How to Use Crypto API in Your ASP Projects

Environment: ASP Components

Summary

This application uses ATL, MFC, ASP, and Crypto API. It will demonstrate how to make an ATL project that provides two cryptographic functions, how to use this component in your ASP projects, and how to register the component in MTS. The article also contains a GUI client console for directly testing the cryptographic functions.

This component can be used in Visual Basic, Access, or Microsoft SQL.

Introduction

Recently I worked for a financial project regarding the Greek, Cyprian, and Romanian stock exchange (www.greekmarkets.com, http://reporter.fasma.ro). The project was coded mostly using ASP and VB COM, with a few ATL components as a middle tier over a SQL database. The middle tier component that I programmed was built with ATL and uses Crypto API. The idea consists of providing the encrypted data to HTTP, data which is useful for ASP pages. Because of the HTTP transport, the data is coded in a hexadecimal format.

Overview

First of all, I will show you how to use an ATL control and how to provide methods that interrogate our component.

  • Create a new ATL COM AppWizard project.
  • Choose Dynamic Link Library (DLL) in the Server Type and check Support MFC and MTS.
  • Add a new ATL object to your classes. ChooseObjects->Simple Object from your ATL Object Wizard.
  • On the attributes tab page, choose the Free option in Threading Model.

  • Now we have a very nice component. It is more important to provide data to other programs by methods or properties. Unfortunately, the Microsoft wizard is a little poor and the user must input manually each parameter and its type.

Details

The simplest way to use cryptographic API and to encrypt your messages is the following:

// Get handle to user default provider.
       CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)

This function returns a handle to a particular CSP that includes the specification of a particular key container within the CSP. This key container is either a specifically requested key container or it is the default key container for the currently logged-on user. Note that the second and the third parameters are NULL. This means that our code will generate the same key all the time, independently of the current logged user, and/or if the encrypt was done on a computer and the decrypt on another one.

// Create hash object.
       CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)

// Hash password string.
       CryptHashData(hHash, (BYTE *)szLocalPassword, dwLength, 0)

// Create block cipher session key based on hash of the password.
       CryptDeriveKey(hProv, CALG_RC4, hHash,
                             CRYPT_EXPORTABLE, &hKey)

// Encrypt data
       CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer,
                    &dwLength, dwLength)

// Code the result in hexadecimal format
       HtoA(dest, szPassword, sizeof(TCHAR)*_tcslen(dest) )

It is very easy to use the component in ASP pages (the same in Visual Basic, Access, or Microsoft SQL):

dim myOEncrypt
dim src, dest

set myOEncrypt   = Server.CreateObject
                   ("EncryptionATL.Encryption.1")


src = "CryptoAPI"
Response.Write "src: "
Response.Write src

Response.Write "Crypt: "
dest = myOEncrypt.Crypt(src)
Response.Write dest

Response.Write "LastError: "
Response.Write myOEncrypt.LastError

Response.Write "Decrypt: "
src = myOEncrypt.Decrypt(dest)
Response.Write src

Response.Write "LastError: "
Response.Write myOEncrypt.LastError

set myOEncrypt = nothing

Installation

Step 1: Copy the DLL under a directory with system execute privilege and register it with the regsvr32 command or put it on the MTS. This way is better because if we want to modify the component and register it again, this is possible without restarting the computer—like in cases when using the regsvr32 command that "blocks" your dll file.

  • Open the MTS console (if you have NT4) or Component service (Windows 2000). In Computers-> MyComputer->COM+ Application, choose NewApplication. Give it a name, for example "Crypt".
  • In the new Crypt COM+ application, create a new component:
  • And choose your crypto dll file:
  • To modify the properties of the newly created component, right-click it:

Step 2: Use the dialog console directly. Input some string in the edit box and click the button!

Step 3: Copy the directory with ASP pages under Web—and just try it !

Note

The program was designed to use only small strings, with some digits (id's from tables). If you want more, you have to modify the component.

Downloads

Download demo project - 149 Kb


Comments

  • Monster slaat echt op de rekening

    Posted by mrswanzi on 06/06/2013 02:22pm

    [url=http://beatssolokopen.weebly.com/]beats solo kopen[/url] Daarom wil je een open koptelefoon Een gesloten koptelefoon zorgt ervoor dat je akoestisch wordt afgesloten van alles wat om je heen gebeurt. Er wordt geen geluid vanuit de hoofdtelefoon naar de omgeving ¡®gelekt¡¯. Een gesloten koptelefoon geeft vaak een wat drukkend en minder natuurgetrouw geluid weer. Een open hoofdtelefoon, zoals deze Beats By Dre Real, heeft echter een open klankkast en laat daardoor meer geluid door en laat de druk 'ontsnappen'. Er ontsnapt letterlijk geluid doordat de oorschelp aan de buitenkant open is. Dit heeft absoluut geen kwaliteitsverlies of een verlies aan bas tot gevolg. Als drager hoor je bij deze constructie ook het omgevingsgeluid. Heeft iemand naast je in de trein een koptelefoon op waarbij jij het geluid hoort, is het heel goed mogelijk dat hij of zij een open hoofdtelefoon heeft. [url=http://koptelefoon-monsterbeats.cabanova.com/]beats by dre[/url] Naast dat je je muziek wireless kunt beluisteren via bluetooth kun je er ook altijd nog voor kiezen om gewoon de meegeleverde kabel te gebruiken. Bijvoorbeeld wanneer je via een apparaat luisterd wat geen bluetooth ondersteund. Of als dat batterijen voor de bluetooth funcie leeg zijn (deze gaan ongeveer 10 uur lang mee).De komende de Monster Beats Dr Dre urBeats koptelefoon [url=http://koptelefoon-monsterbeats.webs.com/]beats by dre[/url] de Beats Tour oordopjes zorgen voor een verbazingwekkende driver design. 20hz lijkt een beetje hoger met een oordopje dat verklaringen te ontwikkelen om 'goede reproductie van de dij hop ". meestal de verminderde waarde van zo heel veel van de veel beter de bas. Van know-how 14 Hz kan eventueel worden de optimale waarde. Beats by dre pro rood zwart Zoals geciteerd door de methode van de kwaliteit van de Tour de lijst: ". Grote, high-efficiency automobilisten laat u toe om zeker Crank It Up en voldoening te halen uit hardop uit te houden zonder geluid-wrecking vervorming" Driver dimensie behoort tot een van de meest essentile factoren om uit te checken uit voor bij het krijgen van oordopjes.

