6.1.2. CryptoAPI Windows OS

Windows provides the CryptoAPI programming interface for encoding information on various algorithms, both symmetrical and asymmetric. CryptoAPI is an application programming interface (API - Application Programming Interface) in the Windows operating system that provides encryption services for the operating system and applications running under its control. It contains a number of functions that allow applications to encrypt data and digitally sign in various ways, ensuring the protection of private keys. However, the CryptoApi functions themselves do not perform any cryptographic actions, but serve only as intermediaries between the application program and the CSP (Cryptographic Service Provider - Encryption Service Provider). The software part of the crypto-provider is a dll-file with encryption support functions. Crypto providers differ from each other in the composition of functions, hardware requirements, algorithms that perform basic actions (key creation, hashing, etc.). By the composition of the functions and the algorithms supporting them, crypto-providers are divided into types. For example, any CSP of the PROV_RSA_FULL type supports both encryption and digital signatures, uses the RSA algorithm for key exchange and signature creation, RC2 and RC4 algorithms for encryption, and MD5 and SHA for hashing.

Depending on the version of the operating system, the composition of the established crypto-providers may vary significantly. However, on any Windows computer, you can find the Microsoft Base Cryptographic Provider of type PROV_RSA_FULL. It is with this provider that all programs will interact by default. The user has the opportunity to purchase CSP from another manufacturer, then the CryptoAPI functions will work with the programs of this CSP. An example of using CryptoAPI functions to encode a file using the RC4 symmetric algorithm is shown in Listing 2.

Listing 2. Using CryproAPI functions to encode a file

HCRYPTPROV hProv;

// Connect to the crypto-provider of the type PROV_RSA_FULL

if (! CryptAcquireContext (& hProv, NULL, NULL, PROV_RSA_FULL, 0))

{

puts ("CSP failed to initialize";

return;

}

// Open the input and output file

HANDLE hInFile;

hInFile = CreateFile ("d: \\ NS.doc", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);

HANDLE hOutFile;

hOutFile = CreateFile ("d: \\ crypt", GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, 0, NULL);

HCRYPTKEY hKey;

// generate session key for RC4

if (! CryptGenKey (hProv, CALG_RC4, CRYPT_EXPORTABLE, & hKey))

{puts ("RC4 key generation error");

return;

}

BYTE buf [BUFFER_SIZE];

DWORD dwSzLow, dwSzHigh;

dwSzLow = GetFileSize (hInFile, & dwSzHigh); // get the size of the input file

unsigned __int64 fSize = (dwSzHigh << 32) + dwSzLow;

while (fSize)

{

if (! ReadFile (hInFile, buf, BUFFER_SIZE, & dwLen, NULL)) // read the data block

puts ("Error reading data");

dwSzLow = dwLen;

if (! CryptEncrypt (hKey, 0, fSize <= BUFFER_SIZE, 0, buf, & dwSzLow, sizeof (buf)))

// encrypt data block

puts ("Encryption error");

if (! WriteFile (hOutFile, buf, dwSzLow, & dwSzLow, NULL))

puts ("Write error");

fSize- = dwLen;

}

CloseHandle (hOutFile);

CloseHandle (hInFile);

CryptReleaseContext (hProv, 0);