locked
SESSION key interoperability in CryptoAPI between Win Mobile and Win XP/Win server 2003 RRS feed

  • Question

  • Please help. Here is our app scenario:
    client runs on windows mobile (5.x and 6.x) and encrypts data using aes-256. The key is derieved from the password.
    once encrypted data comes over to the server (Win XP SP3 and also in another setup we have W2K3 server)
    we need to decrypt it.
    I bet the CSP on these two platforms are different or else why would we get two hash values (and hence different keys).
    Our need is to use aes-256 encryption (for PCI compliance)
    I have tried specifying CSP name/type in the CryptAcquireContext but for my aes-256 encryption, if a combination works to acquire context then the cryptderivekey fails. If I leave the CSP name null so that default is used then of course those defaults are different on two platforms!

    what can I do?
    please suggest some Ideas

     

    Sunday, December 13, 2009 11:51 PM