Rating: No reviews yet
Downloads: 712
Released: Jan 8, 2009
Updated: Feb 6, 2009 by dcleblanc
Dev status: Stable Help Icon

Recommended Download

application, 6K, uploaded Feb 6, 2009 - 712 downloads

Release Notes

This project is to get around the issue that RC4 is not available in .NET. It isn't a fully featured RC4 wrapper, but it is enough to illustrate the concepts.

An issue worth mentioning here is that CryptDeriveKey and CryptImportKey have some special behaviors with respect to 40-bit encryption. The MSDN topic "Salt Value Functionality" explains this:

=== begin quote====
The Base Provider creates 40-bit symmetric keys created with eleven bytes of zero-value salt, eleven bytes of nonzero salt if CRYPTCREATESALT is specified, or no salt value. A 40-bit symmetric key with zero-value salt, however, is not equivalent to a 40-bit symmetric key without salt. For interoperability, keys must be created without salt. This problem results from a default condition that occurs only with keys of exactly 40 bits. All other key lengths do not have salt allocated by default.

Both the Base Providers and the Extended Provider can use the CRYPTNOSALT flag to specify that no salt value is allocated for a 40-bit symmetric key. The functions that accept this flag are CryptGenKey, CryptDeriveKey, and CryptImportKey. By default, these functions provide backward compatibility for the 40-bit symmetric key case by continuing the use of the eleven-byte-long zero-value salt.
=== end quote =====

1/9/09 - Made a minor tweak to RC4Native::ImportKey to make the above explicit. Comments from the code:

// This step makes explicit what the Microsoft implementation of RC4 is really doing, unless
// CRYPTNOSALT flag is set. Essentially, there's a 128-bit key, just that the last 88 bits
// are all 0. Unfortunately, there is no standard for RC4, which is part of why this happens.
if( cbKeyData == 5 )
*pcbKeyData = 16;

So essentially, a PLAINTEXTBLOB for 40-bit RC4 is exactly the same if:
a) Data size = 5
b) Data size = 16 AND the last 11 bytes are 0

This project is needed in order to use the CapiRC4Encrypt project.

Note - this was just updated to use CryptImportKey, instead of CryptDeriveKey - removes one more layer of the CAPI calls.

2/6 - Minor bug fix for Legacy RC4 example

Reviews for this release

No reviews yet for this release.