Announcement

David Roberts · 5 Apr 2009, 04:17 PM

The encryption is not working.

I've tried both of the following.

Object Get EncryptedData.Encrypt To strCipherText
Object Call EncryptedData.Encrypt(strCipherText)

and strCipherText is empty each time.

It also seems that strPassword should not be set using Let as Algorithm and KeyLength are.

José Roca · 5 Apr 2009, 05:54 PM

Try direct interface calls instead. See attached file.

Attached Files

CapicomText.zip (16.6 KB, 48 views)

David Roberts · 5 Apr 2009, 07:00 PM

Thanks José.

> I was pulling my hair out for a while before I realised that hash values are output in Unicode.

However, the input, that is the message to digest, should be ANSI, it seems.

strMessage = UCode$("PowerBASIC: We put the POWER in BASIC!") gave
MD5: 5C07F824BE0F13A36DEFDF2FB4933D1F, which is wrong.

whereas

strMessage = "PowerBASIC: We put the POWER in BASIC!" gave
MD5: 2599E6ABE68987C013A1FC084A158060, which is correct.

I'll have a look at your encryption section to see what I'm doing wrong in the above. I cannot walk away from code that isn't working because I'm at fault. Once it is working I'm quite happy to get shot of it in favour of something better.

José Roca · 5 Apr 2009, 08:06 PM

However, the input, that is the message to digest, should be ANSI, it seems.

You're right. Strange enough, the parameter is declared as BSTR in the type library.

The MSDN documentation doesn't help a bit. It says that this method has no parameters!

http://msdn.microsoft.com/en-us/libr...46(VS.85).aspx

José Roca · 5 Apr 2009, 09:04 PM

CAPICOM has also a module that contains string constants, and they are declared as ansi (LPSTR):

Code:

' ========================================================================================
' Module constants
' Note: Strings constants are ANSI (LPSTR).
' ========================================================================================
%CAPICOM_MAJOR_VERSION                                  = 2&
%CAPICOM_MINOR_VERSION                                  = 1&
%CAPICOM_RELEASE_NUMBER                                 = 0&
%CAPICOM_BUILD_NUMBER                                   = 1&
$CAPICOM_VERSION_INFO                                   = "CAPICOM v2.1"
$CAPICOM_COPY_RIGHT                                     = "Copyright (c) Microsoft Corporation 1999-2004. All rights reserved."
$CAPICOM_MY_STORE                                       = "My"
$CAPICOM_CA_STORE                                       = "Ca"
$CAPICOM_ROOT_STORE                                     = "Root"
$CAPICOM_OTHER_STORE                                    = "AddressBook"
$CAPICOM_OID_SERVER_AUTH                                = "1.3.6.1.5.5.7.3.1"
$CAPICOM_OID_CLIENT_AUTH                                = "1.3.6.1.5.5.7.3.2"
$CAPICOM_OID_CODE_SIGNING                               = "1.3.6.1.5.5.7.3.3"
$CAPICOM_OID_EMAIL_PROTECTION                           = "1.3.6.1.5.5.7.3.4"
$CAPICOM_OID_IPSEC_END_SYSTEM                           = "1.3.6.1.5.5.7.3.5"
$CAPICOM_OID_IPSEC_TUNNEL                               = "1.3.6.1.5.5.7.3.6"
$CAPICOM_OID_IPSEC_USER                                 = "1.3.6.1.5.5.7.3.7"
$CAPICOM_OID_TIME_STAMPING                              = "1.3.6.1.5.5.7.3.8"
$CAPICOM_OID_CTL_USAGE_SIGNING                          = "1.3.6.1.4.1.311.10.3.1"
$CAPICOM_OID_TIME_STAMP_SIGNING                         = "1.3.6.1.4.1.311.10.3.2"
$CAPICOM_OID_SERVER_GATED_CRYPTO                        = "1.3.6.1.4.1.311.10.3.3"
$CAPICOM_OID_ENCRYPTING_FILE_SYSTEM                     = "1.3.6.1.4.1.311.10.3.4"
$CAPICOM_OID_EFS_RECOVERY                               = "1.3.6.1.4.1.311.10.3.4.1"
$CAPICOM_OID_WHQL_CRYPTO                                = "1.3.6.1.4.1.311.10.3.5"
$CAPICOM_OID_NT5_CRYPTO                                 = "1.3.6.1.4.1.311.10.3.6"
$CAPICOM_OID_OEM_WHQL_CRYPTO                            = "1.3.6.1.4.1.311.10.3.7"
$CAPICOM_OID_EMBEDED_NT_CRYPTO                          = "1.3.6.1.4.1.311.10.3.8"
$CAPICOM_OID_ROOT_LIST_SIGNER                           = "1.3.6.1.4.1.311.10.3.9"
$CAPICOM_OID_QUALIFIED_SUBORDINATION                    = "1.3.6.1.4.1.311.10.3.10"
$CAPICOM_OID_KEY_RECOVERY                               = "1.3.6.1.4.1.311.10.3.11"
$CAPICOM_OID_DIGITAL_RIGHTS                             = "1.3.6.1.4.1.311.10.5.1"
$CAPICOM_OID_LICENSES                                   = "1.3.6.1.4.1.311.10.6.1"
$CAPICOM_OID_LICENSE_SERVER                             = "1.3.6.1.4.1.311.10.6.2"
$CAPICOM_OID_SMART_CARD_LOGON                           = "1.3.6.1.4.1.311.20.2.2"
$CAPICOM_SERVER_AUTH_OID                                = "1.3.6.1.5.5.7.3.1"
$CAPICOM_CLIENT_AUTH_OID                                = "1.3.6.1.5.5.7.3.2"
$CAPICOM_CODE_SIGNING_OID                               = "1.3.6.1.5.5.7.3.3"
$CAPICOM_EMAIL_PROTECTION_OID                           = "1.3.6.1.5.5.7.3.4"
$CAPICOM_IPSEC_END_SYSTEM_OID                           = "1.3.6.1.5.5.7.3.5"
$CAPICOM_IPSEC_TUNNEL_OID                               = "1.3.6.1.5.5.7.3.6"
$CAPICOM_IPSEC_USER_OID                                 = "1.3.6.1.5.5.7.3.7"
$CAPICOM_TIME_STAMPING_OID                              = "1.3.6.1.5.5.7.3.8"
$CAPICOM_CTL_USAGE_SIGNING_OID                          = "1.3.6.1.4.1.311.10.3.1"
$CAPICOM_TIME_STAMP_SIGNING_OID                         = "1.3.6.1.4.1.311.10.3.2"
$CAPICOM_SERVER_GATED_CRYPTO_OID                        = "1.3.6.1.4.1.311.10.3.3"
$CAPICOM_ENCRYPTING_FILE_SYSTEM_OID                     = "1.3.6.1.4.1.311.10.3.4"
$CAPICOM_EFS_RECOVERY_OID                               = "1.3.6.1.4.1.311.10.3.4.1"
$CAPICOM_WHQL_CRYPTO_OID                                = "1.3.6.1.4.1.311.10.3.5"
$CAPICOM_NT5_CRYPTO_OID                                 = "1.3.6.1.4.1.311.10.3.6"
$CAPICOM_OEM_WHQL_CRYPTO_OID                            = "1.3.6.1.4.1.311.10.3.7"
$CAPICOM_EMBEDED_NT_CRYPTO_OID                          = "1.3.6.1.4.1.311.10.3.8"
$CAPICOM_ROOT_LIST_SIGNER_OID                           = "1.3.6.1.4.1.311.10.3.9"
$CAPICOM_QUALIFIED_SUBORDINATION_OID                    = "1.3.6.1.4.1.311.10.3.10"
$CAPICOM_KEY_RECOVERY_OID                               = "1.3.6.1.4.1.311.10.3.11"
$CAPICOM_DIGITAL_RIGHTS_OID                             = "1.3.6.1.4.1.311.10.5.1"
$CAPICOM_LICENSES_OID                                   = "1.3.6.1.4.1.311.10.6.1"
$CAPICOM_LICENSE_SERVER_OID                             = "1.3.6.1.4.1.311.10.6.2"
$CAPICOM_SMART_CARD_LOGON_OID                           = "1.3.6.1.4.1.311.20.2.2"
$CAPICOM_ANY_APPLICATION_POLICY_OID                     = "1.3.6.1.4.1.311.10.12.1"
$CAPICOM_ANY_CERT_POLICY_OID                            = "2.5.29.32.0"
$CAPICOM_AUTHORITY_KEY_IDENTIFIER_OID                   = "2.5.29.1"
$CAPICOM_KEY_ATTRIBUTES_OID                             = "2.5.29.2"
$CAPICOM_CERT_POLICIES_95_OID                           = "2.5.29.3"
$CAPICOM_KEY_USAGE_RESTRICTION_OID                      = "2.5.29.4"
$CAPICOM_LEGACY_POLICY_MAPPINGS_OID                     = "2.5.29.5"
$CAPICOM_SUBJECT_ALT_NAME_OID                           = "2.5.29.7"
$CAPICOM_ISSUER_ALT_NAME_OID                            = "2.5.29.8"
$CAPICOM_BASIC_CONSTRAINTS_OID                          = "2.5.29.10"
$CAPICOM_SUBJECT_KEY_IDENTIFIER_OID                     = "2.5.29.14"
$CAPICOM_KEY_USAGE_OID                                  = "2.5.29.15"
$CAPICOM_PRIVATEKEY_USAGE_PERIOD_OID                    = "2.5.29.16"
$CAPICOM_SUBJECT_ALT_NAME2_OID                          = "2.5.29.17"
$CAPICOM_ISSUER_ALT_NAME2_OID                           = "2.5.29.18"
$CAPICOM_BASIC_CONSTRAINTS2_OID                         = "2.5.29.19"
$CAPICOM_NAME_CONSTRAINTS_OID                           = "2.5.29.30"
$CAPICOM_CRL_DIST_POINTS_OID                            = "2.5.29.31"
$CAPICOM_CERT_POLICIES_OID                              = "2.5.29.32"
$CAPICOM_POLICY_MAPPINGS_OID                            = "2.5.29.33"
$CAPICOM_AUTHORITY_KEY_IDENTIFIER2_OID                  = "2.5.29.35"
$CAPICOM_POLICY_CONSTRAINTS_OID                         = "2.5.29.36"
$CAPICOM_ENHANCED_KEY_USAGE_OID                         = "2.5.29.37"
$CAPICOM_CERTIFICATE_TEMPLATE_OID                       = "1.3.6.1.4.1.311.21.7"
$CAPICOM_APPLICATION_CERT_POLICIES_OID                  = "1.3.6.1.4.1.311.21.10"
$CAPICOM_APPLICATION_POLICY_MAPPINGS_OID                = "1.3.6.1.4.1.311.21.11"
$CAPICOM_APPLICATION_POLICY_CONSTRAINTS_OID             = "1.3.6.1.4.1.311.21.12"
$CAPICOM_AUTHORITY_INFO_ACCESS_OID                      = "1.3.6.1.5.5.7.1.1"
$CAPICOM_PKIX_POLICY_QUALIFIER_CPS_OID                  = "1.3.6.1.5.5.7.2.1"
$CAPICOM_PKIX_POLICY_QUALIFIER_USERNOTICE_OID           = "1.3.6.1.5.5.7.2.2"
%CAPICOM_TRUST_IS_NOT_TIME_VALID                        = 1&
%CAPICOM_TRUST_IS_NOT_TIME_NESTED                       = 2&
%CAPICOM_TRUST_IS_REVOKED                               = 4&
%CAPICOM_TRUST_IS_NOT_SIGNATURE_VALID                   = 8&
%CAPICOM_TRUST_IS_NOT_VALID_FOR_USAGE                   = 16&
%CAPICOM_TRUST_IS_UNTRUSTED_ROOT                        = 32&
%CAPICOM_TRUST_REVOCATION_STATUS_UNKNOWN                = 64&
%CAPICOM_TRUST_IS_CYCLIC                                = 128&
%CAPICOM_TRUST_INVALID_EXTENSION                        = 256&
%CAPICOM_TRUST_INVALID_POLICY_CONSTRAINTS               = 512&
%CAPICOM_TRUST_INVALID_BASIC_CONSTRAINTS                = 1024&
%CAPICOM_TRUST_INVALID_NAME_CONSTRAINTS                 = 2048&
%CAPICOM_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT        = 4096&
%CAPICOM_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT          = 8192&
%CAPICOM_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT        = 16384&
%CAPICOM_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT             = 32768&
%CAPICOM_TRUST_IS_OFFLINE_REVOCATION                    = &H01000000&
%CAPICOM_TRUST_NO_ISSUANCE_CHAIN_POLICY                 = &H02000000&
%CAPICOM_TRUST_IS_PARTIAL_CHAIN                         = &H00010000&
%CAPICOM_TRUST_CTL_IS_NOT_TIME_VALID                    = &H00020000&
%CAPICOM_TRUST_CTL_IS_NOT_SIGNATURE_VALID               = &H00040000&
%CAPICOM_TRUST_CTL_IS_NOT_VALID_FOR_USAGE               = &H00080000&
$CAPICOM_PROV_MS_DEF_PROV                               = "Microsoft Base Cryptographic Provider v1.0"
$CAPICOM_PROV_MS_ENHANCED_PROV                          = "Microsoft Enhanced Cryptographic Provider v1.0"
$CAPICOM_PROV_MS_STRONG_PROV                            = "Microsoft Strong Cryptographic Provider"
$CAPICOM_PROV_MS_DEF_RSA_SIG_PROV                       = "Microsoft RSA Signature Cryptographic Provider"
$CAPICOM_PROV_MS_DEF_RSA_SCHANNEL_PROV                  = "Microsoft RSA SChannel Cryptographic Provider"
$CAPICOM_PROV_MS_DEF_DSS_PROV                           = "Microsoft Base DSS Cryptographic Provider"
$CAPICOM_PROV_MS_DEF_DSS_DH_PROV                        = "Microsoft Base DSS and Diffie-Hellman Cryptographic Provider"
$CAPICOM_PROV_MS_ENH_DSS_DH_PROV                        = "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"
$CAPICOM_PROV_MS_DEF_DH_SCHANNEL_PROV                   = "Microsoft DH SChannel Cryptographic Provider"
$CAPICOM_PROV_MS_SCARD_PROV                             = "Microsoft Base Smart Card Crypto Provider"
$CAPICOM_PROV_MS_ENH_RSA_AES_PROV                       = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"

