CryptoText Readme

Background

CryptoText is a COM component from TMG Development Ltd written in ATL3.0 for Windows 9x, NT4.0 and Windows 2000/XP. It is designed to provide simple access to the CryptoAPI in Windows from Visual Basic, Visual C++ and scripting languages (e.g. ASP - Active Server Pages). See this page for latest version information. In addition to being a standalone product it can be used with CryptoTextCE for the PocketPC to exchange encrypted data with handheld devices.

In addition to encrypting the input text data, it converts the resulting binary encrypted form to a series of ASCII characters which are suitable for use in a SQL statement, or for storage in a text/.ini file. For example the text 'My Password' might become the text string '79978e13df1019826c16944fe1'. This type of conversion is necessary because certain characters are reserved and have special meanings in an SQL statement, and by default the Windows CryptoAPI functions will take binary input data (your text) and map each of the characters to a binary number in the range 0 - 255. The simplest solution, though somewhat wasteful of space, is to convert the binary number into a string representation of the equivalent hex number, guaranteeing that only the characters 0-9 and a-f will be present.

Installation

1. Download the zip file
2. Unzip it to a folder on your hard drive e.g. c:\cryptotext
3. Register the COM component as follows (assuming the above directory). Type the following at the command line:

  regsvr32 c:\cryptotext\cryptotext.dll

Usage

The zip file contains a Visual Basic 6.0 example called Encrypt. Here's some sample code from it - it's as simple as that:

  Dim o As New Encoder 
  txtEncrypted = o.Encrypt(txtPwd, txtPlain) 
  Set o = Nothing

Licensing

CryptoText exists in three versions:

1. Free version. This is limited in the size of data it can encrypt (10 characters).
2. Licenced developer version. This is an unrestricted version intended for use on a single developer machine. It has no restrictions, but is not licenced for distribution with your application. Buy now from our secure server at SWReg SoftShop.
3. Licenced distribution version. This is an unrestricted version licenced for unlimited distribution with your application. Buy now from our secure server at SWReg SoftShop.

Please see the license file which accompanies the version you are using.

Common Questions

Q: Which encryption methods are used internally?
A: CryptoText uses an MD5 hash of the supplied password then encrypts the data using the RC4 stream cipher. The encryption process itself is performed by the Windows CryptoAPI. For more information on using the functions in this API directly see msdn.microsoft.com. (The ones to look at are the Crypt* functions CryptAcquireContext, CryptCreateHash, CryptDeriveKey, CryptEncrypt, CryptGetUserKey, CryptGenKey etc).

Q: What's the latest version of CryptoText?
A: See this page for latest version information.

Q: Can I include the free version in my commercial desktop/web application?
A: Yes you can. We only ask that we be credited in your software's about box, with a link to www.tmgdevelopment.co.uk.

Version History

1.0.3.1 - Minor update to increase speed of CryptoSetup function.
1.0.3.0 - Windows XP default crypto provider issue fixed.
1.0.2.23 - Memory leak fixed. Windows 2000 ASP issues fixed. Interop with PocketPC version added.
1.0.2.0 - Initial release version.