I'm using win32 cryptoAPIs to encrypt and sign a message then verify a signature and decrypt the message.
every thing worked fine until I realized that the cryptSignHash() will sign the calculated hash from my data and generate a signature. Meaning, on the other side (the recipient side) the recipient will need to receive the signature and the cipher msg (separated), which is something I don't want.
I want to combine the signature with the encrypted message in one single container and send it all together and then the recipient will be able to verify and decrypt it.
my order of using the APIs was as the following:
CryptAcquireContext()
CryptGenKey()
CryptExportKey()
CryptImportKey()
CryptEncrypt()
CryptCreateHash()
CryptHashData()
CryptSignHash()
CryptVerifySignature()
CryptDecrypt()
Is there a way without using the certificate stores?
I think you fundamentally misunderstood how this process is supposed to work. In your particular scenario that you presented (sending the hash signature and the encrypted message to your recipient) you will also need to include your public key as well.
The recipient will use your public key to decrypt the hash signature and verify if it matches the hash of the encrypted message. That is all the recipient can do with this information, namely verify that the encrypted message is valid and originates from you.
The recipient will not be able to decrypt the encrypted message because he doesn't have your private key that was used to encrypt it!
Usually the message should be encrypted with a symmetric key algorithm (such as AES). The signing and verifying is done with an asymmetric private/public key algorithm (such as RSA).
For example, your scenario could be expanded as follows:
As you can see this is a rather complicated process. It can be simplified somehow for shorter messages. If the message is shorter than the length of the RSA key then you can skip the AES encryption and use your recipient's public RSA key to encrypt the whole message but in real world this isn't usually the case.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.