/*
下面我們來看看如何哈希一個對話密鑰,這個密鑰可以用來對一個消息,文件進行加密。我們依舊從一個程序開始。
*/
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#pragma comment (lib, "crypt32.lib")
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.void main()
{//--------------------------------------------------------------------// Copyright (c) Microsoft Corporation. All rights reserved.// Declare variables.HCRYPTPROV hCryptProv;HCRYPTHASH hHash;HCRYPTKEY hKey;//--------------------------------------------------------------------// Begin processing.printf("Process beginning. Creating a session key. \n");BYTE pData[11]="1234567890";if(CryptAcquireContext( // 首先依舊是獲取一個缺省的CSP句柄&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {printf("CryptAcquireContext complete. \n");}else{MyHandleError(TEXT("Acquisition of context failed."));}if(CryptCreateHash( // 創建一個CALG_MD5算法的HASH對象,這個hash對象用的是MD5算法hCryptProv, // 指定一個CSP句柄CALG_MD5, // 指定算法0, 0, &hHash)) {printf("An empty hash object has been created. \n");}else{MyHandleError(TEXT("Error during CryptBeginHash!\n"));}if(CryptGenKey( // 創建密鑰hCryptProv, // 傳入一個CSP句柄CALG_RC2, // 指明密鑰身成所用算法CRYPT_EXPORTABLE, // 說明密鑰是可以導出到CSP,用于這個應用程序外的&hKey)) {printf("A random session key has been created. \n");}else{MyHandleError(TEXT("Error during CryptGenKey!\n"));}if(CryptHashSessionKey( //對生成的密鑰進行hashhHash, hKey, 0)){printf("The session key has been hashed. \n");}else{MyHandleError(TEXT("Error during CryptHashSessionKey!\n"));}DWORD dwRead; //在這里就可以添加代碼,用生成的密鑰進行加密if(hHash){if(!(CryptDestroyHash(hHash)))MyHandleError(TEXT("Error during CryptDestroyHash"));}if(hKey){if(!(CryptDestroyKey(hKey)))MyHandleError(TEXT("Error during CryptDestroyKey"));}// Release the CSP.if(hCryptProv){if(!(CryptReleaseContext(hCryptProv,0)))MyHandleError(TEXT("Error during CryptReleaseContext"));}printf("Create random session key completed without error. \n");
} // end main
實驗6`````````````````````````````
/*
下面逐漸進入主題了,現在來講講是如何對數據進行Encoding and Decoding的。依舊是從一段程序中開始。
*/
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#pragma comment (lib, "crypt32.lib")
#define MY_ENCODING_TYPE (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING)void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.void main(void)
{HCRYPTMSG hMsg; //指向一個消息句柄BYTE* pbContent; //一個BYTE指針指向消息DWORD cbContent; //消息長度DWORD cbEncodedBlob; //ECODE的BLOB的大小BYTE *pbEncodedBlob; //一個BYTE指針指向ENCODE BLOBDWORD cbData = sizeof(DWORD); //數據大小DWORD cbDecoded; //Decode內容大小BYTE *pbDecoded; //指向Decode的指針pbContent = (BYTE*)"Security is our only business";cbContent = strlen((char *) pbContent)+1;printf("The original message => %s\n",pbContent); if(cbEncodedBlob = CryptMsgCalculateEncodedLength(MY_ENCODING_TYPE, //指定Encode類型,在程序的開頭已經預定義了,MY_ENCODING_TYPE 就是 PKCS_7_ASN_ENCODING | X509_ASN_ENCODING0, //FlagsCMSG_DATA, // 定義了數據的類型,這里指定為BYTE型的字符串NULL, NULL, cbContent)) // 內容的大小//這里的的函數的作用是計算指定消息Encode所需要的最大的長度,通過計算,為一個BLOB分配內存空間。