PRB: Changes to CryptoAPI Enveloped Data Generation and Parsing

Last reviewed: November 24, 1997
Article ID: Q177201
The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API) included with: - Microsoft Windows NT 4.0 - Microsoft Windows 95

SYMPTOMS

Enveloped data messages generated with the initial release of CryptoAPI 2.0 are illegible to the release of CryptoAPI 2.0, which shipped as part of Internet Explorer 4.0. Likewise, enveloped data messages generated via the CryptoAPI on Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2 are not successfully interpreted by Internet Explorer 4.0's CryptoAPI implementation. Note that CryptoAPI 2.0 originally shipped as part of Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2.

CAUSE

In the interest of improved S/MIME compatibility, changes to the way the CryptoAPI generates and parses enveloped data messages were introduced with Internet Explorer version 4.0. A detailed description of these changes can be found in the "Remarks" section of the CryptoAPI 2.0 SDK documentation for the function CryptMsgOpenToEncode.

RESOLUTION

Versions of the CryptoAPI that shipped after the release of Internet Explorer 4.0 automatically detect, and parse appropriately, enveloped data messages that were formatted by versions of the CryptoAPI prior to Internet Explorer 4.0. Versions of the CryptoAPI that shipped after the release of Internet Explorer 4.0 also write out the data with the new formatting introduced with Internet Explorer 4.0. Furthermore, for backward compatibility, these future versions of the CryptoAPI also expose a flag for explicitly producing enveloped data messages in the old format produced by the CryptoAPI as part of Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2. This same backward compatible functionality slated for versions of the CryptoAPI after Internet Explorer 4.0 is available today to applications calling to the CryptoAPI provided by Internet Explorer 4.0, but via a separate, re-distributable DLL, Sp3crmsg.dll.

If you simply load Sp3crmsg.dll dynamically prior to executing any of the affected Internet Explorer 4.0 CryptoAPI functions (for example, CryptMsgOpenToEncode, CryptEncryptMessage, CryptSignAndEncryptMessage, etc.), it automatically causes these functions to detect and decode enveloped data messages that have been formatted by versions of the CryptoAPI prior to Internet Explorer 4.0. If enveloped data messages with the characteristic formatting are not detected, processing will default to Internet Explorer 4.0's original CryptoAPI functionality. In addition (in a manner similar to releases of the CryptoAPI to come after Internet Explorer 4.0), this DLL allows Internet Explorer 4.0 to generate messages compatible with the earlier versions of the CryptoAPI, but only if an application developer explicitly chooses to do so.

This DLL, along with additional details, installation instructions, and sample code, are in the file Sp3crmsg.zip, which can be found at the following Internet location:

  http://drg.microsoft.com/cryptoext

When prompted for credentials enter the string "crypto" for both the username and the password fields. Then download Sp3crmsg.zip, unpack it using your favorite ZIP file utility, and read the enclosed Readme.txt file for more details.

An Alpha version of Sp3crmsg.dll is also available upon request; please send email to Cryptoapi@listserv.msn.com.


Additional query words: CRYPT_E_OSS_ERROR NTE_BAD_DATA
Keywords : BseCrypt
Version : WINNT:4.0
Platform : Win95 winnt
Issue type : kbprb


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: November 24, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.