CryptoNG UDF - Cryptography API: Next Gen

[n3wbie]

18 hours ago, TheXman said:

With the original example that I provided, the detailed description of the differences between that original example and what's actually needed to decrypt the file that you DM'd me, and the 3 lines showing exactly how I parsed the information needed to decrypt your file, if you still aren't able to decrypt that file, then you obviously aren't using my examples and the information that I provided.  You must be doing your own thing.  If you are still having a problem decrypting that file, and you still want to be able to decrypt the file, then you need to show the script that you are using and ask for help identifying why it is not producing the expected results.  Showing little snippets of your script is not very helpful in trying to determine why the whole script is not producing the correct results.

Sorry for the confusion.

The Code that you provided is working flawlessly...

the code snippet that i provided earlier still has problem after 33 and 65 changes in particular

the functions of cryptoNG are Working flawlessly and I m able to decrypt the file successfully.

Thanks once again for the help ,also for explaining and supporting ;and sorry for the trouble that i created ...

[TheXman]

You're welcome. 

I'm glad that you were able to develop a working decryption script for your JSON files. 

[n3wbie]

7 minutes ago, TheXman said:

You're welcome. 

I'm glad that you were able to develop a working decryption script for your JSON files. 

I'm also satisfied that i could do it.

also due to better understanding of autoit rather than javascript. I could also make the port of the same code for PHP

Here Goes the code

<?php
$data=file_get_contents('abc.json')
$xiv=substr($data,0,32);
$xsalt=substr($data,32,32);
$data64=substr($data,64);
$data65=base64_encode($data64);
$xiv=hex2bin($xiv);
$xsalt1=hex2bin($xsalt);
$derivedkey = openssl_pbkdf2($sPassword, $xsalt1, 32, 1000, 'sha256');
$decodeddata= openssl_decrypt($data64,'aes-256-cbc',$derivedkey,OPENSSL_ZERO_PADDING ,$xiv)
return $decodeddata
  ?>

Much thanks @TheXman

[z75885446]

Please tell me how this rsa encryption implements public key to decrypt encrypted content. I found your code doesn't show it

[TheXman]

A detailed description of the RSA functions can be found in the help file that is included with the UDF (CryptoNG Help.chm).  Look in the "Asymmetric Encryption/Decryption Functions" section under the "Function Reference".   Also, there are examples of how to implement those functions in the included examples file (CryptoNG_Examples.au3).  In that examples file, there is an example of how to create a public/private key pair (create_legacy_rsa_key_pair_example) and there is an example of how to implement the RSA encryption and decryption functions using the generated key pair (rsa_public_private_key_encrypt_decrypt_data_example).

6 hours ago, z75885446 said:

Please tell me how this rsa encryption implements public key to decrypt encrypted content.

The public key is not used to decrypt encrypted content.  The public key is used to encrypt data.  The private key is used to decrypt data.

Edited July 20, 2023 by TheXman

[spudw2k]

11 hours ago, TheXman said:

The public key is not used to decrypt encrypted content.  The public key is used to encrypt data.  The private key is used to decrypt data.

Unless you are verifying signed data.  In that case the sender encrypts with their private key, and the recipient uses the sender's public key to decrypt.

[TheXman]

Signing and signature verification are totally different subjects than encryption and decryption.  Neither I nor the poster mentioned anything about signing or signature verification.

Thanks for your input though.

Edited July 21, 2023 by TheXman

[z75885446]

Excuse me, does anyone know how to do this? I don't think private key encryption is safe for clients. It is easy to analyze the public key information through the private key. The receiver uses the sender's public key to decrypt. That's exactly what I want to know,

[TheXman]

It appears that you want to know about RSA cryptography in general, not about anything specific to the CryptoNG UDF.  Learning about Cryptography is not the purpose of this topic.  This topic is for questions, comments, or concerns related to the UDF itself.  If you want to learn about cryptography, then go read a book or find some articles on the web.

[TheXman]

What's New in Version v2.0.0

• Added new RSA signing functions:
  • CryptoNG_RSA_SignHash
  • CryptoNG_RSA_VerifySignature

• Updated the supplied CryptoNG calltips and userudfs files to include the new RSA Signing and Signature Verification functions.
   
• Added RSA Signing and Signature Verification examples to the CryptoNG examples file.
   
• Added RSA Signing and Signature Verification functions to the CryptoNG UDF help file.
   
