1

I have an application written in Classic ASP that encrypts data via CAPICOM and stores it in a database. The encryption code looks something like this (Classic ASP, VB. Simplified a bit for brevity):

set encryptObject = Server.CreateObject("CAPICOM.EncryptedData")

encryptObject.Algorithm.Name = 4 ' 4 is AES
encryptObject.Algorithm.KeyLength = ' 0 is MAX
encryptObject.SetSecret(sharedSecret) ' sharedSecret was set earlier
encryptObject.Content = stringToEncrypt

encryptedString = encryptObject.Encrypt()

Now, I have a .NET application that needs to read this data and decrypt it. I've done AES-compatible encryption/decryption in .NET before using the RijndaelManaged class, and I'm hoping I can use that same method to decrypt this data. However, I can't figure out how to get this to work with CAPICOM's encrypted data, because RijndaelManaged requires that you pass a key AND an intialization vector when calling RijndaelManaged.CreateEncryptor, and CAPICOM doesn't take an initialization vector. I assume CAPICOM must be using an initialization vector, but not exposing it. How can I find that vector?

Joshua Carmody
  • 13,410
  • 16
  • 64
  • 83
  • Curious if you found a solution for this. I am in the same situation and am stuggling to get the decryption working! – Dave Jan 11 '14 at 21:07
  • @Dave - I never got this working, and we eventually took another approach. But I did find out that the value spit out by CAPICOM in Classic ASP contains more than just the encrypted value, it encrypts an entire complex object with additional properties. Any decrypting routine would need to parse the entire object in order to work properly. – Joshua Carmody Jan 13 '14 at 05:56

1 Answers1

1

Start by passing an all-zeros IV to the .NET decryption routine.

If the whole message decrypts fine, then the original encryption also used a null IV.

It is more likely that you will get a mangled first block (16 bytes) and readable second and subsequent blocks.

If the second block looks as if it is the actual start of the message then the original IV was passed as the first block of the encrypted message. That is a pretty common technique.

If not then you are going to have to ask whoever encrypted the message what IV they used. Or else live without the first 16 bytes of the message.

rossum
  • 15,344
  • 1
  • 24
  • 38