CryptoAPI problem -> decrypt possible with wrong key?

TheMSsForum.com: The Microsoft Software Forum

Hi

I wrote a little program that shows my problem. What I want to do is 0)
generate a pair of RSA keys (private, public). 1) encrypt some text with the
public key and 2) decrypt it with the private key... now, that works fine.
But then I tryed something else... I tryed to use the public key for
decrypting the data (which shouldn't work, as far as I know... but currently
I'm a bit confused... anyway). So I expected an error when decrypting with
the public key... but... it worked... can someone explain me this?

thanks
MR - Rudolf Meier

Here's my code:

CWinApp theApp;

using namespace std;

#include <wincrypt.h>

#pragma comment(lib, "Crypt32.lib")

#include <conio.h>

int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])

{

int nRetCode = 0;

// MFC initialisieren und drucken. Bei Fehlschlag Fehlermeldung aufrufen.

if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))

{

// TODO: Den Fehlercode an Ihre Anforderungen anpassen.

_tprintf(_T("Schwerwiegender Fehler bei der MFC-Initialisierung\n"));

nRetCode = 1;

}

else

{

printf("[0] generate keys - [1] encrypt - [2] decrypt\n");

BOOL bResult; DWORD dwError;

BYTE* pbBuffer = new BYTE[1024];

DWORD cbBuffer = 1024;

HANDLE hFile = NULL;

HCRYPTPROV hCryptProv;

bResult = CryptAcquireContext(&hCryptProv, NULL, MS_ENHANCED_PROV,
PROV_RSA_FULL, 0); dwError = GetLastError();

if (!bResult) printf("error\n");

switch(getch())

{

case '0':

{

HCRYPTKEY hKey;

bResult = CryptGenKey(hCryptProv, CALG_RSA_KEYX, CRYPT_EXPORTABLE |
AT_KEYEXCHANGE, &hKey); dwError = GetLastError();

cbBuffer = 1024;

bResult = CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, pbBuffer,
&cbBuffer); dwError = GetLastError();

hFile = CreateFile("C:\\private_key.dat", GENERIC_WRITE, 0, NULL,
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

WriteFile(hFile, pbBuffer, cbBuffer, &cbBuffer, NULL);

CloseHandle(hFile);

cbBuffer = 1024;

bResult = CryptExportKey(hKey, NULL, PUBLICKEYBLOB, 0, pbBuffer, &cbBuffer);
dwError = GetLastError();

hFile = CreateFile("C:\\public_key.dat", GENERIC_WRITE, 0, NULL,
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

WriteFile(hFile, pbBuffer, cbBuffer, &cbBuffer, NULL);

CloseHandle(hFile);

bResult = CryptDestroyKey(hKey); dwError = GetLastError();

}

break;

case '1':

{

hFile = CreateFile("C:\\public_key.dat", GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

ReadFile(hFile, pbBuffer, 1024, &cbBuffer, NULL);

CloseHandle(hFile);

HCRYPTKEY hKey;

bResult = CryptImportKey(hCryptProv, pbBuffer, cbBuffer, NULL,
CRYPT_EXPORTABLE | AT_KEYEXCHANGE, &hKey); dwError = GetLastError();

strcpy((char *)pbBuffer, "testtext");

cbBuffer = strlen((char *)pbBuffer) + 1;

bResult = CryptEncrypt(hKey, NULL, TRUE, 0, pbBuffer, &cbBuffer, 1024);

hFile = CreateFile("C:\\encrypted_data.dat", GENERIC_WRITE, 0, NULL,
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);

WriteFile(hFile, pbBuffer, cbBuffer, &cbBuffer, NULL);

CloseHandle(hFile);

bResult = CryptDestroyKey(hKey); dwError = GetLastError();

}

break;

case '2':

{

hFile = CreateFile("C:\\public_key.dat", GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

// should generate an error, because I'm loading the public_key to decrypt!!
should not work!!

ReadFile(hFile, pbBuffer, 1024, &cbBuffer, NULL);

CloseHandle(hFile);

HCRYPTKEY hKey;

bResult = CryptImportKey(hCryptProv, pbBuffer, cbBuffer, NULL,
CRYPT_EXPORTABLE | AT_KEYEXCHANGE, &hKey); dwError = GetLastError();

hFile = CreateFile("C:\\encrypted_data.dat", GENERIC_READ, 0, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

ReadFile(hFile, pbBuffer, 1024, &cbBuffer, NULL);

CloseHandle(hFile);

bResult = CryptDecrypt(hKey, NULL, TRUE, 0, pbBuffer, &cbBuffer);

bResult = (strcmp((char *)pbBuffer, "testtext") == 0);

printf("%s", (bResult ? "ok" : "error"));

bResult = CryptDestroyKey(hKey); dwError = GetLastError();

