Microsoft KB Archive/177201

{|
 * width="100%"|

PRB: Changes to CryptoAPI Enveloped Data Generation and Parsing

 * }

Q177201

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), used with:
 * the operating system: Microsoft Windows NT 4.0
 * Microsoft Windows 95

-

SYMPTOMS
Enveloped data messages generated with the initial release of CryptoAPI 2.0 are illegible to the release of CryptoAPI 2.0, which shipped as part of Internet Explorer 4.0. Likewise, enveloped data messages generated via the CryptoAPI on Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2 are not successfully interpreted by Internet Explorer 4.0's CryptoAPI implementation. Note that CryptoAPI 2.0 originally shipped as part of Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2.

CAUSE
In the interest of improved S/MIME compatibility, changes to the way the CryptoAPI generates and parses enveloped data messages were introduced with Internet Explorer version 4.0. A detailed description of these changes can be found in the "Remarks" section of the CryptoAPI 2.0 SDK documentation for the function CryptMsgOpenToEncode.

RESOLUTION
Versions of the CryptoAPI that shipped after the release of Internet Explorer 4.0 automatically detect, and parse appropriately, enveloped data messages that were formatted by versions of the CryptoAPI prior to Internet Explorer 4.0. Versions of the CryptoAPI that shipped after the release of Internet Explorer 4.0 also write out the data with the new formatting introduced with Internet Explorer 4.0. Furthermore, for backward compatibility, these future versions of the CryptoAPI also expose a flag for explicitly producing enveloped data messages in the old format produced by the CryptoAPI as part of Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2. This same backward compatible functionality slated for versions of the CryptoAPI after Internet Explorer 4.0 is available today to applications calling to the CryptoAPI provided by Internet Explorer 4.0, but via a separate, re-distributable DLL, Sp3crmsg.dll.

If you simply load Sp3crmsg.dll dynamically prior to executing any of the affected Internet Explorer 4.0 CryptoAPI functions (for example, CryptMsgOpenToEncode, CryptEncryptMessage, CryptSignAndEncryptMessage, etc.), it automatically causes these functions to detect and decode enveloped data messages that have been formatted by versions of the CryptoAPI prior to Internet Explorer 4.0. If enveloped data messages with the characteristic formatting are not detected, processing will default to Internet Explorer 4.0's original CryptoAPI functionality. In addition (in a manner similar to releases of the CryptoAPI to come after Internet Explorer 4.0), this DLL allows Internet Explorer 4.0 to generate messages compatible with the earlier versions of the CryptoAPI, but only if an application developer explicitly chooses to do so.

This DLL, along with additional details, installation instructions, and sample code, are in the file Sp3crmsg.zip, which can be found at the following Internet location:

"http://drg.microsoft.com/cryptoext" When prompted for credentials enter the string "crypto" for both the username and the password fields. Then download Sp3crmsg.zip, unpack it using your favorite ZIP file utility, and read the enclosed Readme.txt file for more details.

An Alpha version of Sp3crmsg.dll is also available upon request; please send email to Cryptoapi@listserv.msn.com.

Additional query words: CRYPT_E_OSS_ERROR NTE_BAD_DATA

Keywords : kbAPI kbCrypt kbKernBase kbDSupport kbGrpDSKernBase

Issue type : kbprb

Technology : kbAudDeveloper kbWin32sSearch kbWin32API