locked
Win32 crypto aes RRS feed

  • Question

  • Hi all,

    I'm new to cryptography. I am adding file encryption to our product on files it exports and decryption as it imports files.

    I started out with the sample programs for encrypt http://msdn.microsoft.com/en-us/library/aa382358.aspx and decrypt http://msdn.microsoft.com/en-us/library/aa382044(v=VS.85).aspx and got these to work as MSVS 2005 projects. I moved the functionality of MyEncryptFile() and MyDecryptFile() leaving out the part for when there is no password since we will require a password, to a MSVS 2005 dll project I created and made a separate test driver from the main() function. This all works.

    My problem is we need to do AES encryption to be FIPS compliant. So I made the following changes:

    #define

     

    ENCRYPT_ALGORITHM CALG_AES_128

    #define MS_ENH_RSA_AES_PROV_XP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"  

    const

     

    PROVIDERS AesProviders[] =

    {

     

    { MS_ENH_RSA_AES_PROV, PROV_RSA_AES, 0 },

    { MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_NEWKEYSET },

    { MS_ENH_RSA_AES_PROV_XP, PROV_RSA_AES, 0 },

    { MS_ENH_RSA_AES_PROV_XP, PROV_RSA_AES, CRYPT_NEWKEYSET },

    };

     In the encrypt and decrypt functions I changed to get an AES CSP with CryptAquireContext():

     

    for

    (i = 0; i < _countof(AesProviders); i++ )

    {

     

    if

    (CryptAcquireContext(&hCryptProv, NULL, AesProviders[i].params.lpszProvider,

    AesProviders[i].params.dwType, AesProviders[i].params.dwFlags))

     

    break

    ;

    }

     

    if

    (i >= _countof(AesProviders))

    {

    MyHandleError(

    TEXT(

    "Error during CryptAcquireContext!\n"

    ),

    GetLastError());

     

    goto

    Exit_MyEncryptFile;

    }

     

    else

    _ftprintf(stderr, TEXT(

    "Provider %s, flag %d.\n\n"

    ), AesProviders[i].params.lpszProvider,

    AesProviders[i].params.dwFlags);

     

    The provider is  "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" on XP and "Microsoft Enhanced RSA and AES Cryptographic Provider" on windows 7 both with flag 0.

    My test text file is 999 bytes long. With the original code the encrypted file was the same length. When I changed to AES as shown, the encrypted file is 1008 bytes. When I do the decrypt, CryptDecrypt() has the error 0x80090005, NTE_BAD_DATA.

    Which mode of AES does this provider do, CBC, CFB, CTR?

    Will I still be FIPS compliant with the way I am doing this?

    What am I doing wrong or need to do different?

    Thanks for your help.

    Don

      
    Don Rosengrant
    • Moved by Jesse Jiang Friday, December 2, 2011 3:13 AM (From:Visual C++ General)
    Thursday, December 1, 2011 9:53 PM

All replies

  • Hi Don,

     

    I think your issue should be raised in the Security for Applications in Microsoft Windows. I believe they will know more information of this issue than us, and I will move this one to that forum.

     

    Thanks for your understanding,

     

    Best regards,

    Jesse


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us
    Friday, December 2, 2011 3:12 AM
  • Thanks Jesse,

    I think part of it had to do with the encrypt block length. In the sample it was 8. I changed it to 16 and it seems to be working.

    I believe I should be be FIPS compliant with what I'm doing. I need to change the hash for the password to SHA1. If someone can confirm this, it would be appreciated.

    Thanks.

    Don


    Don Rosengrant
    Friday, December 2, 2011 1:32 PM