Reputation:
Should I use wchar or char to encrypt?
I have this code working to create a hash of the key to encrypt a string using Wincrypt:
wchar_t key[] = L"123456789AFA11";
wchar_t *key_str = key;
size_t len = lstrlenW(key_str);
DWORD dwStatus = 0;
BOOL bResult = FALSE;
wchar_t info[] = L"Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;
if (!CryptAcquireContextW(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
dwStatus = GetLastError();
printf("CryptAcquireContext failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;
}
HCRYPTHASH hHash;
if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) { // Note that we will truncate the SHA265 hash to the first 128 bits because we are using AES128.
dwStatus = GetLastError();
printf("CryptCreateHash failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;
}
if (!CryptHashData(hHash, (BYTE*)key_str, len * sizeof(wchar_t), 0)) {
DWORD err = GetLastError();
printf("CryptHashData Failed : %#x\n", err);
system("pause");
return (-1);
}
If I use char instead wchar as key the encrypted text is totally different since wchar is 2 bytes per character:
char key[] = "123456789AFA11";
char *key_str = key;
size_t len = lstrlenA(key_str);
DWORD dwStatus = 0;
BOOL bResult = FALSE;
wchar_t info[] = "Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;
if (!CryptAcquireContextA(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) {
dwStatus = GetLastError();
printf("CryptAcquireContext failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;
}
HCRYPTHASH hHash;
if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) { // Note that we will truncate the SHA265 hash to the first 128 bits because we are using AES128.
dwStatus = GetLastError();
printf("CryptCreateHash failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
system("pause");
return dwStatus;
}
if (!CryptHashData(hHash, (BYTE*)key_str, len, 0)) {
DWORD err = GetLastError();
printf("CryptHashData Failed : %#x\n", err);
system("pause");
return (-1);
}
My question is which should I use to hash the key, char string or wchar_t string?
Also another question is UTF-8 in my apps means to use always char and UTF-16 means the use of wchar_t? I use always UNICODE in Visual Studio 2017 then should I use wchar since WindowsAPI's outputs seems to be wchar_t?
Upvotes: 0
Views: 476
Answers (1)
Reputation: 595792
which should I use to hash the key, char string or wchar_t string?
That is a matter of personal choice. Use whichever one suits your needs. Encryption operates on raw bytes, it doesn't care what those bytes represent.
UTF-8 in my apps means to use always char and UTF-16 means the use of wchar_t?
On windows, yes. wchar_t is not 2 bytes on most other platforms, so not UTF-16.
I use always UNICODE in Visual Studio 2017 then should I use wchar since WindowsAPI's outputs seems to be wchar_t?
Yes, Windows is a Unicode-based OS, and most of its string-based APIs expect/return UTF-16. But encryption APIs do not care about that. Though, in your case, you should probably consider converting UTF-16 to UTF-8 before encrypting, and then convert UTF-8 to UTF-16 after decrypting. That way, your encrypted data takes up less storage space, at least.
Upvotes: 1
Related Questions
- In C++ when to use WCHAR and when to use CHAR
- char vs wchar_t when to use which data type
- Is handling unicode character with wchar_t good? Does it not cause any problems?
- Converting from wchar_t a char and vice versa
- Should I use wchar_t when using UTF-8?
- wchar/char variables
- Cross-platform unicode in C/C++: Which encoding to use?
- wchar_t and encoding
- char vs wchar_t
- Starting a new Windows app: Should I use _TCHAR or wchar_t for text?