Microsoft KB Archive/277786

= Encrypting/decrypting data across systems =

Article ID: 277786

Article Last Modified on 11/21/2006

-

APPLIES TO

 Microsoft Win32 Application Programming Interface, when used with:  Microsoft Windows Millennium Edition

 Microsoft Windows 2000 Standard Edition

 Microsoft Windows XP Professional 

-

<div class="notice_section">

This article was previously published under Q277786

<div class="symptoms_section">

SYMPTOMS
If you encrypt data by using a session key on one system and then decrypt the encrypted data on another system by using the same session key, you may not correctly obtain the original data.

<div class="cause_section">

CAUSE
This problem may occur if the application does not explicitly select the Cryptographic Service Provider (CSP) when CryptAcquireContext is called and uses the default provider.

Microsoft Windows Millennium Edition was released after the relaxation of United States export control regulations. Keys that are derived from the default CSP are 128-bit keys on this version of Windows.

Microsoft Windows 2000 and Microsoft Windows XP were released before the relaxation of the United States export control regulations. Keys that are derived from the default CSP are 40-bit keys on these versions of Windows. You can generate the 128-bit keys on Windows 2000 after you apply the high-encryption package:

http://www.microsoft.com/WINDOWS2000/downloads/recommended/encryption/readme.asp

This problem may also occur if the application does not explicitly set the key length when it generates or derives a key.

<div class="resolution_section">

RESOLUTION
Due to changing export control restrictions, the default CSP and default key length may change between operating system releases. It is important that both the encryption and the decryption use the same CSP. It is also important that you explicitly set the key length by using the dwFlags parameter to ensure interoperability on different operating system platforms.

<div class="moreinformation_section">

MORE INFORMATION
For more information about the CSP string constant names that are used with the CryptAcquireContext function and with the CryptSetProvider function, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptographic_provider_names.asp

Keywords: kbapi kbcrypt kbkernbase kbprb kbsecurity KB277786

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.