About This File
Encryption / Decryption / Hashing
Cryptography API: Next Generation (CNG) is Microsoft's long-term replacement for their CryptoAPI. CNG is designed to be extensible at many levels and cryptography agnostic in behavior. Although the Crypt.au3 UDF that is installed with AutoIt3 still works perfectly, the advapi32.dll functions that it uses have been deprecated. This UDF was created to offer a replacement for the deprecated functions. According to Microsoft, deprecated functions may be removed in future release. Therefore, this UDF will be available when/if that happens.
This UDF implements some of Microsoft's Cryptography API: Next Generation (CNG) Win32 API functions. In its initial release, it implements functions to encrypt text & files, decrypt text and files, generate hashes, and the Password-Based Key Derivation Function 2 (PBKDF2) function. The UDF can implement any of the encryption/decryption algorithms or hashing algorithms that are installed on the PC in which it is running. Most, if not all, of the values that you would commonly use to specify that desired algorithms, key bit lengths, and other magic number type values, are already defined as constants or enums in the UDF file.
To flatten the learning curve, there is an example file that shows examples of all of the major functionality. This example file is not created to be an exhaustive set of how to implement each feature and parameter. It is designed to give you a template or guide to help you hit the ground running in terms of using the functions. I have tried to fully document the headers of all of the functions as well as the code within the functions themselves. As of v1.4.0, there is also a Help file that includes all of the functions, with examples.
Current UDF Functions
- _CryptoNG_CreateRSAKeyPair($iKeyBitLength, $sPublicKeyPath, $sPrivateKeyPath, $sProvider = Default)
- _CryptoNG_DecryptData($sAlgorithmId, $xData, $vEncryptionKey, $sProvider = Default)
- _CryptoNG_DecryptFile($sAlgorithmId, $sInputFile, $sOutputFile, $vEncryptionKey, $sProvider = Default)
- _CryptoNG_EncryptData($sAlgorithmId, $sText, $vEncryptionKey, $sProvider = Default)
- _CryptoNG_EncryptFile($sAlgorithmId, $sInputFile, $sOutputFile, $vEncryptionKey, $sProvider = Default)
- _CryptoNG_GenerateRandom($sAlgorithmId, $iNumberOfBytes, $sProvider = Default)
- _CryptoNG_HashData($sAlgorithmId, $vData, $bHMAC = False, $vHMACSecret = "", $sProvider = Default)
- _CryptoNG_HashFile($sAlgorithmId, $sFilePath, $bHMAC = False, $vHMACSecret = "", $sProvider = Default)
- _CryptoNG_PBKDF2($sPassword, $vSalt, $iIterations, $iDKeyBitLength, $sHashAlgorithmId = Default, $sProvider = Default)
Cryptography API: Next Generation - Main Page
Cryptography API: Next Generation - Reference
Cryptography API: Next Generation - Primitives
Cryptography API: Next Generation - Cryptographic Algorithm Providers
What's New in Version v1.4.0
- Added a Help file that includes all of the functions, with examples. The look & feel of the help file matches the standard AutoIt help files.
- Updated the _CryptoNG_DecryptFile function to create the output file's path if it doesn't exist.
- Updated the _CryptoNG_EncryptFile function to create the output file's path if it doesn't exist.
- Cleaned up several of the function headers.
- Added _CryptoNG_GenerateRandom and supporting internal function. (Suggested by PeterPE)
- Added an example, of how the new _CryptoNG_GenerateRandom function can be implemented, to the CryptoNG_Examples.au3 file.
- Added _CryptoNG_CreateRSAKeyPair and supporting internal functions, constants, and structures. (Suggested by Network_Guy)
- Added an example of how to create RSA key pairs, using _CryptoNG_CreateRSAKeyPair, to the CryptoNG_Examples.au3 file.
- Corrected the _CryptoNG_PBKDF2 function header. The syntax line was using the syntax for the _CryptoNG_HashData function.
- Changed variable name in the _CryptoNG_PBKDF2 function from $iKeyBitLength to $iDKeyBitLength to more aptly describe its meaning, desired key bit length.
- Cleaned up the __CryptoNG_Startup & __CryptoNG_Shutdown functions. (Suggested by argumentum)
- Added the ability to specify a desired algorithm provider when encrypting, decrypting, hashing, or using the PBKDF2 function. (Suggested by mLipok)