}

break;

default:

printf("wrong selection\n"); break;

}

bResult = CryptReleaseContext(hCryptProv, 0); dwError = GetLastError();

delete[] pbBuffer;

printf("\nfinished\n");

getch();

}

return nRetCode;

}
Top

Re: CryptoAPI problem -> decrypt possible with wrong key? by Igor

Igor
Wed Jul 19 20:12:46 CDT 2006

"Meier Rudolf" <meiru@gmx.net> wrote in message
news:%23PE3n63qGHA.2448@TK2MSFTNGP03.phx.gbl
> I wrote a little program that shows my problem. What I want to do is
> 0) generate a pair of RSA keys (private, public). 1) encrypt some
> text with the public key and 2) decrypt it with the private key...
> now, that works fine. But then I tryed something else... I tryed to
> use the public key for decrypting the data (which shouldn't work, as
> far as I know... but currently I'm a bit confused... anyway). So I
> expected an error when decrypting with the public key... but... it
> worked... can someone explain me this?

Decryption with the wrong key does not work in the sense that the output
is garbage, it doesn't produce an error. If the encrypted stream
contained sufficient information to determine that a particular key is
wrong, that in itself would be a weakness.

As an illustration, consider a very simple encryption algorithm: the
plaintext data is simply XORed with the key. Decryption is the same: you
XOR the cyphertext with the key again. Now, if you use a wrong key, you
can XOR with it just fine, there is no error, but the result is garbage.
Moreover, for every plaintext message a key exists that decrypts a given
cyphertext to this message, so you can't even check whether the data is
meaningful to determine if the key is correct: it may be, just by
accident, but it's not the intended plaintext.
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925


Top

Re: CryptoAPI problem -> decrypt possible with wrong key? by Meier

Meier
Thu Jul 20 00:36:50 CDT 2006

> Decryption with the wrong key does not work in the sense that the output
> is garbage, it doesn't produce an error. If the encrypted stream contained
> sufficient information to determine that a particular key is wrong, that
> in itself would be a weakness.
>
> As an illustration, consider a very simple encryption algorithm: the
> plaintext data is simply XORed with the key. Decryption is the same: you
> XOR the cyphertext with the key again. Now, if you use a wrong key, you
> can XOR with it just fine, there is no error, but the result is garbage.
> Moreover, for every plaintext message a key exists that decrypts a given
> cyphertext to this message, so you can't even check whether the data is
> meaningful to determine if the key is correct: it may be, just by
> accident, but it's not the intended plaintext.

I encrypted the string "testtext" and "Security is our Business." and
decrypted it correctly... I don't mean, that CryptDecrypt returned TRUE, but
that the resulting text was what I encrypted!!! -> try the program... build
a new project (Console Application with MFC) and paste my code into. You'll
see my problem. And... it can't be that this only works by accident.


MR


Top

Re: CryptoAPI problem -> decrypt possible with wrong key? by Igor

Igor
Thu Jul 20 09:08:51 CDT 2006

Meier Rudolf <meiru@gmx.net> wrote:
> I encrypted the string "testtext" and "Security is our Business." and
> decrypted it correctly

You are right. I've run the program and I'm getting the same result. I'm
out of ideas.

I'd ask in microsoft.public.security.crypto
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925


Top

Re: CryptoAPI problem -> decrypt possible with wrong key? by Meier

Meier
Thu Jul 20 11:15:29 CDT 2006

> You are right. I've run the program and I'm getting the same result. I'm
> out of ideas.
>
> I'd ask in microsoft.public.security.crypto

Someone told me what the problem was... -> if you don't explicitly delete
the key-container where you place the key, then it would be persistent and
if you try to decrypt using a public key, the system automatically find's
the stored private key... -> so you have to delete the key-container between
the calls... then it works as expected...

MR


Top

Re: CryptoAPI problem -> decrypt possible with wrong key? by IanM

IanM
Mon Jul 24 04:35:08 CDT 2006


"Meier Rudolf" <meiru@gmx.net> wrote in message
news:eOkv5eBrGHA.3380@TK2MSFTNGP04.phx.gbl...
>> You are right. I've run the program and I'm getting the same result.
>> I'm out of ideas.
>>
>> I'd ask in microsoft.public.security.crypto
>
> Someone told me what the problem was... -> if you don't explicitly
> delete the key-container where you place the key, then it would be
> persistent and if you try to decrypt using a public key, the system
> automatically find's the stored private key... -> so you have to
> delete the key-container between the calls... then it works as
> expected...
>
> MR
>
>
hello,

can you tell me how you delete the key container?

thanks

Ian M


Top