21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Solution<br />

Microsoft’s CryptoAPI is available on most versions of Windows that are widely<br />

deployed, so it is a reasonable solution for many uses of symmetric encryption.<br />

CryptoAPI contains a small, yet nearly complete, set of functions for creating and<br />

manipulating symmetric encryption keys (which the Microsoft documentation usually<br />

refers to as session keys), exchanging keys, and encrypting and decrypting data.<br />

While the information in the following “Discussion” section will not provide you<br />

with all the finer details of using CryptoAPI, it will give you enough background to<br />

get started using the API successfully.<br />

Discussion<br />

CryptoAPI is designed as a high-level interface to various cryptographic constructs,<br />

including hashes, MACs, public key encryption, and symmetric encryption. Its support<br />

for public key cryptography makes up the majority of the API, but there is also a<br />

small subset of functions for symmetric encryption.<br />

Before you can do anything with CryptoAPI, you first need to acquire a provider context.<br />

CryptoAPI provides a generic API that wraps around Cryptographic Service Providers<br />

(CSPs), which are responsible for doing all the real work. Microsoft provides<br />

several different CSPs that provide implementations of various algorithms. For symmetric<br />

cryptography, two CSPs are widely available and of interest: Microsoft Base<br />

Cryptographic Service Provider and Microsoft Enhanced Cryptographic Service Provider.<br />

A third, Microsoft AES Cryptographic Service Provider, is available only in the<br />

.NET framework. The Base CSP provides RC2, RC4, and DES implementations. The<br />

Enhanced CSP adds implementations for DES, two-key Triple-DES, and three-key<br />

Triple-DES. The AES CSP adds implementations for AES with 128-bit, 192-bit, and<br />

256-bit key lengths.<br />

For our purposes, we’ll concentrate only on the enhanced CSP. Acquiring a provider<br />

context is done with the following code. We use the CRYPT_VERIFYCONTEXT flag here<br />

because we will not be using private keys with the context. It doesn’t necessarily hurt<br />

to omit the flag (which we will do in Recipes 5.26 and 5.27, for example), but if you<br />

don’t need public key access with the context, you should use the flag. Some CSPs<br />

may require user input when CryptAcquireContext( ) is called without CRYPT_<br />

VERIFYCONTEXT.<br />

#include <br />

#include <br />

HCRYPTPROV SpcGetCryptContext(void) {<br />

HCRYPTPROV hProvider;<br />

if (!CryptAcquireContext(&hProvider, 0, MS_ENHANCED_PROV, PROV_RSA_FULL,<br />

CRYPT_VERIFYCONTEXT)) return 0;<br />

return hProvider;<br />

}<br />

238 | Chapter 5: Symmetric Encryption<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!