The RC4 algorithm within a COM component

• Download VC6 project - 18.7 Kb
• Download sample - 13.6 Kb

Introduction

The Secure Storage component is made like a COM component with ATL. The component is encapsulating the RC4 stream cipher algorithm, which is placed in separated source and header files (the rc4.cpp and rc4.h files).

Basically the component is made on behalf of the needs of storing credentials in a way that is not readable to the human eye. When it was decided to use the RC4 algorithm then it was known that it wasn’t the hardest encryption that was chosen, but it needed to be a relative fast encryption. The algorithm could be improved. Changing it, to be using block cipher, could do this.

When using the RC4 algorithm it is obvious that it will return a cipher text with the same length as the clear text. This is definitely a disadvantage with this algorithm. This could be improved by padding the clear text before the encryption is made.

Before the encryption can take place it is necessary to set up the key, which should be used to perform the encryption. This is done with the method that matches the signature below:

prepare_key(unsigned char *key_data_ptr, int key_data_len, rc4_key *key)

The method takes a textual key (the pass phrase) and the length of that and returns a pointer to a struct, which is the "real" RC4 encryption key. After the key has been generated we are ready to perform the encryption. The encryption is made with the method that matches the signature below:

void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)

It takes the clear text and the length of it (the clear text) as input parameters together with the RC4 encryption key, which we just created before. The method returns the cipher text within the same pointer that was used for the clear text.

Using the code

These two methods are (as mentioned before) encapsulated within an ATL COM component. The component has two kinds of interfaces: one that is just returning the result of the encryption/decryption, when it returns.

set obj = CreateObject("SECURESTORAGE.Secure")
cipher = obj.Encrypt ("encryption key or pass phrase", "a value to be stored")
MsgBox (obj.Decrypt ("encryption key or pass phrase", cipher))

and another one that stores the cipher text in the registry database. The cipher text can later be fetched in a second round-trip.

set obj = CreateObject("SECURESTORAGE.Secure")
obj.RegistryKey = "registry key"
obj.EncryptToRegistry "encryption key or pass phrase", _
                  "registry key", "a value to be stored"
clear = obj.DecryptFromRegistry("encryption key or pass phrase", "registry key")
MsgBox clear

The values in the registry are stored under KEY_LOCAL_MACHINE\SOFTWARE\SecureStorage. If a registry key is provided, the values will be stored under that key below the SecureStorage key.

Points of interest

When using the RC4, it is not obvious that the prepare_key method always has to be used before the rc4 method. Furthermore, please notice that I use the same method for decryption as for encryption. This is possible because it is a symmetric key encryption algorithm.