{printf("The length of the data has been calculated. \n");}else{MyHandleError(TEXT("Getting cbEncodedBlob length failed"));}//為encode blob分配內存空間if(pbEncodedBlob = (BYTE *) malloc(cbEncodedBlob)){printf("Memory has been allocated for the signed message. \n");}else{MyHandleError(TEXT("Memory allocation failed"));}if(hMsg = CryptMsgOpenToEncode( //CryptMsgOpenToEncode為Encode,開一個消息MY_ENCODING_TYPE, // Encode類型,文件開始有說明0, // FlagsCMSG_DATA, // 指定Message的類型,CMSG_DATA說明類型沒用到NULL, // 現在沒有到,為NULLNULL, // 同上NULL)) // 不是流加密,這個參數為NULL{printf("The message to be encoded has been opened. \n");}else{MyHandleError(TEXT("OpenToEncode failed"));}if(CryptMsgUpdate( // CryptMsgUpdate將數據加到消息中,可以通過循環,將數據一段段的加得到消息中hMsg, // 一個小心句柄pbContent, // 指向數據的指針cbContent, // 數據的大小TRUE)) // TRUE表明這個是最后一段數據,在開個消息的時候,如果CMSG_DETACHED_FLAG有使用到,這設為FALSE,否則為TRUE。{printf("Content has been added to the encoded message. \n");}else{MyHandleError(TEXT("MsgUpdate failed"));}if(CryptMsgGetParam( // CryptMsgGetParam是獲取一個消息中的參數hMsg, // 一個消息句柄CMSG_BARE_CONTENT_PARAM, //指定要獲取的參數的類型0, pbEncodedBlob, // 一個接受數據的內存地址&cbEncodedBlob)) // BLOB的大小,即是上面接受的數據的大小{printf("Message encoded successfully. \nencoded");printf("The message is %s.\n",(LPSTR)pbEncodedBlob);}else{MyHandleError(TEXT("MsgGetParam failed"));}//釋放消息句柄if(hMsg)CryptMsgClose(hMsg);//if(hMsg = CryptMsgOpenToDecode( //開個Decode的小心句柄,參數和上面的Encode一樣MY_ENCODING_TYPE, 0, CMSG_DATA, NULL, NULL, NULL)) {printf("The message to decode is open. \n");}else{MyHandleError(TEXT("OpenToDecode failed"));}//下面的過程和Encode類似,調用的函數和上面相同,只不過是過程逆向printf("\nThe length of the encoded message is %d.\n\n",cbEncodedBlob);if(CryptMsgUpdate(hMsg, // Handle to the messagepbEncodedBlob, // Pointer to the encoded BLOBcbEncodedBlob, // Size of the encoded BLOBTRUE)) // Last call{printf("The encoded BLOB has been added to the message. \n");}else{MyHandleError(TEXT("Decode MsgUpdate failed"));}if(CryptMsgGetParam( // CryptMsgGetParam的調用和上面有所不同,這里一共是調用兩次,第一次的作用主要是得到消息的大小,第二次是得到消息所在的內存地址hMsg, //消息句柄CMSG_CONTENT_PARAM, // Parameter type0, NULL, // Address for returned // information&cbDecoded)) // Size of the returned// information{printf("The decoded message size is %d. \n", cbDecoded);}else{MyHandleError(TEXT("Decode CMSG_CONTENT_PARAM failed"));}if(pbDecoded = (BYTE *) malloc(cbDecoded)){printf("Memory has been allocated for the decoded message.\n");}else{MyHandleError(TEXT("Decoding memory allocation failed."));}if(CryptMsgGetParam(hMsg, // Handle to the messageCMSG_CONTENT_PARAM, // Parameter type0, // IndexpbDecoded, // Address for returned // information&cbDecoded)) // Size of the returned // information{printf("The message is %s.\n",(LPSTR)pbDecoded);}else{MyHandleError(TEXT("Decode CMSG_CONTENT_PARAM #2 failed"));}if(pbEncodedBlob)free(pbEncodedBlob);if(pbDecoded)free(pbDecoded);if(hMsg)CryptMsgClose(hMsg);printf("This program ran to completion without error. \n");} // End of main
實驗5`````````````````````````````
/*
當我們已經生成了一個密鑰,我們下面要做的是如何保存,導出,導入一個對話密鑰。將一個密鑰保存起來,導出,保存到硬盤上。這樣,這個密鑰就可以在其它應用程序上使用,而不會隨著生成密鑰程序的關閉而丟失了。下面這段程序就是用來演示如何保存,導出一個對話密鑰的。
*/
#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.
