Encrypting Messages Using CryptoAPI
To encrypt a message, a session key must first be generated using the
CryptGenKey function. Making this call generates a random key and returns a handle so the
key can be used to encrypt and decrypt data. The encryption algorithm to use
is also specified at this point. Because the CryptoAPI does not permit
applications to use public-key algorithms to encrypt bulk data, you should specify a
symmetric algorithm such as RC2 or RC4, with the
CryptGenKey call.
Alternatively, if an application needs to encrypt the message in such a way
that anyone with a given password can decrypt the data, the
CryptDeriveKey function should be used to transform the password into a key suitable for
encryption. Note that, in this case, this function is called instead of the
CryptGenKey function and the subsequent
CryptExportKey calls are not needed.
Once the key has been generated, extra cryptographic properties of the key can
be set with the
CryptSetKeyParam function. For example, this function allows different sections of the file to
be encrypted with different key salts and provides a way to change the cipher
mode or initialization vector of the key. These parameters can be used to make
the encryption conform with a particular data encryption standard.
Encrypt the data in the file with the
CryptEncrypt function. The
CryptEncrypt function takes a session key, which was generated in the previous step, and
encrypts a buffer of data. Note that as the data is encrypted, the data may be
slightly expanded by the encryption algorithm. The application is responsible
for remembering the length of the encrypted data so the proper length can later
be given to the
CryptDecrypt function.
To allow the current user to decrypt the data in the future, the
CryptExportKey function is used to save the decryption key in an encrypted form (a key blob)
that can only be decrypted with the user's private key. This function requires
the user's key exchange public key for this purpose, which can be obtained by
using the
CryptGetUserKey function. The
CryptExportKey function will return a key blob that must be stored by the application for
use in decrypting the file.
Note that if the application has certificates (or public keys) for other
users, it can permit other users to decrypt the file by performing
CryptExportKey calls for each user it wants to give access. The returned key blobs must be
stored by the application, as in the previous step.
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
