How to Use Crypto API in Your ASP Projects

WEBINAR: On-demand webcast

How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017 REGISTER >

Environment: ASP Components

Summary

This application uses ATL, MFC, ASP, and Crypto API. It will demonstrate how to make an ATL project that provides two cryptographic functions, how to use this component in your ASP projects, and how to register the component in MTS. The article also contains a GUI client console for directly testing the cryptographic functions.

This component can be used in Visual Basic, Access, or Microsoft SQL.

Introduction

Recently I worked for a financial project regarding the Greek, Cyprian, and Romanian stock exchange (www.greekmarkets.com, http://reporter.fasma.ro). The project was coded mostly using ASP and VB COM, with a few ATL components as a middle tier over a SQL database. The middle tier component that I programmed was built with ATL and uses Crypto API. The idea consists of providing the encrypted data to HTTP, data which is useful for ASP pages. Because of the HTTP transport, the data is coded in a hexadecimal format.

Overview

First of all, I will show you how to use an ATL control and how to provide methods that interrogate our component.

  • Create a new ATL COM AppWizard project.
  • Choose Dynamic Link Library (DLL) in the Server Type and check Support MFC and MTS.
  • Add a new ATL object to your classes. ChooseObjects->Simple Object from your ATL Object Wizard.
  • On the attributes tab page, choose the Free option in Threading Model.

  • Now we have a very nice component. It is more important to provide data to other programs by methods or properties. Unfortunately, the Microsoft wizard is a little poor and the user must input manually each parameter and its type.

Details

The simplest way to use cryptographic API and to encrypt your messages is the following:

// Get handle to user default provider.
       CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)

This function returns a handle to a particular CSP that includes the specification of a particular key container within the CSP. This key container is either a specifically requested key container or it is the default key container for the currently logged-on user. Note that the second and the third parameters are NULL. This means that our code will generate the same key all the time, independently of the current logged user, and/or if the encrypt was done on a computer and the decrypt on another one.

// Create hash object.
       CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)

// Hash password string.
       CryptHashData(hHash, (BYTE *)szLocalPassword, dwLength, 0)

// Create block cipher session key based on hash of the password.
       CryptDeriveKey(hProv, CALG_RC4, hHash,
                             CRYPT_EXPORTABLE, &hKey)

// Encrypt data
       CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer,
                    &dwLength, dwLength)

// Code the result in hexadecimal format
       HtoA(dest, szPassword, sizeof(TCHAR)*_tcslen(dest) )

It is very easy to use the component in ASP pages (the same in Visual Basic, Access, or Microsoft SQL):

dim myOEncrypt
dim src, dest

set myOEncrypt   = Server.CreateObject
                   ("EncryptionATL.Encryption.1")


src = "CryptoAPI"
Response.Write "src: "
Response.Write src

Response.Write "Crypt: "
dest = myOEncrypt.Crypt(src)
Response.Write dest

Response.Write "LastError: "
Response.Write myOEncrypt.LastError

Response.Write "Decrypt: "
src = myOEncrypt.Decrypt(dest)
Response.Write src

Response.Write "LastError: "
Response.Write myOEncrypt.LastError

set myOEncrypt = nothing

Installation

Step 1: Copy the DLL under a directory with system execute privilege and register it with the regsvr32 command or put it on the MTS. This way is better because if we want to modify the component and register it again, this is possible without restarting the computer—like in cases when using the regsvr32 command that "blocks" your dll file.

  • Open the MTS console (if you have NT4) or Component service (Windows 2000). In Computers-> MyComputer->COM+ Application, choose NewApplication. Give it a name, for example "Crypt".
  • In the new Crypt COM+ application, create a new component:
  • And choose your crypto dll file:
  • To modify the properties of the newly created component, right-click it:

Step 2: Use the dialog console directly. Input some string in the edit box and click the button!

Step 3: Copy the directory with ASP pages under Web—and just try it !

Note

The program was designed to use only small strings, with some digits (id's from tables). If you want more, you have to modify the component.

Downloads

Download demo project - 149 Kb


Comments

  • Very Helpful

    Posted by Legacy on 12/19/2003 12:00am

    Originally posted by: Kurt S.

    Very helpful, thanks

    Reply
  • DES Encryption

    Posted by Legacy on 02/24/2003 12:00am

    Originally posted by: Zaid Ansari

    i could not use it for DES, can u please explain me how it can be used for DES, waiting for your reply
    
    Zaid

    Reply
  • bad encryption for me

    Posted by Legacy on 10/03/2002 12:00am

    Originally posted by: y.xxxx

    I belive is not correct mode to encrypt this.!!!

    Reply
  • Well written article - thanks

    Posted by Legacy on 10/03/2002 12:00am

    Originally posted by: noel

    Well written article - thanks

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date