David Roberts · 5 Apr 2009, 09:53 PM

I have rewritten the ENCRYPTION section along the lines of your code, José, but I'm still getting strCipherText as empty.

Your code is working as I loaded Content with UCode$("Bull") before decrypting and it was overwritten. With my code it is not overwritten.

Code:

' ENCRYPTION

Local EncryptedData As IDispatch
Local KeyLength As Long
Local strPassword, strCipherText, strPlainText As String

  Let EncryptedData = NewCOM "CAPICOM.EncryptedData"
  
  Algorithm = %CAPICOM_ENCRYPTION_ALGORITHM_AES
  KeyLength = %CAPICOM_ENCRYPTION_KEY_LENGTH_256_BITS
  strPassword = "2B50831453639A120D5883AAD155ACAE" ' 256 bits worth - it is the only way <smile>
  strPassword = UCode$(strPassword)
  strMessage = UCode$(strMessage)
    
  ' Encrypt
  Object Let EncryptedData.Algorithm.Name = Algorithm
  Object Let EncryptedData.Algorithm.KeyLength = KeyLength
  Object Call EncryptedData.SetSecret(strPassword)
  Object Let EncryptedData.Content = strMessage
  Object Call EncryptedData.Encrypt(strCipherText)
  
  MsgBox Str$(Len(strCipherText)) ' => 0!
  
  ' Decrypt
  strMessage = UCode$("Bull")
  Object Let EncryptedData.Content = strMessage
  Object Call EncryptedData.Decrypt(strCipherText)
  Object Get EncryptedData.Content To strPlainText
  
  MsgBox ACode$(strPlainText) ' => Bull
  
  EncryptedData = Nothing

David Roberts · 5 Apr 2009, 10:27 PM

GOT IT!

Changed 'Object Call EncryptedData.Encrypt(strCipherText)'
to 'Object Call EncryptedData.Encrypt To strCipherText'

PB Docs didn't cover that.

With encryption it looks like we have to UCode$ strMessage although, it seems, we don't have to with strPassword. I don't suppose it matters with a password - if it gets read wrong the same 'wrong' value will be used with decryption.

José Roca · 5 Apr 2009, 10:36 PM

It returns error &H80029C4A& (%TYPE_E_CANTLOADLIBRARY). This error is also returned by OleView.exe if you double click it in the list of type libraries. Apparently, this component doesn't register properly. With direct interface calls it works because the type library isn't used.

José Roca · 5 Apr 2009, 10:42 PM

I tried Object Call EncryptedData.Encrypt To strCipherText, but it returns error &H80029C4A&. If it works in your system, then it must be that it is not properly registered in my system.

David Roberts · 5 Apr 2009, 10:42 PM

> It returns error &H80029C4A& (%TYPE_E_CANTLOADLIBRARY).

What does? I haven't seen that yet.

You edited your post as I posted mine.

It is working for me.

José Roca · 5 Apr 2009, 10:44 PM

We are posting at the same time. See my previous post.

David Roberts · 5 Apr 2009, 10:51 PM

You didn't edit, you made another post.

