0

I have this code working to create a hash of the key to encrypt a string using Wincrypt:

wchar_t key[] = L"123456789AFA11";
wchar_t *key_str = key;
size_t len = lstrlenW(key_str);


DWORD dwStatus = 0;
BOOL bResult = FALSE;
wchar_t info[] = L"Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;

if (!CryptAcquireContextW(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
    dwStatus = GetLastError();
    printf("CryptAcquireContext failed: %x\n", dwStatus);
    CryptReleaseContext(hProv, 0);
    system("pause");
    return dwStatus;
}

HCRYPTHASH hHash;

if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) {      // Note that we will truncate the SHA265 hash to the first 128 bits because we are using AES128.
    dwStatus = GetLastError();
    printf("CryptCreateHash failed: %x\n", dwStatus);
    CryptReleaseContext(hProv, 0);
    system("pause");
    return dwStatus;
}

if (!CryptHashData(hHash, (BYTE*)key_str, len * sizeof(wchar_t), 0)) {
    DWORD err = GetLastError();
    printf("CryptHashData Failed : %#x\n", err);
    system("pause");
    return (-1);
}

If I use char instead wchar as key the encrypted text is totally different since wchar is 2 bytes per character:

char key[] = "123456789AFA11";
char *key_str = key;
size_t len = lstrlenA(key_str);


DWORD dwStatus = 0;
BOOL bResult = FALSE;
wchar_t info[] = "Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;

if (!CryptAcquireContextA(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
    dwStatus = GetLastError();
    printf("CryptAcquireContext failed: %x\n", dwStatus);
    CryptReleaseContext(hProv, 0);
    system("pause");
    return dwStatus;
}

HCRYPTHASH hHash;

if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) {      // Note that we will truncate the SHA265 hash to the first 128 bits because we are using AES128.
    dwStatus = GetLastError();
    printf("CryptCreateHash failed: %x\n", dwStatus);
    CryptReleaseContext(hProv, 0);
    system("pause");
    return dwStatus;
}

if (!CryptHashData(hHash, (BYTE*)key_str, len, 0)) {
    DWORD err = GetLastError();
    printf("CryptHashData Failed : %#x\n", err);
    system("pause");
    return (-1);
}

My question is which should I use to hash the key, char string or wchar_t string?

Also another question is UTF-8 in my apps means to use always char and UTF-16 means the use of wchar_t? I use always UNICODE in Visual Studio 2017 then should I use wchar since WindowsAPI's outputs seems to be wchar_t?

  • 1
    Of course they're different. You're hashing different data. In the `char` case you're hashing 14 bytes of data, in the `wchar_t` case it's 28 bytes of data. Which one you want is entirely up to you and your usage case. If your intent is to digest a 14-character narrow string, the former is correct. If the intent is to digest a 14-character wide string then it's the latter. We have no idea which of those *your situation needs* so we can't answer that. – WhozCraig Aug 22 '18 at 21:34

1 Answers1

1

which should I use to hash the key, char string or wchar_t string?

That is a matter of personal choice. Use whichever one suits your needs. Encryption operates on raw bytes, it doesn't care what those bytes represent.

UTF-8 in my apps means to use always char and UTF-16 means the use of wchar_t?

On windows, yes. wchar_t is not 2 bytes on most other platforms, so not UTF-16.

I use always UNICODE in Visual Studio 2017 then should I use wchar since WindowsAPI's outputs seems to be wchar_t?

Yes, Windows is a Unicode-based OS, and most of its string-based APIs expect/return UTF-16. But encryption APIs do not care about that. Though, in your case, you should probably consider converting UTF-16 to UTF-8 before encrypting, and then convert UTF-8 to UTF-16 after decrypting. That way, your encrypted data takes up less storage space, at least.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770