void main(void)
{//--------------------------------------------------------------------// Declare and initialize variables.HCRYPTPROV hProv; // CSP handleHCRYPTKEY hSignKey; // Signature key pair handleHCRYPTKEY hXchgKey; // Exchange key pair handleHCRYPTKEY hKey; // Session key handleBYTE *pbKeyBlob; // Pointer to a simple key BLOBDWORD dwBlobLen; // The length of the key BLOB//--------------------------------------------------------------------// Acquire a cryptographic provider context handle.if(CryptAcquireContext( // 獲取一個缺省容器的CSP句柄&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {printf("The CSP has been acquired. \n");}else{MyHandleError(TEXT("Error during CryptAcquireContext."));}if(CryptGetUserKey( // CryptGetUserKey是獲取一個密鑰//句柄的函數,成功返回TRUEhProv, //指定容器的CSP模塊句柄AT_SIGNATURE, //指定私鑰的類型&hSignKey)) //原來接收獲取的密鑰句柄{_tprintf(TEXT("A signature key is available.\n"));}else{_tprintf(TEXT("No signature key is available.\n"));if(GetLastError() == NTE_NO_KEY) // NTE_NO_KEY意味著密鑰不存在,下面就生成一個密鑰{_tprintf(TEXT("The signature key does not exist.\n"));_tprintf(TEXT("Create a signature key pair.\n")); if(CryptGenKey( // CryptGenKey生成一個密鑰hProv, //指定CSP模塊的句柄AT_SIGNATURE, //對于公鑰密碼系統,生成一個私鑰和一個公鑰,這個參數指定了這個密鑰是公鑰,于是生成了一個密碼對。如果不是公鑰系統,則指定了密碼算法,具體看MSDN。0, //指定了生成密鑰的類型,這個參數的說明挺多的,想獲取更為詳盡的資料請看MSDN。&hSignKey)) {_tprintf(TEXT("Created a signature key pair.\n"));}else{MyHandleError(TEXT("Error occurred creating a ")TEXT("signature key.\n")); }}else{MyHandleError(TEXT("An error other than NTE_NO_KEY ")TEXT("getting a signature key.\n"));}} // End if.//--------------------------------------------------------------------if(CryptGetUserKey( // 獲取一個AT_KEYEXCHANGE,類型的密鑰句柄,保存在hXchgKey中hProv, AT_KEYEXCHANGE, &hXchgKey)) {printf("The key exchange key has been acquired. \n");}else{printf("Error during CryptGetUserKey exchange key.");}// Generate a session key.if (CryptGenKey( //生成一個CRYPT_EXPORTABLE(可導出的),CALG_RC4(指定算法)的密鑰,保存在hKeyhProv, CALG_RC4, CRYPT_EXPORTABLE, &hKey)){ printf("Original session key is created. \n");}else{MyHandleError(TEXT("ERROR -- CryptGenKey."));}if(CryptExportKey( // CryptExportKey導出一個密鑰hKey, // 將要導出的密鑰的句柄hXchgKey, //用戶最終使用到的密鑰的句柄SIMPLEBLOB, // 指定BLOB的類型,SIMPLEBLOB說明是 用來導出對話密鑰的0, // 指定密鑰的附加屬性NULL, &dwBlobLen)) // 當時這個函數在這里的主要//目的是得到這個BLOB的長度{printf("Size of the BLOB for the session key determined. \n");}else{MyHandleError(TEXT("Error computing BLOB length."));}if(pbKeyBlob = (BYTE*)malloc(dwBlobLen)) {printf("Memory has been allocated for the BLOB. \n");}else{MyHandleError(TEXT("Out of memory. \n"));}if(CryptExportKey( //這是這個函數才是真正的導出密鑰hKey, hXchgKey, SIMPLEBLOB, 0, pbKeyBlob, &dwBlobLen)){printf("Contents have been written to the BLOB. \n");}else{MyHandleError(TEXT("Error during CryptExportKey."));}free(pbKeyBlob); //釋放內存// Destroy the session key.if(hKey)CryptDestroyKey(hKey);// Destroy the signature key handle.if(hSignKey)CryptDestroyKey(hSignKey);// Destroy the key exchange key handle.if(hXchgKey)CryptDestroyKey(hXchgKey);// Release the provider handle.if(hProv) CryptReleaseContext(hProv, 0);printf("The program ran to completion without error. \n");}