    Reply
  • ghd glattejern populære familie, som skal produktet

    Posted by motherdhmm on 05/30/2013 07:39pm

    [url=http://www.blog.cheapbeatsbydre.co.nz/]beats by dre[/url] Ghd sammenlignet med tidligere produkter, denne generation af glat hår med ekstra slankt design, mode af den ydre uanstændige og nogle geniale nye unikke sted i glat hår, hårpleje og styling har gjort store forbedringer. GHD IV styler primære unikt sted: mere vækst i den keramiske varme plader. MK4 Ghd Opvarmningen er færdig vil der være et bip for at gøre dig opmærksom på at organisere ansøgning. Unik og holdbart cover design, ikke noget på egen hånd efter 15 minutter lukkede specielle kabler designet til at opretholde den fugtige keramiske feber tabletter fra skade på miljøet. [url=http://www.buy-beatsdrdre.com/]beats by dre headphones[/url] Alle GHD IV Pink Styler er af høj kvalitet og prisen er meget reasonable.There er forskellige stilarter for dig at select.Key funktioner i GHD Hårudglatningsmiddel omfatter: mere lydhør, dybt affjedret keramiske plader, at varme op endnu hurtigere. Hørbar bip, der fortæller dig, jernet er varmt og klar til brug. Længere og mere holdbar Kablet har et forbedret design for at mindske potentielle skader, som du stil med jern. Auto-justering af spænding betyder, at du kan bruge dit jern i noget land. Sikkerhed funktioner, herunder automatisk slukker efter 15 minutter uden aktivitet, og en gysen funktion, der forhindrer fugt beskadige din strygejern, når de er blevet efterladt i et koldt sted natten over. [url=http://www.blog.cheapbeatsbydre.co.nz/]beats by dre[/url] Principal, skal du helt oprydning og vask manke. Rengøring frizzy hår kun lige før såvel som stil er absolut meget vigtigt, og dette indebærer, at du har fået fremstillet model angiver benægte dette slags. Når du opstår, til at hjælpe med at vaske hår store kun før design og design, kan det være muligt at erhverve mindre nasty, shinier, med betydelig bedre bruge. Derfor kan låse sandsynligvis eventuelt være større sammen med rigere. Du kunne opstår vellidt launder eller måske kun genoprettende sammenholdt med conditionere, hvis du gerne vil have. Fortsætte og ja det reelt er rent faktisk større, skal du eventuelt kan oprette strategi GHD rense og refresher sammen med strengthener til produkter bestemt, der låser kan også eventuelt hurtigt modtager tilstrækkelig sikkerhed. God hår dage krøllede hår analysere elementer kunne bidrage til at gøre håret hoppende sammenholdt med effektiv.

    Reply
  • Very Helpful

    Posted by Legacy on 12/19/2003 12:00am

    Originally posted by: Kurt S.

    Very helpful, thanks

    Reply
  • DES Encryption

    Posted by Legacy on 02/24/2003 12:00am

    Originally posted by: Zaid Ansari

    i could not use it for DES, can u please explain me how it can be used for DES, waiting for your reply
    
    Zaid

    Reply
  • bad encryption for me

    Posted by Legacy on 10/03/2002 12:00am

    Originally posted by: y.xxxx

    I belive is not correct mode to encrypt this.!!!

    Reply
  • Well written article - thanks

    Posted by Legacy on 10/03/2002 12:00am

    Originally posted by: noel

    Well written article - thanks

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Event Date: April 15, 2014 The ability to effectively set sales goals, assign quotas and territories, bring new people on board and quickly make adjustments to the sales force is often crucial to success--and to the field experience! But for sales operations leaders, managing the administrative processes, systems, data and various departments to get it all right can often be difficult, inefficient and manually intensive. Register for this webinar and learn how you can: Align sales goals, quotas and …

  • Hybrid cloud platforms need to think in terms of sweet spots when it comes to application platform interface (API) integration. Cloud Velocity has taken a unique approach to tight integration with the API sweet spot; enough to support the agility of physical and virtual apps, including multi-tier environments and databases, while reducing capital and operating costs. Read this case study to learn how a global-level Fortune 1000 company was able to deploy an entire 6+ TB Oracle eCommerce stack in Amazon Web …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds