RSA Public/Private Key Encryption in VFP 9.0

Hi,
I need to be able to decrypt data pulled from a MySQL table encrypted with RSA public/private key encryption within a FoxPro application. I am currently using the FoxPro Foundation Class known as _cryptapi as a wrapper to the CryptoAPI interface. The problem I'm having is that I can't seem to figure out how to decrypt a RSA encrypted string of data. I know that the _cryptapi class provided by Microsoft uses the Microsoft Base Cryptographic Service Provider which in itself uses RSA public key encryption algorithms, but for some reason I am having the hardest time finding the methods that support this in the _cryptapi foundation class. I have found methods for symmetric block and stream ciphers but that isn't what i want. The documentation clearly states that RSA public key encryption and decryption can be done with this Foxpro Foundation Class. If anyone has any insight on how to accomplish this, it would be greatly appreciated.

Thanks

Visual FoxPro2

Did you know this article: http://doc.advisor.com/Articles.nsf/nl/12579

That article is completely useless. Obviously you didn't read what i wrote in the previous paragraph.

Altough it is supposed to work with Public keys I was unsuccessful in my limited tries. I use the Windows Crypo API with Private Encryption as I have no need for public.

Unfortunately Microsoft kind of relegated the Win CryptoAPI (the Fox _crypt.vcx is just a wrapper to it), to the back burner. They do not plan to update or do much with it as it has been replaced and superseded by the cryptography classes in .NET

If you really need public key support you may be better served by subclassing the .NET classes into a COM object that you can tap into. or looking into a third party COM solution. If you can live with private keys, WinCrypt may work for you if you can jump over the hurdles of using different versions of Windows to Encrypt/Decrypt (but that's another story).

Sorry I cannot be of more help, as I have not done Public Key Encryption with it myself.

>> That article is completely useless. Obviously you didn't read what i wrote in the previous paragraph

Please remember that everyone here is a volunteer and gives their time and knowledge freely to help others.

If you don't like the answers you get, then please feel free to go elsewhere for them but there's no call to be rude to someone who was only trying to help.

Hi,

I'm experiencing a problem with _crypt.vcx where decryption sometimes fails on certain computers but not others. Has anyone run into this and developed a solution

Thanks,

Rob

Rob,

In my previous message I mentioned problems with encrypt/decrypt using Win CryptoAPI and said that was another story. This is it!

Due to the relaxing of US export restrictions, some time ago Microsoft changed the default algorithm from 40Bits to 128Bits. This way, unless you take action, an encryption done in one OS (say WinXP) does not work properly (decryption) in another OS (Windows 2000).

See details at:

http://fox.wikis.com/wc.dll Wiki~CryptoAPI

You might be better served by an alternative by Craig Boyd [MVP]:

http://www.sweetpotatosoftware.com/SPSBlog/PermaLink,guid,db662a8f-d47c-46c8-b0d2-a591c20d024b.aspx

Alex,

Thanks for the quick and informative reply. I actually encrypted the data myself on WinXP Pro using FoxPro 8 and rsaenh.dll and the decryption fails also on some (not all) WinXP Pro computers that also use FoxPro 8 and rsaenh,dll (save version dll too).

One thing that may be relevant is the computers had Fox 7 installed and then Fox 8 upgrade, so both versions are resident.

Does that sound symtomatic of the same 40 vs 128 bit issue

Thanks!

Rob

I forgot to ask whether we can solve the problem by just ensuring all computers running the affected software have the same configuration - like the same version of some file(s). Since they are all in-house computers our IT guys can control the config.

Thx,

Rob

Rob,

Unfortunately I cannot give you a definite answer to your question. It technically should work if using same S and same version of rsaenh.dll

Having VFP7 or VFP8 should not make a difference as _crypt.vcx is just a wrapper to Win CryptoAPI.

I cannot explain why in some WinXP it works and not in some others as you say, all things being equal. MS has dropped development on CryptoAPI in favor of .Net crypto spaces.

I would consider changing the routines in VFP to Craig Boyd's FLL as mentioned above or else to another 3rd party solution for less headaches.

Thanks - I'll try Craig's code.

Rob

Rob Hershfield wrote:
I forgot to ask whether we can solve the problem by just ensuring all computers running the affected software have the same configuration - like the same version of some file(s). Since they are all in-house computers our IT guys can control the config.

That sounds reasonable.I did exactly that in-house a couple of years ago (when I was still using CryptoAPI. In fact we use one program to send encrypted daily transactional data to a client that way (both systems use a stand-alone utility I built in VFP 8.0 at the time, using Win2000 CryptoAPI in both ends). Works fine so no need to change it.

I had a little time to read MSDN docs about RSA public / private key pair, encrypting, CAPICOM, Certificates, EnvelopedData, PFX files. The sample is vbscript based, but we know that to port it into VFP not a challenge.

Ok, let's see it. I have a PFX file, what was created by CIPHER. Just to have something. I used this passphrase while creating the certificate: "a very secret passphrase of the private key".

I can load it this way:
set oCert = Createobject("CAPICOM.Certificate")
oCert.Load "D:\test\test.pfx", "a very secret passphrase of the private key", CAPICOM_KEY_STORAGE_USER_PROTECTED, CAPICOM_CURRENT_USER_KEY

This certificate has a public key, private key. To use it, the EnvelopedData look like usable. It's really simple. Grab an EnvelopedData object, write something into the content property, add recipipents to it and finally call the encrypt method. The object automatically generates a symmetric key, what will be used to encrypt the large amount of content. This key will be encrypted by the public key of recipients. The default settings of the EnvelopedData obejct can be configured to strengthen the encryption or whatever you want. A sample:

set oEnvelope = createobject("CAPICOM.EnvelopedData")
oEnvelope.Algorithm.Name= CAPICOM_ENCRYPTION_ALGORITHM_AES
oEnvelope.Algorithm.KeyLength=CAPICOM_ENCRYPTION_KEY_LENGTH_MAXIMUM
oEnvelope.Content="Here's some very important and confidental data"
oEnvelope.Recipients.Add oCert
sSecret=oEnvelope.Encrypt(CAPICOM_ENCODE_BASE64)

The format of message what we got this way is PKCS #7. To decrypt the message is a joke. Just call the decrypt method of the EnvelopedData object with only one parameter, like this:

Set EnvelopedData = CreateObject("CAPICOM.EnvelopedData")
EnvelopedData.Decrypt sSecret
wscript.echo "Decrypted text is: " & EnvelopedData.Content

Okay. Decryption method searches for the private key in the "My" certificate store at current user or the local machine. There's no way to setup a file for decryption.

Hi!

Let's say, that i have to access a web service on some secure page (https)
wich also requires me, to have a personal digital certificate.

Can I load this certificate to visual foxpro and then submit it to that page.
I need this, first to register web service and then to use web services.

thanx you

yeah u are rite ...

when u post your question dun expect forummers can solve 100 % your question.

We all here just share our knowledge and experience.