Home/ Questions/Q 4099010
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T20:22:40+00:00

I have a CryptoAPI code to encrypt\ decrypt given data using AES-128 and a

  • 0

I have a CryptoAPI code to encrypt\ decrypt given data using AES-128 and a key derived from a password using SHA-256.

How can I write an OpenSSL equivalent implementation so I would be able to encrypt data with it, then decrypt it with CryptoAPI and vice versa?

Trying to use EVP_BytesToKey with EVP_aes_128_cbc() and EVP_sha256() didn’t work “as is”.
(By “doesn’t work” I mean – can’t decrypt CryptoAPI’s generated encrypted data and vice versa. This does work for decrypt OpenSSL’s encrypted data).

Any idea or good reference?

Thank you in advance.

Here is the Windows CryptoAPI code:

// Get the handle to the default provider. 
      if(CryptAcquireContext(
                   &hCryptProv, 
                   NULL, 
                   MS_ENH_RSA_AES_PROV, 
                   PROV_RSA_AES, 
                   CRYPT_VERIFYCONTEXT))
          {
                   _tprintf(
                             TEXT("A cryptographic provider has been acquired. \n"));
          }
          else
          {
                   goto Exit_PrepareCAPI;
          }
          // Create a hash object. 
          if(!CryptCreateHash(
                   hCryptProv, 
                   HASH_ALGORITHM, 
                   0, 
                   0, 
                   &hHash))
          {
                   goto Exit_PrepareCAPI;
          }
          // Hash in the password data. 
          if(!CryptHashData(
                   hHash, 
                   (BYTE*) strPassword.c_str(),
                   strPassword.length(),
                   (DWORD)0)) 
          {
                   goto Exit_PrepareCAPI;
          }
          // Derive a session key from the hash object. 
          if(!CryptDeriveKey(
                   hCryptProv, 
                   ENCRYPT_ALGORITHM, 
                   hHash, 
                    0x00800000 /*128 bit*/, 
                   &hKey))
          { 
                   goto Exit_PrepareCAPI;
          }
          DWORD cryptMode = CRYPT_MODE_CBC;

          if(!CryptSetKeyParam(
                   hKey, 
                   KP_MODE, 
                   (BYTE*)&cryptMode, 
                   0))
          { 
                   goto Exit_PrepareCAPI;
          }

                   if(!CryptGetHashParam(
                   hHash,
                   HP_HASHSIZE,
                   (BYTE *)&dwHashLen,
                   &dwHashLenSize,
                   0))
          {
                   goto Exit_PrepareCAPI;
          }

          pbHash = new BYTE[dwHashLen];

          if(!CryptGetHashParam(
                   hHash,
                   HP_HASHVAL,
                   pbHash,
                   &dwHashLen,
                   0))
          {
                   goto Exit_PrepareCAPI;
          }

          SecureZeroMemory( ivBuff, sizeof(ivBuff) );

          for(DWORD i = 16, j = 0 ; i < dwHashLen ; i++, j++)
          {
                   ivBuff[j] = pbHash[i];
          }

          if(!CryptSetKeyParam(
                   hKey, 
                   KP_IV, 
                   ivBuff, 
                   0))
          { 
                   goto Exit_PrepareCAPI;
          }
          //
          // Read the data into pre-allocated pbBuffer
          //
// Encrypt data.           if(!CryptEncrypt(
                    hKey, 
                    NULL, 
                    fEOF,
                    0, 
                    pbBuffer, 
                    &dwCount, 
                    dwBufferLen))
{ 
                    goto Exit_MyEncryptFile;
          } 
Exit_MyEncryptFile:
          // Cleanup allocated objects
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After all, this code worked:

    int generateKey(const string& strSecter)
{    
SHA256_CTX sha256Ctx;
unsigned char hash[SHA256_DIGEST_LENGTH];
SecureZeroMemory(hash, sizeof hash);
SHA256_Init(&sha256Ctx);
SHA256_Update(&sha256Ctx, strSecter.c_str(), strSecter.length());
SHA256_Final(hash, &sha256Ctx);
memcpy(Key, hash, AES_BLOCK_SIZE);
memcpy(IV, hash + AES_BLOCK_SIZE, AES_BLOCK_SIZE);

return 0;
}

    Hope this will help someone.

    • 0