Anyway, I'm out of my depth why it isn't working for you.

Added: Just for the record I'm getting Str$(Len(strCipherText)) as 472, the same as your code.

José Roca · 5 Apr 2009, 11:00 PM

The first thing that I did was to use Object Call EncryptedData.Encrypt To strCipherText with your code, but as it doesn't work in my system, I switched to the direct interface call approach. Anyway, we have now two ways of doing it.

David Roberts · 5 Apr 2009, 11:14 PM

> I cannot walk away from code that isn't working because I'm at fault. Once it is working I'm quite happy to get shot of it in favour of something better.

I'm dumping 'my' way.

I find the direct interface approach more readable and I don't have to assign Algorithm and so on as 'Object Let' expects OLE variables.

José Roca · 5 Apr 2009, 11:24 PM

Both are needed. Some components can only be used with Automation, whereas others can only be used with direct interface calls. Those having dual interfaces can be used both ways. Even CAPICOM has several interfaces, e.g. IChainContext, ICertContext ad ICertStore, that inherit directly from IUnknown and can't be used with OBJECT CALL...

David Roberts · 6 Apr 2009, 12:09 AM

I was lucky then because I wrote the first post's code before using COM browser to fathom out what I was doing wrong. I see now that IHashedData and IEncryptedData 'Inherit IDispatch'.

I had hoped to use CAPICOM in a new project but I cannot 'hash in' additional messages.

Hash( A + B + C) = Hash( A ).Hash( B ).Hash( C ) where '.' means hash in.

Hashing a 700MB ISO image is not a problem when the file can be read in blocks. With CAPICOM it looks like the whole file must be read in. The same goes for encryption.

The project has 'A' as a string and 'B' and 'C' as files. 'B' and 'C' will not be large so I could concatenate the whole lot including 'A'. However, encryption may be a problem with large files.

The Crypto API lends itself well for processing blocks but doesn't have AES. Fortunately, Greg Turgeon's AES code looks like it will.

David Roberts · 6 Apr 2009, 06:45 AM

Whilst I was having the encryption problem I thought "Pity the compiler isn't telling me that I'm doing something wrong".

I have no idea what triggered the following but I reverted back to
'Object Call EncryptedData.Encrypt(strCipherText)'
and added '#Debug Display On' to the code.

On running I got a run-time error 99 - Object error.

I was told that it was in PBMain but at least I was being told of a problem - previously I just got the wrong results.

José Roca · 6 Apr 2009, 11:26 PM

Originally posted by David Roberts View Post

I had hoped to use CAPICOM in a new project but I cannot 'hash in' additional messages.

Hash( A + B + C) = Hash( A ).Hash( B ).Hash( C ) where '.' means hash in.

Hashing a 700MB ISO image is not a problem when the file can be read in blocks. With CAPICOM it looks like the whole file must be read in. The same goes for encryption.

The project has 'A' as a string and 'B' and 'C' as files. 'B' and 'C' will not be large so I could concatenate the whole lot including 'A'. However, encryption may be a problem with large files.

The Crypto API lends itself well for processing blocks but doesn't have AES. Fortunately, Greg Turgeon's AES code looks like it will.

I think you should read the documentation. It says:

To create the hash of a large amount of data, call the Hash method for each piece of data. The hash of each piece of data is concatenated to the Value property until the property is read. The contents of the Value property are reset when the property is read.

http://msdn.microsoft.com/en-us/libr...46(VS.85).aspx

David Roberts · 7 Apr 2009, 01:00 AM

Thanks José - I've concentrated on the samples too much.

Code:

Block = 131072 ' 128KB
StartTimer
Open "Big.txt" For Binary Lock Shared As #1
  While IsFalse Eof(#1)
    Get$ #1, Block, strMessage
    pHashedData.Hash(strMessage)
  Wend
Close #1
StopTimer

strHashValue = ACode$(pHashedData.Value)
  
MsgBox "SHA256: " + strHashValue + " " + sTimeTaken

Big.txt is a file I used for testing HashFile and is 100MB.

This has taken me by surprise. HashFile comes in at 1678ms whereas the above snippet comes in at 1212ms; both allowed to use the file cache for a fair comparison.

Unfortunately, EncryptedData does not appear to offer something similar. The cipher text clearly holds information which the decryption process reads before embarking on decryption and is output on each processing of Content.

Announcement

CAPICOM for Hashing and Encryption for starters.

CAPICOM for Hashing and Encryption for starters.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment