About This File
Encryption / Decryption / Hashing / Signing
Purpose
Cryptography API: Next Generation (CNG) is Microsoft's long-term replacement for their CryptoAPI. Microsoft's CNG is designed to be extensible at many levels and cryptography agnostic in behavior. Although the Crypt.au3 UDF lib that is installed with AutoIt3 still works well, the advapi32.dll functions that it uses have been deprecated. In addition the Crypt.au3 UDF lib, as it is currently written, has a very limited ability to decrypt AES data that was not encrypted using Crypt.au3 functions. That is because Crypt.au3 functions do not allow you to specify an actual key or initialization vector (IV). It only lets you specify data to be used to derive a key and uses a static IV. This UDF was created to offer a replacement for the deprecated functions used by Crypt.au3. According to Microsoft, deprecated functions may be removed in future release. It was also created to allow more flexibility and functionality in encryption/decryption/hashing/signing and to expand the ability for users to implement cryptography in their scripts.
Description
This UDF implements some of Microsoft's Cryptography API: Next Generation (CNG) Win32 API functions. It implements functions to encrypt/decrypt text and files, generate hashes, derive keys using Password-Based Key Derivation Function 2 (PBKDF2), create and verify signatures, and has several cryptography-related helper functions. The UDF can implement any encryption/decryption algorithms and hashing algorithms that are supported by the installed cryptography providers on the PC in which it is running. Most, if not all, of the "magic number" values that you would commonly use to specify that desired algorithms, key bit lengths, and other magic number type values, are already defined as constants or enums in the UDF file.
To flatten the learning curve, there is an example file that shows examples of all of the major functionality. This example file is not created to be an exhaustive set of how to implement each feature and parameter. It is designed to give you a template or guide to help you hit the ground running in terms of using the functions. I have tried to fully document the headers of all of the functions as well as the code within the functions themselves. As of v1.4.0, there is also a Help file that includes all of the functions, with examples.
Current UDF Functions
-
Algorithm-Specific Symmetric Encryption/Decryption Functions
- _CryptoNG_AES_CBC_EncryptData
-
_CryptoNG_AES_CBC_DecryptData
- _CryptoNG_AES_CBC_EncryptFile
-
_CryptoNG_AES_CBC_DecryptFile
- _CryptoNG_AES_ECB_EncryptData
-
_CryptoNG_AES_ECB_DecryptData
- _CryptoNG_AES_GCM_EncryptData
-
_CryptoNG_AES_GCM_DecryptData
- _CryptoNG_3DES_CBC_EncryptData
-
_CryptoNG_3DES_CBC_DecryptData
- _CryptoNG_3DES_CBC_EncryptFile
-
_CryptoNG_3DES_CBC_DecryptFile
-
Generic Symmetric Encryption/Decryption Functions
- _CryptoNG_EncryptData
-
_CryptoNG_DecryptData
- _CryptoNG_EncryptFile
-
_CryptoNG_DecryptFile
-
Hashing Functions
- _CryptoNG_HashData
-
_CryptoNG_HashFile
-
_CryptoNG_PBKDF2
-
Asymmetric (Public/Private Key) Cryptography Functions
- _CryptoNG_ECDSA_CreateKeyPair
- _CryptoNG_ECDSA_SignHash
-
_CryptoNG_ECDSA_VerifySignature
- _CryptoNG_RSA_CreateKeyPair
- _CryptoNG_RSA_EncryptData
- _CryptoNG_RSA_DecryptData
- _CryptoNG_RSA_SignHash
-
_CryptoNG_RSA_VerifySignature
-
Misc / Helper Functions
- _CryptoNG_CryptBinaryToString
-
_CryptoNG_CryptStringToBinary
-
_CryptoNG_GenerateRandom
- _CryptoNG_EnumAlgorithms
- _CryptoNG_EnumRegisteredProviders
-
_CryptoNG_EnumKeyStorageProviders
-
_CryptoNG_LastErrorMessage
- _CryptoNG_Version
Related Links
Cryptography API: Next Generation - Main Page
Cryptography API: Next Generation - Reference
Cryptography API: Next Generation - Primitives
Cryptography API: Next Generation - Cryptographic Algorithm Providers
Edited by TheXman
What's New in Version v2.2.0
Released
Released September 27, 2024
-
Fixed a bug in the internal function __CryptoNG_IsKeyBitLengthValid() where it was possible for some valid key lengths to be reported as invalid. This would only occur for the few encryption algorithms that can only have 1 key length, like 3DES. Thanks @konya for reporting the bug.
-
Removed the trailing CRLF from _CryptoNG_CryptBinaryToString() results. By default, the Win32 API (CryptBinaryToStringW) appends a CRLF to all results.
-
Replaced all references to GCM "Authorization" tag to the correct name, "Authentication" tag. This was purely a documentation issue in the help file and function headers.
Recommended Comments