• Added a few new constants
   
• Misc function header corrections & modifications

[RTFC]

Congrats on one thousand downloads! (I think I was #1000)

[TheXman]

Yes, you were the 1000th download!

I think it's pretty awesome that the author of the CodeScannerCrypter Bundle, which is one of the most prolific implementers of the CryptoNG UDF that I know of, was the one to actually help me achieve that milestone.

Thanks @RTFC!

 

Edited July 28, 2023 by TheXman

[TheXman]

What's New in Version v2.1.0

• Added new ECDSA signing functions:
  • CryptoNG_ECDSA_CreateKeyPair
  • CryptoNG_ECDSA_SignHash
  • CryptoNG_ECDSA_VerifySignature
     
• Added ECDSA Signing and Signature Verification examples to the CryptoNG examples file.
  • create_ecdsa_key_pair_example()
  • ecdsa_sign_and_verify_example()
     
• Updated the supplied CryptoNG calltips and userudfs files to include the new ECDSA Signing and Signature Verification functions.
   
• Added the new ECDSA Signing and Signature Verification functions to the CryptoNG UDF Help File.
   
• Added new constants to support ECDSA signing functions.
   
• Misc function header corrections & modifications.
   
• Misc Help File corrections & modifications.
   
• Moved the version history log from the UDF to an external file (Version History.txt).

[konya]

The Func __CryptoNG_IsKeyBitLengthValid($hAlgorithmProvider, $vEncryptionKey) have some issue,

When I execute example it is fail and I'm found the issue is  $tKeyLengthsStruct.dwIncrement = 0,

Suggestion modify  to     ElseIf Mod($iEncryptKeyBitLength, $tKeyLengthsStruct.dwIncrement) <> 0 and $tKeyLengthsStruct.dwIncrement <> 0 Then. ,

[TheXman]

@konya Please provide a small example script that shows that it is not working correctly.

$tKeyLengthsStruct.dwIncrement should never be 0.  If the increment field is 0, then you probably had an earlier error that you did not catch, like an invalid algorithm provider handle.  An example script will help me see whether there's a bug or whether your script had an error (which includes not having adequate error checking).

Edited September 27 by TheXman

[konya]

@TheXman Please see my steps of images.

[TheXman]

@konya Thanks for posting the example. 

I was wrong, there is one condition where the increment field should be 0.  That's when the key can only be one length, like for DES and 3DES.    For 3DES, the key length can only be 192 bits (24 bytes).  So you were right about the Mod function being the issue.  It should not have tried to execute the Mod() function with a divisor of zero (the increment field).  Very nice catch! 

I will make the appropriate modification and post the updated later today.

Thank you for bring the issue to my attention.

Edited September 27 by TheXman

[TheXman]

What's New in Version v2.2.0

Released September 27, 2024

• Fixed a bug in the internal function __CryptoNG_IsKeyBitLengthValid() where it was possible for some valid key lengths to be reported as invalid. This would only occur for the few encryption algorithms that can only have 1 key length, like 3DES.  Thanks @konya for reporting the bug.
   
• Removed the trailing CRLF from _CryptoNG_CryptBinaryToString() results.  By default, the Win32 API (CryptBinaryToStringW) appends a CRLF to all results.
   
• Replaced all references to GCM "Authorization" tag to the correct name,  "Authentication" tag.  This was purely a documentation issue in the help file and function headers.

Edited September 27 by TheXman

[konya]

Share my good idea, manual create key to file or return binary data,

use key from memory no need to read files.

 

expandcollapse popup

;tagRSAPUBKEY
Global Const $tagRSAPUBKEY = _
                "align 1;" & _
                "char magic[4];" & _
                "uint bitlen;" & _
                "uint PubExpLength;" & _
                "uint ModulusLength;" & _
                "uint PLength;" & _
                "uint QLength;" & _
                "byte PubExp[3];" & _
                "byte Modulus[1];"

Global Const $tagRSAPRIVATEKEY = _
                "align 1;" & _
                "char magic[4];" & _
                "uint bitlen;" & _
                "uint PubExpLength;" & _
                "uint ModulusLength;" & _
                "uint PLength;" & _
                "uint QLength;" & _
                "byte PubExp[3];" & _
                "byte Modulus[1];" & _
                "byte P[1];" & _
                "byte q[1];"
;RSAPUBKEY