實驗4`````````````````````````````
/*
講如何復制一個對話密鑰,照例是從一個程序講起,完成以下任務。獲取一個CSP句柄,
創建一個對話密鑰,復制密鑰。改變密鑰生成過程,隨機填充一個緩沖區,銷毀密鑰句柄,釋放CSP句柄
*/
#include "stdafx.h"
#include <stdio.h>
#include <tchar.h>
#include <string.h>
#include <conio.h>
#include <windows.h>
#include <Wincrypt.h>
#define MY_ENCODING_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.void GetConsoleInput(char* strInput, int intMaxChars)
{char ch;char minChar = ' ';minChar++;ch = getch();while (ch != '\r'){if (ch == '\b' && strlen(strInput) > 0){strInput[strlen(strInput)-1] = '\0';printf("\b \b");}else if (ch >= minChar && strlen(strInput) < intMaxChars){strInput[strlen(strInput)+1] = '\0';strInput[strlen(strInput)] = ch;putch('*');}ch = getch();}putch('\n');
}void main()
{//-------------------------------------------------------------------// Declare and initialize variables.HCRYPTPROV hCryptProv; // CSP句柄HCRYPTKEY hOriginalKey; // 源密鑰句柄HCRYPTKEY hDuplicateKey; // 復制后的密鑰句柄DWORD dwMode; BYTE pbData[16];printf("This program creates a session key and duplicates \n");printf("that key. Next, parameters are added to the original \n");printf("key. Finally, both keys are destroyed. \n\n");if(CryptAcquireContext( // 獲取CSP句柄,前面敘述過了,這里就不敘述了&hCryptProv,NULL,NULL,PROV_RSA_FULL,0)) { printf("CryptAcquireContext succeeded. \n");}else{MyHandleError(TEXT("Error during CryptAcquireContext!\n"));}//-------------------------------------------------------------------if (CryptGenKey( // 生成一個CALG_RC4算法生成的密鑰,保存在hOriginalKey中hCryptProv, CALG_RC4, // ALG_ID結構,指定生成這個密鑰使用的算法0, &hOriginalKey)){printf("Original session key is created. \n");}else{MyHandleError(TEXT("ERROR - CryptGenKey."));}if (CryptDuplicateKey( // 復制密鑰hOriginalKey, // 源密鑰NULL, // 保留參數,必須為NULL0, // 保留參數,必須為0&hDuplicateKey)) // 副本密鑰{printf("The session key has been duplicated. \n");}else{MyHandleError(TEXT("ERROR - CryptDuplicateKey"));}// 給源密鑰設置附加參數dwMode = CRYPT_MODE_ECB; //CRYPT_MODE_ECB是一個沒有反饋的塊加密模式 if(CryptSetKeyParam(hOriginalKey, KP_MODE, // KP_MODE指定密鑰的某種屬性被改變,// 意味著改變的是加密模式(BYTE*)&dwMode, // 指向一個已經被初始化的緩沖區0)) {printf("Key Parameters set. \n");}else{MyHandleError(TEXT("Error during CryptSetKeyParam."));}if(CryptGenRandom( // 隨機填充一塊緩沖區hCryptProv, // CSP句柄8, // 緩沖區大小pbData)) // 緩沖區地址{printf("Random sequence generated. \n");}else{MyHandleError(TEXT("Error during CryptGenRandom."));}if(CryptSetKeyParam( //再次給密鑰設置屬性hOriginalKey, KP_IV, // KP_IV意味著,這個函數的第三個參數指向一個BYTE數組,數組大小為塊大小/8。pbData, 0)) {printf("Parameter set with random sequence as ""initialization vector. \n");}else{MyHandleError(TEXT("Error during CryptSetKeyParam."));}//-------------------------------------------------------------------if (hOriginalKey) // 以下依次銷毀,釋放源密鑰句柄,副本句柄,CSP句柄,if (!CryptDestroyKey(hOriginalKey))MyHandleError(TEXT("Failed CryptDestroyKey\n"));if (hDuplicateKey)if (!CryptDestroyKey(hDuplicateKey))MyHandleError(TEXT("Failed CryptDestroyKey\n"));if(hCryptProv)if (!CryptReleaseContext(hCryptProv, 0))MyHandleError(TEXT("Failed CryptReleaseContext\n"));printf("\nThe program ran to completion without error. \n");} // End of main.
實驗3`````````````````````````````
/*任務一:調用CryptAcquireContext,獲取一個缺省CSP和缺省密鑰容器的句柄任務二:用CryptCreateHash去創建一個空的哈希對象任務三:用CryptHashData.哈希密碼任務四:調用CryptDeriveKey獲取一個對話密鑰任務五:銷毀密碼和哈希后的數據任務六:釋放CSP
*/
#include "stdafx.h"
#include <stdio.h>
#include <tchar.h>
#include <string.h>
#include <conio.h>
#include <windows.h>
#include <Wincrypt.h>void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.void GetConsoleInput(char* strInput, int intMaxChars)
{char ch;char minChar = ' ';minChar++;ch = getch();while (ch != '\r'){if (ch == '\b' && strlen(strInput) > 0){strInput[strlen(strInput)-1] = '\0';printf("\b \b");}else if (ch >= minChar && strlen(strInput) < intMaxChars){strInput[strlen(strInput)+1] = '\0';strInput[strlen(strInput)] = ch;putch('*');}ch = getch();}putch('\n');
}
void main()
{HCRYPTPROV hCryptProv; // 定義CSP句柄HCRYPTKEY hKey; // 定義密鑰句柄HCRYPTHASH hHash; // 定義一個HASH對象的句柄CHAR szPassword[512] = ""; // 定義512大小的字符數組,用來保存密碼DWORD dwLength; // 保存密碼長度fprintf(stderr,"Enter a password to be used to create a key:");GetConsoleInput(szPassword, 512); // 獲取密碼,這個是自己寫的函數,目的是在屏幕上顯示的是*。printf("The password has been stored.\n");dwLength = strlen(szPassword);if(CryptAcquireContext( //以下是獲取一個缺省的PROV_RSA_FULL CSP 句柄&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {printf("A context has been acquired. \n");}else{MyHandleError(TEXT("Error during CryptAcquireContext!"));}//--------------------------------------------------------------------if(CryptCreateHash( // 調用CryptCreateHash創建一個HASH對象hCryptProv, // 一個CSP句柄CALG_MD5, // 確定哈希算法 8003h0, //對于非密鑰算法,這個參數一定是0,如果是密鑰算法,那么這個參數就是密鑰0, // 保留參數,為0&hHash)) // 一個哈希對象的指針{printf("An empty hash object has been created. \n");}else{MyHandleError(TEXT("Error during CryptCreateHash!"));}//--------------------------------------------------------------------if(CryptHashData( // 調用CryptHashData哈希密碼hHash, // 哈希對象(BYTE *)szPassword, // 指向緩沖區的地址dwLength, // 密碼長度0)) {printf("The password has been hashed. \n");}else{MyHandleError(TEXT("Error during CryptHashData!"));}//--------------------------------------------------------------------if(CryptDeriveKey( //調用CryptDeriveKey獲取對話密碼hCryptProv, // CSP句柄CALG_RC2, // 6602h 一個ALG_ID結構,用來指定對稱密鑰生成的算法hHash, // 哈希對象CRYPT_EXPORTABLE, //指定生成密鑰的類型,CRYPT_EXPORTABLE意味著這個程序生成的密鑰可以被其它程序調用,而不是僅僅限于這個程序當中。但是它不能用于非對稱密碼中。&hKey)) {printf("The key has been derived. \n");}else{MyHandleError(TEXT("Error during CryptDeriveKey!"));}if(hHash) // 銷毀哈希對象{if(!(CryptDestroyHash(hHash)))MyHandleError(TEXT("Error during CryptDestroyHash"));}if(hKey) // 銷毀密鑰句柄{if(!(CryptDestroyKey(hKey)))MyHandleError(TEXT("Error during CryptDestroyKey"));}if(hCryptProv) // 銷毀CSP句柄{if(!(CryptReleaseContext(hCryptProv, 0)))MyHandleError(TEXT("Error during CryptReleaseContext"));}printf("The program to derive a key completed without error. \n");
} // end main
實驗2`````````````````````````````
/*這個程序演示了以下內容和幾個函數。一. 用CryptAcquireContext獲取一個缺省容器的缺省CSP的句柄。如果缺省容器不存在,用CryptAcquireContext創建一個。二. 用CryptGetProvParam獲取CSP和容器的信息。三. 用CryptContextAddRef增加CSP的引用計數器的數值。四. 用CryptAcquireContext創建一個指定的容器五. 用CryptAcquireContext刪除一個容器六. 用一個新創建的容器獲取一個CSP的句柄。
*/
#include <stdio.h>
#include "stdafx.h"
#include <tchar.h>
#include <windows.h>
#include <Wincrypt.h>void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.void main(void)
{HCRYPTPROV hCryptProv; //定義CSP句柄if(CryptAcquireContext(&hCryptProv, NULL, //缺省容器NULL, //缺省CSPPROV_RSA_FULL, 0)) {_tprintf(TEXT("CryptAcquireContext succeeded.\n"));}else{if (GetLastError() == NTE_BAD_KEYSET) //同樣,如果當不存在這樣的容器的時候,創建一個{if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {_tprintf(TEXT("CryptAcquireContext succeeded.\n"));}else{MyHandleError(TEXT("Could not create the default ")TEXT("key container.\n"));}}else{MyHandleError(TEXT("A general error running ")TEXT("CryptAcquireContext."));}}CHAR pszName[1000];DWORD cbName;cbName = 1000;if(CryptGetProvParam(hCryptProv, //CSP模塊句柄PP_NAME, //指定獲取哪些信息,這里是指定獲取CSP名字的信息(BYTE*)pszName, //緩沖區接受信息返回值&cbName, 0)){_tprintf(TEXT("CryptGetProvParam succeeded.\n"));printf("Provider name: %s\n", pszName);}else{MyHandleError(TEXT("Error reading CSP name.\n"));}//---------------------------------------------------------------// Read the name of the key container.cbName = 1000;if(CryptGetProvParam(hCryptProv, PP_CONTAINER, //獲取容器名字(BYTE*)pszName, &cbName, 0)){_tprintf(TEXT("CryptGetProvParam succeeded.\n"));printf("Key Container name: %s\n", pszName);}else{MyHandleError(TEXT("Error reading key container name.\n"));}//增加CSP的引用計數器的數值。if(CryptContextAddRef( // CryptContextAddRef是向一個CSP的引用計數器增加一個值的函數hCryptProv, NULL, //保留值,必須為NULL0)) //保留值,必須為0{_tprintf(TEXT("CryptcontextAddRef succeeded.\n"));}else{MyHandleError(TEXT("Error during CryptContextAddRef!\n"));}//---------------------------------------------------------------// The reference count on hCryptProv is now greater than one. // The first call to CryptReleaseContext will not release the // provider handle. //---------------------------------------------------------------// Release the context once.if (CryptReleaseContext(hCryptProv, 0)) // CryptReleaseContext是用來釋放CSP句柄的,當這個函數調用一次的時候,CSP里面的引用計數就減少一,當引用計數減少的0的時候。CSP將不能再被這個程序中的任何函數調用了。{_tprintf(TEXT("The first call to CryptReleaseContext ")TEXT("succeeded.\n"));}else{MyHandleError(TEXT("Error during ")TEXT("CryptReleaseContext #1!\n"));}if (CryptReleaseContext(hCryptProv, 0)) //再次釋放CSP模塊{_tprintf(TEXT("The second call to CryptReleaseContext ")TEXT("succeeded.