CryptDecrypt Failure please help
-
Why do you never check
APIfunctions' return values? You should always check for failures (and then callGetLastErrorto get the reason of). :)If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]CPallini wrote:
Why do you never check API functions' return values?
Please dont shoot next time. :laugh:
-
Why do you never check
APIfunctions' return values? You should always check for failures (and then callGetLastErrorto get the reason of). :)If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]Ooops yep I did and I get a bad data error i forgot the number, i did put getlasterror i wasnt able to paste it here.
-
Ooops yep I did and I get a bad data error i forgot the number, i did put getlasterror i wasnt able to paste it here.
Please post: (1) the name of the failing function. (2) the return value of GetLastError(). :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
Hi all, First of all props to Randor for helping me and giving me a base code now I modified his code and this is it:
#include <iostream>
#include <tchar.h>
#include <windows.h>
#include <Wincrypt.h>
#include <Xenroll.h>
#include <atlenc.h>
#include <atlcrypt.h>#pragma comment(lib, "crypt32.lib")//n7M41mbWvrA=
BYTE* Base64Decode2(LPCTSTR lpData, DWORD dwSize, DWORD *dwBufSize)
{
DWORD dwResult = 0;
if(CryptStringToBinary(lpData, dwSize, CRYPT_STRING_BASE64, NULL, &dwResult,NULL,NULL))
{
BYTE * decodedStr;
decodedStr = new BYTE;
LPTSTR lpszBase64Decoded = new TCHAR[dwResult+(sizeof(TCHAR) * 2)];
memset(decodedStr,0,dwResult);
if(CryptStringToBinary(lpData, dwSize, CRYPT_STRING_BASE64,decodedStr, &dwResult,NULL,NULL))
{
*dwBufSize = dwResult;
return decodedStr;
}
}
return NULL;
}LPTSTR Base64Encode2(BYTE* lpData, DWORD dwSize, BOOL bStripCRLF, DWORD *dwbufSize)
{
DWORD dwResult = 0;
if(CryptBinaryToString(lpData, dwSize, CRYPT_STRING_BASE64, NULL, &dwResult))
{
LPTSTR lpszBase64 = new TCHAR[dwResult];
if(CryptBinaryToString(lpData, dwSize, CRYPT_STRING_BASE64, lpszBase64, &dwResult))
{
TCHAR pByteLF = *(LPWORD)(lpszBase64 + dwResult -1);
TCHAR pByteCR = *(LPWORD)(lpszBase64 + dwResult -2);
if(pByteCR == 0x0D && pByteLF == 0x0A)
{
*(LPWORD)(lpszBase64 + dwResult -2) = 0;
}
*dwbufSize = dwResult;
return lpszBase64;
}
}
return NULL;
}
DWORD TripleDESdecrypt2(TCHAR *cyphertext,DWORD ctlen,TCHAR *passwd,DWORD pwlen,BYTE *plaintext,DWORD *ptlen)
{
HCRYPTPROV hProv;
HCRYPTHASH hHash;
HCRYPTKEY hKey;
DWORD dwSizeNeeded =0;CryptAcquireContext(&hProv,NULL,MS\_STRONG\_PROV,PROV\_RSA\_FULL,0); CryptCreateHash(hProv,CALG\_MD5,0,0,&hHash); CryptHashData(hHash,(BYTE \*)passwd,pwlen,0); CryptDeriveKey(hProv,CALG\_3DES,hHash,0,&hKey); DWORD dMode = CRYPT\_MODE\_ECB; CryptSetKeyParam(hKey, PKCS5\_PADDING, reinterpret\_cast<const BYTE \*>(&dMode), 0); if(\*ptlen >= ctlen) { memcpy(plaintext,cyphertext,\*ptlen); BOOL result = CryptDecrypt(hKey,NULL,1,0,plaintext,&ctlen); \*ptlen=ctlen; } else { dwSizeNeeded = ctlen \* sizeof(TCHAR); } CryptDestroyKey(hKey); CryptDestroyHash(hHash); CryptReleaseContext(hProv,0); return dwSizeNeeded;}
int main()
{BYTE\* decodedStr; HCRYPTPROV hCryptProv; HCRYPTHASH hHash = 0; HCRYPTKEY hKey = 0; TCHAR szKey\[\] = \_T("h3bmull3rJayJay, The code I posted yesterday [^]works in both Unicode and ANSI builds. The only thing I did not give you is UTF8 conversion[^] because I do not know what codepage[^] your C# application is using. The Base64 string "n7M41mbWvrA=" does not appear to be standard Unicode or ANSI when converted from Base64 so you cannot convert it into a readable string until you match the codepage[^]. Best Wishes, -David Delaune
-
JayJay, The code I posted yesterday [^]works in both Unicode and ANSI builds. The only thing I did not give you is UTF8 conversion[^] because I do not know what codepage[^] your C# application is using. The Base64 string "n7M41mbWvrA=" does not appear to be standard Unicode or ANSI when converted from Base64 so you cannot convert it into a readable string until you match the codepage[^]. Best Wishes, -David Delaune
Hi David , This is the whole solution of the c# application used for the encryption: Link[^] Yup I have tested it and kinda reversed engineered it to imitate the c# conversion, I just revised it a bit that both byte[] toEncryptArray = Convert.FromBase64String(toEncrypt); and return Convert.ToBase64String(resultArray, 0, resultArray.Length); are used instead of using the UTF8 conversion although it is still being used when converting the key. Please enlighten me Thanks, Jayjay
-
Hi David , This is the whole solution of the c# application used for the encryption: Link[^] Yup I have tested it and kinda reversed engineered it to imitate the c# conversion, I just revised it a bit that both byte[] toEncryptArray = Convert.FromBase64String(toEncrypt); and return Convert.ToBase64String(resultArray, 0, resultArray.Length); are used instead of using the UTF8 conversion although it is still being used when converting the key. Please enlighten me Thanks, Jayjay
