help me to encrypt string in VC++ 2010, MFC, unicode application

Question

0.00/5 (No votes)

See more:

My objective is to encrypt a string from Unicode application and store it to the windows registry and fetch that registry value in other application, decrypt it. I can successfully add registry key but DON'T KNOW HOW TO ENCRYPT STRINGS... please help me as soon as possible...
I spent days looking for proper guide to encrypt strings (passwords,physical path to folders, flags) but I'm still unsuccessful. I successfully Implemented following code but Since I have to use encrypted string in other application this code failed... PLEASE HELP ME :(

C++

// Encrypt data from DATA_BLOB DataIn to DATA_BLOB DataOut.

//--------------------------------------------------------------------
// Declare and initialize variables.

DATA_BLOB DataIn;
DATA_BLOB DataOut;
BYTE *pbDataInput =(BYTE *)password;
DWORD cbDataInput = strlen((char *)pbDataInput)+1;

//--------------------------------------------------------------------
// Initialize the DataIn structure.

	DataIn.pbData = pbDataInput;    
	DataIn.cbData = cbDataInput;

//--------------------------------------------------------------------
//  Begin protect phase. Note that the encryption key is created
//  by the function and is not passed.

if(CryptProtectData(&DataIn,
	L"This is the description string.", // A description string to be included with the encrypted data. 
	NULL,                               // Optional entropy not used.
	NULL,                               // Reserved.
	NULL,                               // Pass NULL for the prompt structure.
	0,
	&DataOut));

Thank you
Sumit

Posted 1-Mar-12 0:19am

Sumit Makhe

Updated 1-Mar-12 1:27am

Richard MacCutchan

v2

Add a Solution

3 solutions

Solution 1

Lots of suggestions can be found here[^].

Posted 1-Mar-12 1:28am

Richard MacCutchan

Solution 2

I have solved your issue... Please find the updated code below which encrypts and decrypts as you need. The problem was the length which you were taking.. You were trying to encrypt Unicode text but using strlen which always return you
length 2. So text which goes for encryption has only 2 bytes but which was different from actual bytes it needed.. :) Enjoy

void main()
{
        wchar_t password[] = L"Hello world of data protection.";
	DATA_BLOB DataIn;
	DATA_BLOB DataOut;
	DATA_BLOB DataVerify;
	LPWSTR pDescrOut = NULL;
	BYTE *pbDataInput =(BYTE *)password;
	DWORD cbDataInput = wcslen(password)*2+1;
	DataIn.pbData = pbDataInput;    
	DataIn.cbData = cbDataInput;


	if(CryptProtectData(
		 &DataIn,
		 L"This is the description string.", // A description string. 
		 NULL,                               // Optional entropy
											 // not used.
		 NULL,                               // Reserved.
		 NULL,                      // Pass a PromptStruct.
		 0,
		 &DataOut))
	{
		 printf("The encryption phase worked. \n");
	}
	else
	{
		printf("Encryption error!");
	}
	
	//-------------------------------------------------------------------
	//   Begin unprotect phase.

	if (CryptUnprotectData(
			&DataOut,
			&pDescrOut,
			NULL,                 // Optional entropy
			NULL,                 // Reserved
			NULL,        // Optional PromptStruct
			0,
			&DataVerify))
	{
		 printf("The decrypted data is: %S\n", DataVerify.pbData);
		 printf("The description of the data was: %S\n",pDescrOut);
	}
	else
	{
		MyHandleError("Decryption error!");
	}
	//-------------------------------------------------------------------
	//  Clean up.

	LocalFree(pDescrOut);
	LocalFree(DataOut.pbData);
	LocalFree(DataVerify.pbData);
}

Posted 1-Mar-12 2:06am

Chandrakantt

Updated 1-Mar-12 2:12am

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sumit Makhe · Accepted Answer · 2012-03-27T02:18:00

I solved this issue using Crypto APIs..

Go to..

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379924%28v=vs.85%29.aspx[^]

Here is the basic steps to encrypt/decrypt data using Crypto APIs

[Step-1] Initiating the Cryptography Service Provider (CSP): CryptAcquireContext, CryptReleaseContext
The CryptAcquireContext function is used to obtain a handle to a particular key container within a particular CSP. This returned handle can then be used to make calls to the selected CSP.

At the end of encryption/decryption you can call the CryptReleaseContext function to release the handle returned from a call to CryptAcquireContext.

[Step-2] Hashing Data: CryptCreateHash, CryptHashData, CryptGetHashParam, and CryptDestroyHash
"hashing" or "hash," refers to the method or algorithm used to derive a numeric value from a piece of data. In our case we will derive a numeric value (Hash) from our password which will be used to encrypt/decrypt the data and then this Hash value will be used to generate session key which we will see in the next step.

To get hash value from Password first create a hash object using CryptCreateHash then you can call CryptHashData to get hash value derived from your password.

[Step-3] Generating Keys: CryptDeriveKey, CryptGenKey, CryptDestroyKey
These three functions are the ones used to generate handles to keys:

The CryptDeriveKey function is used to generate a key from a specified password.
The CryptGenKey function is used to generate a key from random generated data.
The CryptDestroyKey function is used to release the handle to the key object.

[Step-4] Encrypting and Decrypting Data: CryptEncrypt, CryptDecrypt
In this step you prepare Buffer for Plain text or Cipher text (Encrypted text) for CryptEncrypt/CryptDecrypt call and then you can call CryptEncrypt for encryption or CryptDecrypt for decryption.

[Step-5] Cleanup : CryptDestroyKey, CryptDestroyHash, CryptReleaseContext
Once you are done with encryption/decryption you have to do cleanup of resources taken by Crypto Apis. Cleanup requires the following steps
- Destroy session key using CryptDestroyKey
- Destroy key exchange key handle using CryptDestroyKey
- Destroy hash object using CryptDestroyHash
- Release Context provider handle using CryptReleaseContext