PRB: CAPICOM 1.0 Cannot Decrypt Data Encrypted with CAPICOM 2.0 (322607)


The information in this article applies to:

  • Microsoft Win32 Application Programming Interface (API), when used with:
    • the operating system: Microsoft Windows 98
    • the operating system: Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows NT 4.0
    • the operating system: Microsoft Windows 2000
    • the operating system: Microsoft Windows XP
This article was previously published under Q322607

Notice

This article also applies when used with the operating system: Microsoft Windows Server 2003.

SYMPTOMS

When you use CAPICOM 1.0, you cannot decrypt data that has been encrypted with CAPICOM 2.0.

CAUSE

CAPICOM 2.0 sets the effective key length when it uses the RC2 symmetric algorithm. CAPICOM 1.0 objects do not set the effective key length when they use RC2. As a result, the effective strength of the ciphered text when encrypted through RC2 is always the RC2 default of 40 bits.

CAPICOM 2.0 resolves this issue by setting both the key length and the effective key length before you encrypt data with RC2. However, as a result, CAPICOM 1.0 cannot decrypt data that was encrypted with CAPICOM 2.0.

RESOLUTION

To resolve this issue, Microsoft recommends that you decrypt all data that you have encrypted with RC2 and CAPICOM 1.0, and then re-encrypt it with RC2 in CAPICOM 2.0. Or, you can use a modern symmetric cipher, such as 3DES or AES.

MORE INFORMATION

RC2 is a variable key-size block cipher. It was designed to work faster than DES and also function as a drop-in replacement for DES.

CAPICOM uses RC2 in cipher block chaining (CBC) mode. In this mode, RC2 has two parameters: an initialization vector (IV) and a version. The latter effectively specifies the number of effective key bits to be used for the RC2 encryption and decryption processes.

CAPICOM 1.0 does not explicitly set the second parameter. As a result, the default effective key length is 40 bits.

To resolve this issue, CAPICOM 2.0 was modified to always set the effective key length when it uses RC2 to the value specified in the EncryptedData.Algorithm.KeyLength method. As a result, CAPICOM 1.0 cannot decrypt data encrypted by CAPICOM 2.0 and RC2. The following table illustrates the relevant cases.

EncryptDecryptResult
Encrypt with 1.0Decrypt with v1.0OK
Encrypt with 1.0Decrypt with v2.0OK. CAPICOM v2.0 knows that the
data was encrypted with CAPICOM
v1.0, and therefore it forces the effective
key length to 40-bits during decryption.
Encrypt with 2.0Decrypt with v1.0Fail
Encrypt with 2.0Decrypt with v2.0OK

REFERENCES

For more information about how to use CAPICOM, visit the following MSDN Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/using_capicom.asp

For a description of the RC2 encryption algorithm, visit the following Internet Engineering Task Force Web site:

RFC2268: A Description of the RC2(r) Encryption Algorithm
http://www.ietf.org/rfc/rfc2268.txt

Modification Type:MinorLast Reviewed:9/27/2004
Keywords:kbCrypt kbKernBase kbprb kbSecurity KB322607
©2004 Microsoft Corporation. All rights reserved.