Hello JayJay, Now that I have looked at the C# project I think I know what the problem is. The C# code is using ECB (Electronic Code Book) and PKCS-7. They are using entirely different 3DES modes and padding. Its getting late here, I will look at it again tomorrow. If you want to experiment you can start with changing modes in the code I gave you:
BYTE nMode = CRYPT_MODE_ECB; CryptSetKeyParam(hKey,KP_MODE,&nMode,0);
You may also need to generate a temporary BLOBHEADER of type PLAINTEXTKEYBLOB for this mode. I'm not really sure. Good Luck, -David Delaune -
Hello JayJay, Now that I have looked at the C# project I think I know what the problem is. The C# code is using ECB (Electronic Code Book) and PKCS-7. They are using entirely different 3DES modes and padding. Its getting late here, I will look at it again tomorrow. If you want to experiment you can start with changing modes in the code I gave you:
BYTE nMode = CRYPT_MODE_ECB; CryptSetKeyParam(hKey,KP_MODE,&nMode,0);
You may also need to generate a temporary BLOBHEADER of type PLAINTEXTKEYBLOB for this mode. I'm not really sure. Good Luck, -David DelauneHi David, Thanks I have also tried that as you can see at the code I posted, where will I use the blobheader? Is it just a container of the modes and 3des algorithm? Thanks for the continuous help, Jayjay
-
Hello JayJay, Now that I have looked at the C# project I think I know what the problem is. The C# code is using ECB (Electronic Code Book) and PKCS-7. They are using entirely different 3DES modes and padding. Its getting late here, I will look at it again tomorrow. If you want to experiment you can start with changing modes in the code I gave you:
BYTE nMode = CRYPT_MODE_ECB; CryptSetKeyParam(hKey,KP_MODE,&nMode,0);
You may also need to generate a temporary BLOBHEADER of type PLAINTEXTKEYBLOB for this mode. I'm not really sure. Good Luck, -David DelauneHi David, What do you think that can help me know? The c# developer said it is standard so it can be fully translated to c++ Thanks, Jayjay
-
Hi David, What do you think that can help me know? The c# developer said it is standard so it can be fully translated to c++ Thanks, Jayjay
Hi Jayjay, I was unsuccessful with setting the mode to ECB and padding to PKCS #7. I'm afraid you will have to research why this is failing with error code NTE_BAD_ALGID which is to say "Invalid algorithm specified". Perhaps the default cryptographic service provider does not support Triple ECB or maybe I am doing something incorrect. Best Wishes, -David Delaune
-
Hi Jayjay, I was unsuccessful with setting the mode to ECB and padding to PKCS #7. I'm afraid you will have to research why this is failing with error code NTE_BAD_ALGID which is to say "Invalid algorithm specified". Perhaps the default cryptographic service provider does not support Triple ECB or maybe I am doing something incorrect. Best Wishes, -David Delaune
Hi David, Is PKCS5 of c++ win api the same ast PKCS 7 of C# or .net? I will research on this, or I have to ask to change the way of encrypting. Thanks, Jayjay
-
Hi David, Is PKCS5 of c++ win api the same ast PKCS 7 of C# or .net? I will research on this, or I have to ask to change the way of encrypting. Thanks, Jayjay
I looked over the RSA documentation and found that they are the same. The RSA standards documents are here: Look at PKCS #5: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2-0.doc The padding method is described in section 6.1.1 and it states that the padding values are equal to the length of the message modulo 8. So lets imagine the message you want to encrypt is 60 bytes long. (60 mod 8) is equal to 0x4 So your padding would be: 0x4 0x4 0x4 0x4 Pretty easy huh? If you take a look at the padding method described in section 10.3 in the PKCS #7 documents it outlines the same padding. You can verify it here: ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-7.doc So yes, PKCS #5 is exactly the same padding as PKCS #7. Best Wishes, -David Delaune
-
I looked over the RSA documentation and found that they are the same. The RSA standards documents are here: Look at PKCS #5: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2-0.doc The padding method is described in section 6.1.1 and it states that the padding values are equal to the length of the message modulo 8. So lets imagine the message you want to encrypt is 60 bytes long. (60 mod 8) is equal to 0x4 So your padding would be: 0x4 0x4 0x4 0x4 Pretty easy huh? If you take a look at the padding method described in section 10.3 in the PKCS #7 documents it outlines the same padding. You can verify it here: ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-7.doc So yes, PKCS #5 is exactly the same padding as PKCS #7. Best Wishes, -David Delaune
Hi David, I am kinda confused about how the padding will be can you explain how will the code look like? Thanks, jayjay
