Error in Microsoft Encryption Sample?

[David W. Fenton]

[none of the following will make any sense if you don't actually
download the sample and look at the VB6 clsCryptoAPI class, which
includes the code referred to here]

I posted a while back about encrypting/decrypting using the MS
sample code from here:

http://support.microsoft.com/kb/821762/

I had trouble because the VB6 example showed how to encrypt but not
how to decrypt. It was pointed out to me that it was pretty easy,
and so I implemented it in my proof-of-concept database.

Now I've just gotten around to implementing it in my actual app, and
ran onto a problem. That was that I could encrypt successfully but
in a few cases, decryption was failing, reporting a problem with the
length.

Well, lying in bed last night unable to sleep, it occurred to me
that perhaps some trailing spaces were being lost when I stored the
encrypted value, so I changed the code this afternoon to append a
single character to the encrypted value, and then strip it out
before decrypting.

But the error still occurred. It occured on an encrypted value like
this (where "#" is the character I appended to the end):

Ìžgf2ú…²Eû»]ô—Cvço #

Note that the last character is a space! So my in-bed diagnosis
seemed to be correct (does anyone else "program" while lying in
bed?).

I searched the class module for Trim and saw that at the end of the
ByteArrayToString function was this:

strOut = RTrim$(strOut) ' remove trailing blanks

This caused no issues for encrypting, but for any encrypted value
with any trailing spaces, decryption was failing. so, I replaced
that line with this:

If Len(RTrim$(strOut)) = lngMax Then
strOut = RTrim$(strOut)
Else
strOut = Left$(strOut, lngMax)
End If

The variable lngMax is assigned earlier in the function based on the
UBound() of the array being converted to a string.

Now, I don't know if this will break either the
encryption/decryption routines, or if it makes ByteArrayToString
behave in a way it shouldn't. I can't see that it's going to be a
problem, but I haven't tested it with but about 500 encrypted
values.

It seems to me that there's an assumption built into the code that
the incoming byte array won't have any intended spaces in the last
positions of the array. I don't believe this assumption is
warranted, and think the code should be corrected.

Really, it seems to me that the code sample needs to be fixed, but I
don't know how to contact MS to let them know that.

Also, I Googled VB ByteArrayToString and came up with this:

http://www.freevbcode.com/ShowCode.asp?ID=6462

That uses Windows API code to do the heavy lifting, and looks much
more efficient than the function in the sample class from Microsoft.
But I don't know if it always returns the same results as the
function in the code sample, so I'm not going to incorporate it.

Thoughts?

 

[Tom van Stiphout]

On 24 Jul 2009 21:19:44 GMT, "David W. Fenton"

There is a "provide feedback" option at the bottom of that article.

-Tom.
Microsoft Access MVP

[none of the following will make any sense if you don't actually
download the sample and look at the VB6 clsCryptoAPI class, which
includes the code referred to here]

I posted a while back about encrypting/decrypting using the MS
sample code from here:

http://support.microsoft.com/kb/821762/

I had trouble because the VB6 example showed how to encrypt but not
how to decrypt. It was pointed out to me that it was pretty easy,
and so I implemented it in my proof-of-concept database.

Now I've just gotten around to implementing it in my actual app, and
ran onto a problem. That was that I could encrypt successfully but
in a few cases, decryption was failing, reporting a problem with the
length.

Well, lying in bed last night unable to sleep, it occurred to me
that perhaps some trailing spaces were being lost when I stored the
encrypted value, so I changed the code this afternoon to append a
single character to the encrypted value, and then strip it out
before decrypting.

But the error still occurred. It occured on an encrypted value like
this (where "#" is the character I appended to the end):

Ìžg?f2ú…²Eû»]ô—Cvço #

Note that the last character is a space! So my in-bed diagnosis
seemed to be correct (does anyone else "program" while lying in
bed?).

I searched the class module for Trim and saw that at the end of the
ByteArrayToString function was this:

strOut = RTrim$(strOut) ' remove trailing blanks

This caused no issues for encrypting, but for any encrypted value
with any trailing spaces, decryption was failing. so, I replaced
that line with this:

If Len(RTrim$(strOut)) = lngMax Then
strOut = RTrim$(strOut)
Else
strOut = Left$(strOut, lngMax)
End If

The variable lngMax is assigned earlier in the function based on the
UBound() of the array being converted to a string.

Now, I don't know if this will break either the
encryption/decryption routines, or if it makes ByteArrayToString
behave in a way it shouldn't. I can't see that it's going to be a
problem, but I haven't tested it with but about 500 encrypted
values.

It seems to me that there's an assumption built into the code that
the incoming byte array won't have any intended spaces in the last
positions of the array. I don't believe this assumption is
warranted, and think the code should be corrected.

Really, it seems to me that the code sample needs to be fixed, but I
don't know how to contact MS to let them know that.

Also, I Googled VB ByteArrayToString and came up with this:

http://www.freevbcode.com/ShowCode.asp?ID=6462

That uses Windows API code to do the heavy lifting, and looks much
more efficient than the function in the sample class from Microsoft.
But I don't know if it always returns the same results as the
function in the code sample, so I'm not going to incorporate it.

Thoughts?

 

[David W. Fenton]

There is a "provide feedback" option at the bottom of that
article.

OK, but will that get the code fixed?