在数字时代,数据安全变得尤为重要。Microsoft CryptoAPI提供了一套灵活的函数,允许开发者将加密安全性构建到他们的应用程序中。通过使用密码学,可以实现多种安全需求,包括确保敏感文件的保密性、即使传输介质不安全也能保障通信安全,以及使用数字签名验证消息和数据的来源。
CryptoAPI支持的基本密码学操作包括加密、解密和签名。加密类似于受控的碎片化:数据就在那里,但它根据加密规则被分散。解密是加密的逆过程,通过反转加密规则重新组合数据。数字签名类似于物理手写签名文件,但有一个显著的改进:伪造数字签名非常困难。
BOOL GetChecksumBuffer(ALG_ID nAlgorithm, LPBYTE lpszOutputBuffer, DWORD& dwOutputLength, LPBYTE lpszInputBuffer, DWORD dwInputLength) {
BOOL retVal = FALSE;
ASSERT(lpszOutputBuffer != NULL);
ASSERT(dwOutputLength != 0);
ASSERT(lpszInputBuffer != NULL);
ASSERT(dwInputLength != 0);
HCRYPTPROV hCryptProv = NULL;
HCRYPTHASH hCryptHash = NULL;
if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
if (CryptCreateHash(hCryptProv, nAlgorithm, NULL, 0, &hCryptHash)) {
if (CryptHashData(hCryptHash, lpszInputBuffer, dwInputLength, 0)) {
if (CryptGetHashParam(hCryptHash, HP_HASHVAL, lpszOutputBuffer, &dwOutputLength, 0)) {
retVal = TRUE;
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptGetHashParam"), GetLastError());
}
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptHashData"), GetLastError());
}
VERIFY(CryptDestroyHash(hCryptHash));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptCreateHash"), GetLastError());
}
VERIFY(CryptReleaseContext(hCryptProv, 0));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptAcquireContext"), GetLastError());
}
return retVal;
}
该函数计算给定二进制缓冲区的哈希码,使用指定的算法。
BOOL EncryptBuffer(ALG_ID nAlgorithm, LPBYTE lpszOutputBuffer, DWORD& dwOutputLength, LPBYTE lpszInputBuffer, DWORD dwInputLength, LPBYTE lpszSecretKey, DWORD dwSecretKey) {
BOOL retVal = FALSE;
DWORD dwHowManyBytes = dwInputLength;
ASSERT(lpszOutputBuffer != NULL);
ASSERT(dwOutputLength != 0);
ASSERT(lpszInputBuffer != NULL);
ASSERT(dwInputLength != 0);
ASSERT(lpszSecretKey != NULL);
ASSERT(dwSecretKey != 0);
HCRYPTPROV hCryptProv = NULL;
HCRYPTHASH hCryptHash = NULL;
HCRYPTKEY hCryptKey = NULL;
::CopyMemory(lpszOutputBuffer, lpszInputBuffer, dwHowManyBytes);
if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
if (CryptCreateHash(hCryptProv, CALG_MD5, NULL, 0, &hCryptHash)) {
if (CryptHashData(hCryptHash, lpszSecretKey, dwSecretKey, 0)) {
if (CryptDeriveKey(hCryptProv, nAlgorithm, hCryptHash, CRYPT_EXPORTABLE, &hCryptKey)) {
if (CryptEncrypt(hCryptKey, NULL, TRUE, 0, lpszOutputBuffer, &dwHowManyBytes, dwOutputLength)) {
dwOutputLength = dwHowManyBytes;
retVal = TRUE;
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptEncrypt"), GetLastError());
}
VERIFY(CryptDestroyKey(hCryptKey));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptDeriveKey"), GetLastError());
}
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptHashData"), GetLastError());
}
VERIFY(CryptDestroyHash(hCryptHash));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptCreateHash"), GetLastError());
}
VERIFY(CryptReleaseContext(hCryptProv, 0));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptAcquireContext"), GetLastError());
}
return retVal;
}
该函数使用指定的算法加密给定的二进制缓冲区。
BOOL DecryptBuffer(ALG_ID nAlgorithm, LPBYTE lpszOutputBuffer, DWORD& dwOutputLength, LPBYTE lpszInputBuffer, DWORD dwInputLength, LPBYTE lpszSecretKey, DWORD dwSecretKey) {
BOOL retVal = FALSE;
DWORD dwHowManyBytes = dwInputLength;
ASSERT(lpszOutputBuffer != NULL);
ASSERT(dwOutputLength != 0);
ASSERT(lpszInputBuffer != NULL);
ASSERT(dwInputLength != 0);
ASSERT(lpszSecretKey != NULL);
ASSERT(dwSecretKey != 0);
HCRYPTPROV hCryptProv = NULL;
HCRYPTHASH hCryptHash = NULL;
HCRYPTKEY hCryptKey = NULL;
::CopyMemory(lpszOutputBuffer, lpszInputBuffer, dwHowManyBytes);
if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
if (CryptCreateHash(hCryptProv, CALG_MD5, NULL, 0, &hCryptHash)) {
if (CryptHashData(hCryptHash, lpszSecretKey, dwSecretKey, 0)) {
if (CryptDeriveKey(hCryptProv, nAlgorithm, hCryptHash, CRYPT_EXPORTABLE, &hCryptKey)) {
if (CryptDecrypt(hCryptKey, NULL, TRUE, 0, lpszOutputBuffer, &dwHowManyBytes)) {
dwOutputLength = dwHowManyBytes;
retVal = TRUE;
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptDecrypt"), GetLastError());
}
VERIFY(CryptDestroyKey(hCryptKey));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptDeriveKey"), GetLastError());
}
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptHashData"), GetLastError());
}
VERIFY(CryptDestroyHash(hCryptHash));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptCreateHash"), GetLastError());
}
VERIFY(CryptReleaseContext(hCryptProv, 0));
} else {
TraceLastError(CRYPT_LIBRARY_NAME, _T("CryptAcquireContext"), GetLastError());
}
return retVal;
}