Encrypting/decrypting data across systems (277786)
The information in this article applies to:
- Microsoft Win32 Application Programming Interface (API), when used with:
- the operating system: Microsoft Windows Millennium Edition
- the operating system: Microsoft Windows 2000
- the operating system: Microsoft Windows XP
This article was previously published under Q277786 SYMPTOMS
If you encrypt data by using a session key on one system and then decrypt the encrypted data on another system by using the same session key, you may not correctly obtain the original data.
CAUSE
This problem may occur if the application does not explicitly select the Cryptographic Service Provider (CSP) when CryptAcquireContext is called and uses the default provider.
Microsoft Windows Millennium Edition was released after the relaxation of United States export control regulations. Keys that are derived from the default CSP are 128-bit keys on this version of Windows.
Microsoft Windows 2000 and Microsoft Windows XP were released before the relaxation of the United States export control regulations. Keys that are derived from the default CSP are 40-bit keys on these versions of Windows. You can generate the 128-bit keys on Windows 2000 after you apply the high-encryption package:
This problem may also occur if the application does not explicitly set the key length when it generates or derives a key.
RESOLUTION
Due to changing export control restrictions, the default CSP and default key length may change between operating system releases. It is important that both the encryption and the decryption use the same CSP. It is also important that you explicitly set the key length by using the dwFlags parameter to ensure interoperability on different operating system platforms.
| Modification Type: | Minor | Last Reviewed: | 9/27/2004 |
|---|
| Keywords: | kbAPI kbCrypt kbKernBase kbprb kbSecurity KB277786 |
|---|
|