\n"));}else{MyHandleError(TEXT("Error during ")TEXT("CryptReleaseContext #2!\n"));}//下面是從PROV_RSA_FULL的CSP模塊中創建一個自己的容器LPCTSTR pszContainerName = TEXT("My Sample Key Container");hCryptProv = NULL;if(CryptAcquireContext(&hCryptProv, pszContainerName,NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {_tprintf(TEXT("CryptAcquireContext succeeded. \n"));_tprintf(TEXT("New key set created. \n")); //-----------------------------------------------------------// Release the provider handle and the key container.if(hCryptProv){if(CryptReleaseContext(hCryptProv, 0)) {hCryptProv = NULL;_tprintf(TEXT("CryptReleaseContext succeeded. \n"));}else{MyHandleError(TEXT("Error during ")TEXT("CryptReleaseContext!\n"));}}}else{if(GetLastError() == NTE_EXISTS){_tprintf(TEXT("The named key container could not be ")TEXT("created because it already exists.\n"));}else{MyHandleError(TEXT("Error during CryptAcquireContext ")TEXT("for a new key container."));}}if(CryptAcquireContext(&hCryptProv, pszContainerName, NULL, PROV_RSA_FULL,0)) {_tprintf(TEXT("Acquired the key set just created. \n"));}else{MyHandleError(TEXT("Error during CryptAcquireContext!\n"));}//---------------------------------------------------------------// Perform cryptographic operations.//---------------------------------------------------------------if(CryptReleaseContext(hCryptProv, 0)) {_tprintf(TEXT("CryptReleaseContext succeeded. \n"));}else{MyHandleError(TEXT("Error during CryptReleaseContext!\n"));}if(CryptAcquireContext(&hCryptProv, pszContainerName, NULL, PROV_RSA_FULL,CRYPT_DELETEKEYSET)) //CRYPT_DELETEKEYSET意味著CryptAcquireContex刪除一個指定的容器{_tprintf(TEXT("Deleted the key container just created. \n"));}else{MyHandleError(TEXT("Error during CryptAcquireContext!\n"));}
}
實驗1`````````````````````````````
#include "stdafx.h"
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include <Wincrypt.h>/*
任務一:獲取一個指定的密鑰容器,如果這個容器不存在,創建一個。
任務二:如果容器中不存在一個簽名密鑰對,創建一個
任務三:如果容器中不存在一個交換密鑰對,創建一個
*/
void MyHandleError(LPTSTR psz)
{_ftprintf(stderr, TEXT("An error occurred in the program. \n"));_ftprintf(stderr, TEXT("%s\n"), psz);_ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());_ftprintf(stderr, TEXT("Program terminating. \n"));exit(1);
} // End of MyHandleError.int _tmain(int argc, _TCHAR* argv[])
{HCRYPTPROV hCryptProv; //定義一個CSP模塊的句柄。“CSP模塊,請查看《加密解密二》222頁,那里有簡單的說明,這里就不說了。 LPCTSTR pszContainerName = TEXT("My Sample Key Container");//用一個TEXT宏定義一個容器的名字,if(CryptAcquireContext( //這個函數是獲取有某個容器的CSP模塊的指針,成功返回TRUE。&hCryptProv, //指向一個CSP模塊句柄指針,里面用指定的容器pszContainerName, //指定容器的名稱NULL, //這個參數這里用的是缺省值,指得是缺省得CSP模塊,你也可以傳入一個LPCTSTR類型的字符串,指定CSP模塊PROV_RSA_FULL, //確定密鑰的類型0)) //常設為0,還有些其他的類型,請看MSDN{_tprintf(TEXT("A crypto context with the %s key container ")TEXT("has been acquired.