Why my encrypted text doesn't change?

Why my encrypted text doesn't change?



I have this program working that encrypts a string of 9 bytes using AES128 from wincrypt.h but something strange happens when I change last character of the key:


wincrypt.h



from L"3igcZhRdWq96m3GUmTAiv2" to for example L"3igcZhRdWq96m3GUmTAiv1" or L"3igcZhRdWq96m3GUmTAiv9" the encrypted texts are still the same as each other.


L"3igcZhRdWq96m3GUmTAiv2"


L"3igcZhRdWq96m3GUmTAiv1"


L"3igcZhRdWq96m3GUmTAiv9"


#include <Windows.h>
#include <wincrypt.h>
#include <stdio.h>
#pragma comment(lib, "crypt32.lib")

#define BUFFER_SIZE 16

//params: <input file> <output file> <is decrypt mode> <key>
int wmain()


wchar_t key = L"3igcZhRdWq96m3GUmTAiv2";
wchar_t *key_str = key;


size_t len = lstrlenW(key_str);


DWORD dwStatus = 0;
BOOL bResult = FALSE;
wchar_t info = L"Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;

if (!CryptAcquireContextW(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
dwStatus = GetLastError();
printf("CryptAcquireContext failed: %xn", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;

HCRYPTHASH hHash;
if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash))
dwStatus = GetLastError();
printf("CryptCreateHash failed: %xn", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;


if (!CryptHashData(hHash, (BYTE*)key_str, len, 0))
DWORD err = GetLastError();
printf("CryptHashData Failed : %#xn", err);
system("pause");
return (-1);

printf("[+] CryptHashData Successn");

HCRYPTKEY hKey;
if (!CryptDeriveKey(hProv, CALG_AES_128, hHash, 0, &hKey))
dwStatus = GetLastError();
printf("CryptDeriveKey failed: %xn", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;

printf("[+] CryptDeriveKey Successn");

const size_t string_size = BUFFER_SIZE;
BYTE string[string_size] = "Fooooooo" ;
DWORD out_len = 9;



if (!CryptEncrypt(hKey, NULL, TRUE, 0, string, &out_len, string_size))
printf("[-] CryptEncrypt failedn");



for (DWORD i = 0; i < out_len; i++)
printf("%02x ", string[i]);
printf("n");

printf("%lun", out_len);
//printf("%s", string);
//printf("n");

if (!CryptDecrypt(hKey, NULL, TRUE, 0, string, &out_len))
printf("[-] CryptDecrypt failedn");


printf("%lun", out_len);
printf("%s", string);
printf("n");

memset(string, 0, string_size);

CryptReleaseContext(hProv, 0);
CryptDestroyKey(hKey);
CryptDestroyHash(hHash);

printf("Finishedn");
system("pause");
return 0;




Note also that the SHA256 hashes of the keys that I exposed before are diferent each other:


3igcZhRdWq96m3GUmTAiv2 -> F5584805AA52AC68062331F3B852001F2585D23105C22D61CF25C3C71D998F9B
3igcZhRdWq96m3GUmTAiv1 -> 25DF6A58974E67ABD2DE6EE29F1A045F87ADCDC05C879235C450D12ABAA549C1
3igcZhRdWq96m3GUmTAiv9 -> AE6FFA99AFF1A72ED31B4A16CE86CE060B1DB3C0ECA3769F27D8891155B1E16D



Source: https://passwordsgenerator.net/sha256-hash-generator/



If I change a middle or first character of the key (for example the first 3) or add more characters, the encrypted text will change this time as expected behaviour.



Do you know why happens that? The encrypted text should change if I change any character of the key, but this don't happens when I change only the last character.





Presumably, the encryption service doesn't use all 22 wide characters of the key you provide. You could work out how many it does use by changing the next to last wide character and seeing whether that causes a change to the encrypted data, repeating until you hit the point in the middle where a change in the key does trigger a change in the encrypted data. Or you could find out where in the documentation the limit is specified.
– Jonathan Leffler
2 days ago




1 Answer
1


if (!CryptHashData(hHash, (BYTE*)key_str, len, 0)) {



You are passing len, the length of key_str in characters (wchar_t), while CryptHashData expects the number of bytes. This means that it is effectively using only the first half of key_str (as wchar_t is 2 bytes on Win32).


len


key_str


wchar_t


CryptHashData


key_str


wchar_t



You can fix this easily:


if (!CryptHashData(hHash, (BYTE*)key_str, len*sizeof(*key_str), 0)) {





yes that's the fix I sometimes forget wchar is 2 bytes.
– EduardoG
2 days ago






One more question, why my AES encryption accepts a 256 bit key ( hashed with SHA256 )? if its set to AES128 which its fixed keysize is 128 bits.
– EduardoG
2 days ago






docs.microsoft.com/en-us/windows/desktop/api/wincrypt/… "Let n be the required derived key length, in bytes. The derived key is the first n bytes of the hash value after the hash computation has been completed by CryptDeriveKey." the extra bytes of the hash are simply discarded. This is not a problem, as cryptographic hashes are such that any byte of the input influence all the bytes of the hash, so truncating a hash to the desired length doesn't affect its dependence from the input data.
– Matteo Italia
2 days ago






Ok thank you very much I'm new to cryptography, thanks for your answers
– EduardoG
2 days ago






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Popular posts from this blog

ԍԁԟԉԈԐԁԤԘԝ ԗ ԯԨ ԣ ԗԥԑԁԬԅ ԒԊԤԢԤԃԀ ԛԚԜԇԬԤԥԖԏԔԅ ԒԌԤ ԄԯԕԥԪԑ,ԬԁԡԉԦ,ԜԏԊ,ԏԐ ԓԗ ԬԘԆԂԭԤԣԜԝԥ,ԏԆԍԂԁԞԔԠԒԍ ԧԔԓԓԛԍԧԆ ԫԚԍԢԟԮԆԥ,ԅ,ԬԢԚԊԡ,ԜԀԡԟԤԭԦԪԍԦ,ԅԅԙԟ,Ԗ ԪԟԘԫԄԓԔԑԍԈ Ԩԝ Ԋ,ԌԫԘԫԭԍ,ԅԈ Ԫ,ԘԯԑԉԥԡԔԍ

How to change the default border color of fbox? [duplicate]

ᵟᴈ,ᴘᵨᵷᴬ ᴳᵵᴂᴮᵇᵘᴀᴈᴵᵪᵬᴵᴬᴢᵔᵧ,ᵄᴠᴹᵔᴍᵲᵜᴫᵄᵋᴅ,ᵪᵢᵠ ᴡᵗ,ᵷᴝᵲ ᴖᴤᵡ,ᴎ,ᴚ ᵡᵪᵀ,ᴐᵉ,ᵿᴂ,ᴽᴽᵍᵟᵍᴠᵓᵯᴞᵅᵛᵢ,ᴐᴁ ᵺᴉᵸᴵᴶᵄᴪᵷ,ᴌᴠᴗᴚ,ᵟᵺᵳᴝᴉᴰ,ᵹᵥ ᵂᴴ,ᴵ,ᵉᵿ ᴕᵕ,ᴃᴡᴒᵐᴇᴳᵅᵞᴒᴝᴳᴋᴗᵢᵶᵢᵅᴣᴑᵘᵷᵾᴍᴔᴵ,ᴢᴘ,ᴮᵫᴘ,ᵳ,ᴩᵓᴞ