithm),EncryptParamsSize=sizeof(EncryptParams),cbEncryptedBlob=0;
	
	BYTE*    pbEncryptedBlob = NULL;

	// Create a RecipientCertArray.
	RecipientCertArray[0] = pCertContext;
	// Initialize the algorithm identifier structure.
	EncryptAlgorithm.pszObjId = szOID_PKCS_1;

	// Initialize the CRYPT_ENCRYPT_MESSAGE_PARA structure. 
	EncryptParams.cbSize =  EncryptParamsSize;
	EncryptParams.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING ;
	EncryptParams.hCryptProv = NULL;
	EncryptParams.ContentEncryptionAlgorithm = EncryptAlgorithm;

	if(CryptEncryptMessage(&EncryptParams,1,RecipientCertArray,(const 
PBYTE)&m_IssueSeed,sizeof(m_IssueSeed),NULL,&cbEncryptedBlob))
	{
		pbEncryptedBlob = (PBYTE)malloc(cbEncryptedBlob);

		if(CryptEncryptMessage(&EncryptParams,1,RecipientCertArray,(const 
PBYTE)&m_IssueSeed,sizeof(m_IssueSeed),pbEncryptedBlob,&cbEncryptedBlob))
		{
			//success.
		}
		else
		{
			//*ErrorCode = GetLastError();
		}
	}
	else
	{
		//*ErrorCode = GetLastError();
	}
date: Wed, 16 Apr 2008 20:17:00 -0700   author:   Raj

RE: How to use szOID_PKCS_1 ID to encrypt?    
Even with only four bytes you don't encrypt data directly with PKCS#1. What 
you do is
1. pick a good SYMMETRIC crypto algo (AES is preferred, but for first 
testing you can stick with RC4)
2. generate a RANDOM secret key (called session key)
3. encrypt your data using the key from 2 with ango 1
4. encrypt (wrap) the key 2 with an RSA public key
Send the recipien both 3 (encrypted data) and 4 (encrypted key)

Now the recipient will first decrypt the secret key using the RSA private 
key then decrypt the data using that key.

Laszlo Elteto
SafeNet, Inc.

"Raj" wrote:

> Hi, 
> 
> I have to encrypt a 4 byte value with PKCS#1 algorithm. 
> I am using CryptEncryptMessage API with szOID_PKCS_1 as Object ID in 
> CRYPT_ALGORITHM_IDENTIFIER sturcture. API is returing following error code.
> 
> 0x80091002 :: Unknown cryptographic algorithm. 
> 
> This is really my first attempt to use Crypto API and new to RSA algorithms.
> Please let me know how to use Crypto API to encrypt with szOID_PKCS_1.
> 
> Here I am posting the code what I used. I found the code in MSDN and just 
> changed algorithm ID. When I try with szOID_RSA_RC4, API is encrypting.
> 
> 
> 	pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, 
> pDecodedCert, iDecodedCertSize);
> 	free(pDecodedCert);
> 	if(pCertContext == NULL)
> 	{
> 		//*ErrorCode = GetLastError();
> 		return NULL;
> 	}
> 
> 	///Prepare for encryption
> 
> 	PCCERT_CONTEXT RecipientCertArray[1];
> 	CRYPT_ENCRYPT_MESSAGE_PARA EncryptParams={0};
> 	CRYPT_ALGORITHM_IDENTIFIER EncryptAlgorithm={0};
> 	DWORD 
> EncryptAlgSize=sizeof(EncryptAlgorithm),EncryptParamsSize=sizeof(EncryptParams),cbEncryptedBlob=0;
> 	
> 	BYTE*    pbEncryptedBlob = NULL;
> 
> 	// Create a RecipientCertArray.
> 	RecipientCertArray[0] = pCertContext;
> 	// Initialize the algorithm identifier structure.
> 	EncryptAlgorithm.pszObjId = szOID_PKCS_1;
> 
> 	// Initialize the CRYPT_ENCRYPT_MESSAGE_PARA structure. 
> 	EncryptParams.cbSize =  EncryptParamsSize;
> 	EncryptParams.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING ;
> 	EncryptParams.hCryptProv = NULL;
> 	EncryptParams.ContentEncryptionAlgorithm = EncryptAlgorithm;
> 
> 	if(CryptEncryptMessage(&EncryptParams,1,RecipientCertArray,(const 
> PBYTE)&m_IssueSeed,sizeof(m_IssueSeed),NULL,&cbEncryptedBlob))
> 	{
> 		pbEncryptedBlob = (PBYTE)malloc(cbEncryptedBlob);
> 
> 		if(CryptEncryptMessage(&EncryptParams,1,RecipientCertArray,(const 
> PBYTE)&m_IssueSeed,sizeof(m_IssueSeed),pbEncryptedBlob,&cbEncryptedBlob))
> 		{
> 			//success.
> 		}
> 		else
> 		{
> 			//*ErrorCode = GetLastError();
> 		}
> 	}
> 	else
> 	{
> 		//*ErrorCode = GetLastError();
> 	}
> 
> 
> 
> 
>
date: Thu, 17 Apr 2008 08:54:00 -0700   author:   lelteto

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us