\n"), pszContainerName);}else{ //不成功的處理段if(GetLastError() == NTE_BAD_KEYSET)// NTE_BAD_KEYSET意味著密鑰容器不存在,//下面就去創建一個//新的密鑰容器{if(CryptAcquireContext(&hCryptProv, pszContainerName, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) // CRYPT_NEWKEYSET意味著當指定容器不存在的時候,去創建一個容器。{_tprintf(TEXT("A new key container has been ")TEXT("created.\n"));}else{MyHandleError(TEXT("Could not create a new key ")TEXT("container.\n"));}}else{MyHandleError(TEXT("CryptAcquireContext failed.\n"));}}HCRYPTKEY hKey; //創建一個密鑰句柄if(CryptGetUserKey( // CryptGetUserKey是獲取一個密鑰//句柄的函數,成功返回TRUEhCryptProv, //指定容器的CSP模塊句柄AT_SIGNATURE, //指定私鑰的類型&hKey)) //原來接收獲取的密鑰句柄{_tprintf(TEXT("A signature key is available.\n"));}else{_tprintf(TEXT("No signature key is available.\n"));if(GetLastError() == NTE_NO_KEY) // NTE_NO_KEY意味著密鑰不存在,下面就生成一個密鑰{_tprintf(TEXT("The signature key does not exist.\n"));_tprintf(TEXT("Create a signature key pair.\n")); if(CryptGenKey( // CryptGenKey生成一個密鑰hCryptProv, //指定CSP模塊的句柄AT_SIGNATURE, //對于公鑰密碼系統,生成一個私鑰和一個公鑰,這個參數指定了這個密鑰是公鑰,于是生成了一個密碼對。如果不是公鑰系統,則指定了密碼算法,具體看MSDN。0, //指定了生成密鑰的類型,這個參數的說明挺多的,想獲取更為詳盡的資料請看MSDN。&hKey)) {_tprintf(TEXT("Created a signature key pair.\n"));}else{MyHandleError(TEXT("Error occurred creating a ")TEXT("signature key.\n")); }}else{MyHandleError(TEXT("An error other than NTE_NO_KEY ")TEXT("getting a signature key.\n"));}} // End if._tprintf(TEXT("A signature key pair existed, or one was ")TEXT("created.\n\n"));if(hKey) //將密鑰句柄銷毀{if(!(CryptDestroyKey(hKey))){MyHandleError(TEXT("Error during CryptDestroyKey."));}hKey = NULL;} //下面這部分和上面是類似的,只不過密鑰類型不相同而已。if(CryptGetUserKey(hCryptProv,AT_KEYEXCHANGE,&hKey)) {_tprintf(TEXT("An exchange key exists.\n"));}else{_tprintf(TEXT("No exchange key is available.\n"));// Check to determine whether an exchange key // needs to be created.if(GetLastError() == NTE_NO_KEY) { // Create a key exchange key pair._tprintf(TEXT("The exchange key does not exist.\n"));_tprintf(TEXT("Attempting to create an exchange key ")TEXT("pair.\n"));if(CryptGenKey(hCryptProv,AT_KEYEXCHANGE,0,&hKey)) {_tprintf(TEXT("Exchange key pair created.\n"));}else{MyHandleError(TEXT("Error occurred attempting to ")TEXT("create an exchange key.\n"));}}else{MyHandleError(TEXT("An error other than NTE_NO_KEY ")TEXT("occurred.\n"));}}// Destroy the exchange key.if(hKey){if(!(CryptDestroyKey(hKey))){MyHandleError(TEXT("Error during CryptDestroyKey."));}hKey = NULL;}// Release the CSP.if(hCryptProv){if(!(CryptReleaseContext(hCryptProv, 0))){MyHandleError(TEXT("Error during CryptReleaseContext."));}} _tprintf(TEXT("Everything is okay. A signature key "));_tprintf(TEXT("pair and an exchange key exist in "));_tprintf(TEXT("the %s key container.\n"), pszContainerName); return 0;
}
