AutoHotkey Community

This script requires Windows XP or higher, and tested only on XPSP2.
It'll encrypt/decrypt a file using AES-128/192/256. This time, Password based only.
If there is sufficient interest, I'll extend it further, probably rewite it.

DOWNLOAD AES.ahk.
Require StandardLibrary File.ahk.

Nice! Does the API also provide funtions to use the cipher in different modes of operation? What padding scheme is involved?

It's implemented at the minimum, i.e., to use the defaults: CRYPT_MODE_CBC for cipher mode and PKCS5_PADDING for padding.
You may easily change the cipher mode and padding scheme using CryptSetKeyParam, but, looks like PKCS5_PADDING is the only padding method supported according to the documentation, however different methods are also defined in the header file.

Thanks for the valueable info.
Is it CryptDeriveKey generating the initialization vector? I remember Laszlo saying that there should be no correlation between IV and the first plaintext block, this is obviously not the case here, but if I get it right, there is a correlation between the key and the IV, as the IV (which is public) is derived from the hash of the password.
I wonder if this is a problem. Also the derived IV appears to always be the same, when encrypting the same data repeatedly, no SALT in it.

I think IV is zero defaultly, but not so sure. I entered this subject only yesterday. Laszlo may shed a light on this.
BTW, CryptSetKeyParam has parameter values KP_SALT, KP_SALT_EX, and KP_IV which can be used with this block cipher session key, so may control these if necessary, probably in conjunction with CryptGenRandom.

Looking good, CryptGenKey seems to let us generate an IV directly.

CryptGenKey can't be used with Password, however.
Anyway, that will be the next generation/extension, may be called key file/data based, if there is a sufficient interest.

Sorry, I think I was wrong on CryptGenKey: It generates a session key\password and no IV.
CryptSetKeyParam can be passed a pointer to an IV, which we can choose\create ourselfes. IV and key are two seperate things, both needed when not using the cipher in ECB mode.
If not provided IV defaults to 0, as you mentioned before.

As you have written before, we can probably call CryptGenRandom to get our 16 byte IV and pass the pointer to the buffer to CryptSetKeyParam.

Great work! Thanks, Sean!

As I understand, this version takes a password and hashes it to create an encryption key, to be used to encrypt a file (or any buffer in memory). This could be the most important application.

Often we need to encrypt several files with the same key. Some execution time could be saved, if the key object could be generated (and destroyed when not needed) outside of the Crypt_AES function, but a user could break up the script himself, easily.

For testing (and for saving some processing), it would be very useful if a raw key, stored in a binary buffer of 128/192/256 bit length could be turned to a key object. This looks harder. Does the crypto API has a function for this?

There exist functions CryptExportKey and CryptImportKey which I believe are doing the jobs.
BTW, to be able to export the key, have to set the flag CRYPT_EXPORTABLE (0x1) in CryptDeriveKey, which is currently not set in the script.

I did a quick test, and strangely did not work with the flag SIMPLEBLOB (0x1) but did work with PLAINTEXTKEYBLOB (0x8) when exporting this session key.

PS. I forgot to post the code:

I switched the order of the parameters sPassword and SID.
I hope it cause not much inconvenience.

Thank you.

_________________

hi, can anybody to this thread show me how to invoke this to encrypt a file?

There is an example in the script AES.ahk, or here:
http://www.autohotkey.com/forum/topic19608-15.html

Hi

I was trying to implement encryption, but it's unclear how to encrypt in the resulting exe (my password has to be filled in a shadowed textfield, without anyone giving the opportunity to read it)

Could you give a simple example how to implement the mods you made ?

thnx lot !