Func Read_to_Blob($key_path,$tag = "Public")
Local $hFile = FileOpen($key_path,$FO_BINARY)
Local $blob_b = FileRead($hFile)
FileClose($hFile)
Local $blob_handle = DllStructCreate("byte a["&BinaryLen($blob_b)&"];")
$blob_handle.a = $blob_b
if $tag = "Public" Then
Local $blob_data = DllStructCreate($tagRSAPUBKEY,DllStructGetPtr($blob_handle))
Local $tagRSAPUBKEY2 = StringReplace($tagRSAPUBKEY,"Modulus[1]","Modulus["&$blob_data.bitlen/8&"]")
$blob_data = DllStructCreate($tagRSAPUBKEY2,DllStructGetPtr($blob_handle))
_WinAPI_DisplayStruct($blob_data,$tagRSAPUBKEY2)
Else
Local $blob_data = DllStructCreate($tagRSAPRIVATEKEY,DllStructGetPtr($blob_handle))
Local $tagRSAPRIVATEKEY2 = StringReplace($tagRSAPRIVATEKEY,"Modulus[1]","Modulus["&$blob_data.bitlen/8&"]")
$tagRSAPRIVATEKEY2 = StringReplace($tagRSAPRIVATEKEY2,"p[1]","p["&$blob_data.bitlen/8/2&"]")
$tagRSAPRIVATEKEY2 = StringReplace($tagRSAPRIVATEKEY2,"q[1]","q["&$blob_data.bitlen/8/2&"]")
$blob_data = DllStructCreate($tagRSAPRIVATEKEY2,DllStructGetPtr($blob_handle))
_WinAPI_DisplayStruct($blob_data,$tagRSAPRIVATEKEY2)
EndIf
Return $blob_handle.a
EndFunc


Func Create_to_Blob($key_path,$tag = "Public" , $bitlen = 2048, $e = 65537, $Modulus = 0x0, $p = 0x0, $q = 0x0 ,$write_or_binary = 1)
if $tag = "Public" Then
Local $tagRSAPUBKEY2 = StringReplace($tagRSAPUBKEY,"Modulus[1]","Modulus["&$bitlen/8&"]")
Local $blob_data = DllStructCreate($tagRSAPUBKEY2)
$blob_data.magic = "RSA1"
$blob_data.bitlen = $bitlen
$blob_data.PubExpLength = 3
$blob_data.ModulusLength = $blob_data.bitlen/8 
$blob_data.PLength = 0
$blob_data.QLength = 0 
$blob_data.PubExp = $e
$blob_data.Modulus = $Modulus
_WinAPI_DisplayStruct($blob_data,$tagRSAPUBKEY2)
Else
Local $tagRSAPRIVATEKEY2 = StringReplace($tagRSAPRIVATEKEY,"Modulus[1]","Modulus["&$bitlen/8&"]")
$tagRSAPRIVATEKEY2 = StringReplace($tagRSAPRIVATEKEY2,"p[1]","p["&$bitlen/8/2&"]")
$tagRSAPRIVATEKEY2 = StringReplace($tagRSAPRIVATEKEY2,"q[1]","q["&$bitlen/8/2&"]")
Local $blob_data = DllStructCreate($tagRSAPRIVATEKEY2)
$blob_data.magic = "RSA2"
$blob_data.bitlen = $bitlen
$blob_data.PubExpLength = 3
$blob_data.ModulusLength = $blob_data.bitlen/8
$blob_data.PLength = $blob_data.bitlen/8/2
$blob_data.QLength = $blob_data.bitlen/8/2
$blob_data.PubExp = $e
$blob_data.Modulus = $Modulus
_WinAPI_DisplayStruct($blob_data,$tagRSAPRIVATEKEY2)
EndIf

Local $blob_binary = DllStructCreate("byte a["&DllStructGetSize($blob_data)&"];",DllStructGetPtr($blob_data))
if $write_or_binary = 1 Then
$hFile = FileOpen($key_path,$FO_BINARY+$FO_OVERWRITE)
FileWrite($hFile,$blob_binary.a)
FileClose($hFile)
Else
Return $blob_binary.a
EndIf

EndFunc

 

[konya]

On 7/21/2023 at 12:41 PM, z75885446 said:

Excuse me, does anyone know how to do this? I don't think private key encryption is safe for clients. It is easy to analyze the public key information through the private key. The receiver uses the sender's public key to decrypt. That's exactly what I want to know,

Use _CryptoNG_RSA_EncryptData($Private_c , $Public_key, $CNG_BCRYPT_PAD_NONE ) it is can let public key decrypt.

 

Edited November 13 by konya