Summary
This application uses ATL, MFC, ASP and Crypt API. It will demonstrate how to make an ATL project
that provides 2 cryptographic functions, how to use this component in your ASP projects, and how
to register the component in MTS.
The article also contains a GUI client console for directly testing the cryptographic functions.
This component can be used in Visual Basic, Access or Microsoft SQL.
Introduction
Recently I worked for a financial project regarding the Greek, Cyprus and Romanian stock exchange
(www.greekmarkets.com, http://reporter.fasma.ro ). The project was coded mostly using ASP and
VB COM, and a few ATL components as a middle tier over a SQL database. The middle tier component
that I programmed was built with ATL and uses Crypto API. The idea consists in providing the
encrypted data to HTTP, data which is useful for ASP pages. Because of HTTP transport the data is
coded in a hexadecimal format.
Overview
First of all, I will show you how to use an ATL-control and how to provide methods that interrogate
our component.
Create a new ATL COM AppWizard project.
Choose Dynamic Link Library (DLL) in the Server Type and check Support MFC and MTS.
Add a new ATL object to your classes. Choose Objects->Simple Object from your ATL Object Wizard.
In the attributes tab page choose Free option in Threading Model.
Now we have a very nice component. It is more important to provide data to other programs by
methods or properties. Unfortunately, the Microsoft wizard is a little poor and the user must input
manually each parameter and its type.
Details
The simplest way to use cryptographic API and to encrypt your messages is the following:
CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)
This function returns a handle to a particular CSP which includes the specification of a
particular key container within the CSP. This key container is either a specifically requested key
container or it is the default key container for the currently logged-on user. Note that the second
and the third parameters are NULL. This means that our code will generate the same key all the time,
independently of the current logged user, and/or if the encrypt was done on a computer and the decrypt
on another one.
CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)
CryptHashData(hHash, (BYTE *)szLocalPassword, dwLength, 0)
CryptDeriveKey(hProv, CALG_RC4, hHash, CRYPT_EXPORTABLE, &hKey)
CryptEncrypt(hKey, 0, TRUE, 0, pbBuffer, &dwLength, dwLength)
HtoA(dest, szPassword, sizeof(TCHAR)*_tcslen(dest) )
It is very easy to use the component in ASP pages (the same in Visual Basic, Access or Microsoft SQL):
dim myOEncrypt
dim src, dest
set myOEncrypt = Server.CreateObject("EncryptionATL.Encryption.1")
src = "CryptoAPI"
Response.Write "src: "
Response.Write src
Response.Write "Crypt: "
dest = myOEncrypt.Crypt(src)
Response.Write dest
Response.Write "LastError: "
Response.Write myOEncrypt.LastError
Response.Write "Decrypt: "
src = myOEncrypt.Decrypt(dest)
Response.Write src
Response.Write "LastError: "
Response.Write myOEncrypt.LastError
set myOEncrypt = nothing
Installation
Note
The program was designed as to use only small strings, with some digits (id's from tables). If you
want more, you have to modify the component.
I make programming for over 4 years and extensive experience in C++, ASP, Pascal, MFC, COM+, ATL, TCP/IP, HTTP protocols, XML, XSL, SOAP and SQL.
For the last 2 years i working extensively at the background of financial sites (databases, n tier architecture).
I’m available for contracts and/or outsourcing (<Adrian Bacaianu>adrian_bacaianu@yahoo.com).