Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

_cryptapi foundation class, specifically CryptAcquireContext Errors

Status
Not open for further replies.

craigsboyd

IS-IT--Management
Nov 9, 2002
2,839
US
Well, not remembering exactly why I had been staying away from it, I decided to try using the RSA encryption/decryption available via the _cryptapi foundation class.

It's turned out to be completely unsuitable for distributed applications. On one computer it works, on another it doesn't, on some computers it will work and not work depending on the direction of the wind. Causes (according to my findings, MS Knowledgebase, and various pages on the net) can range from a corrupted RSA container to a co-opted CSP to user permissions to probably just about anything under the sun.

I now remember why I decided not to use it some years ago. Has anyone ever used this class or the API calls it contains for encrypting and decrypting strings with any level of success on an application that runs on more than a couple computers (sometimes you can get lucky and it works on more than just the development machine)?

I've ripped it out of the application I was putting it into. MS appears to know that the problem exists, but other than suggesting a game or two of battleship with it they don't provide a reliable workaround. My suggestion for now to myself and others is not to use it. That's too bad, whoever created that class really decked it out, I would have liked to use it.

boyd.gif

 

I have been burnt too many times with trying to encrypt data that I gave up. I got caught crashing with an half-encrypted table, or was it a double encryted table? Any gave up on that. I don't design top-secret applications.


Mike Gagnon

If you want to get the best response to a question, please check out FAQ184-2483 first.
 
I've used the CryptoAPI in VB6 a little...is there a simplified (but still pretty secure) method you can use instead of the RSA container? Just use a GUID-type-looking string for the password?

...SLeeP-DeP'd
 
This is not good news. I just started working on my own version of a class wrapper around the crypto API calls for an app that will be distibuted to about a couple dozen locations. Fortunately we are providing the machines so I can hopefully ensure the encryption works properly. I've used XITech's Cryptor in several apps and it works well. The only complaint I have about it is that it makes maintenance a little more difficult but that is more the problem with encryption in general and not necessarily Cryptor. I wanted to write my own class partly because I would like a better understanding of what's happending and to include more complete documentation. Also I like a little more control of the code than you get with a third party product.

When running the VFP crypto solution sample on the last name field I did notice that the first record didn't properly decode when I replaced the 'Sedona' password with 'test' and felt a little uneasy but thought I would plod along anyway.

I'll keep working on it and post my findings if anybody is interested.

Ralph
 
The problem is the CryptAcquireContext() call. It errors out for a multitude of reasons and some of the reasons don't have a reliable workaround. Here's some MS info on it:



...I'm of the mind that this class and specifically the CryptAcquireContext() function should be avoided for distributed applications.

Mike,
"crashing with a half-encrypted table"
Ouch!

SleepDepD,
As an alternative, I found the class available at the following page pretty good and pure VFP. To read the article you have to be a paying member, but there is a link on the right that says "Click to download file"... which will get you a zip of the security class the author created. Pretty good stuff and really easy to use.

rgbean,
Good article on the _cryptapi class and it's many uses, however it doesn't address the problem at hand. It would be a wonderful class if the underlying API calls were reliable, but they aren't (at least the one mentioned above isn't).

rkolva,
Even thought you have control of the machines as they are built, the problems can arise after it leaves your end. My advice at this point would be to go a different route, take it for what it's worth.

boyd.gif

 
Craig,

The MS link you posted makes it sound like the problem is relegated to OS versions prior to 2k SP3. I'm curious as to what OS you and Mike experienced the problems with.

Another free encryption tool based on the blowfish algorithm
It says there is a vcx but I didn't see it in the zip file. It looks like the source code, dll and examples are available here:

I think I'll take your advice and at least play around with the dll and maybe get around to implementing blowfish in vfp. If it works out I'll post it.

Ralph
 
rkolva,

Yes, the OS was something I failed to mention. Even though they say that it was fixed it isn't. I've gotten these problems on XP Home, XP Professional, and even a Windows 2000 box that has the latest SP installed. I'm not sure MS understands or can reproduce reliably the problems and their causes. I know I was somewhat mystified after having tested it thoroughly on 3 computers to have it blow up on the 4th, then the 6th and the 7th. The 4th box was the oddest in that the problem would go away intermittently though nothing on the system was changed (obviously something was changing, but it wasn't something I was doing). I messed around with this thing for some period of time before swing at the wind, biting the air, and tearing the whole thing out. I don't like problems with no apparent solution, but in this case it was high time to cut my losses.

I'll look forward to seeing the blowfish example.

boyd.gif

 
I've been studying the following...

See: Client list -

Source code is in C/C++ included so you'll need a compiler.

There also is an ActiveX DLL and a VB wrapper included, so there might be an easy-in for VFP-only programmers.

It's free for private or shareware use, but can get a little pricey for commercial use.

I spoke with one of the top military encryption experts a
month ago about it, and although he didn't have a lot of
experience with it, informed me that a few of his
associates have played with it.

I expect I'll be playing awhile.

Darrell
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top