| Platform SDK: Cryptography |
The example data in this section was generated using the Microsoft Base Cryptographic Provider. In a particular instance with another provider, the session key length and salt length can be different, but the basic process is the same.
Assume an application will derive a session key from a hash of the password, "124-kelp". The password is hashed using CryptHashData specifying the MD5 hash algorithm. The following sixteen-byte hash value is generated.
73 40 e6 e2 74 b8 ea 39 93 95 aa 29 d6 38 b5 2a
The application calls CryptDeriveKey to create the session key, which in this case is an RC4 stream cipher key. The CSP uses the first five bytes of the previous hash value, 73 40 e6 e2 74, as the key itself.
If the CRYPT_CREATE_SALT flag is not specified, the key is given a salt value of zero.
Using this session key to encrypt the following plaintext buffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
generates the following ciphertext data:
26 59 de 24 44 fa 36 9c 11 0c bb 9d b6 a2 bd 24 04 2e e3 ba 72 76 f3 27 8d d5 b4 2f 56 cf f8 c9
If the application specifies the CRYPT_CREATE_SALT flag during the CryptDeriveKey function call, the key is given the following 11-byte salt value:
b8 ea 39 93 95 aa 29 d6 38 b5 2a
Using the key with the added salt value to encrypt the plaintext generates the following ciphertext:
47 f4 5d e2 cc 3b 87 1b 95 bc fc 39 fb 86 d3 05 da a2 91 fb 80 f1 2a 22 c3 b9 ec 91 dd 9f af 50