Programming Code Examples

The best way to illustrate Cryptlib's capabilities is with an example. The following code encrypts a message using a mixture of public-key and conventional encryption.

  /* Create an envelope for the message */
  cryptCreateEnvelope( &cryptEnvelope, CRYPT_UNUSED, CRYPT_FORMAT_SMIME );

  /* Push in the message recipient's name */
  cryptSetAttributeString( cryptEnvelope, CRYPT_ENVINFO_RECIPIENT,
                           recipientName, recipientNameLength );

  /* Push in the message data and pop out the signed and encrypted result */
  cryptPushData( cryptEnvelope, message, messageSize, &bytesIn );
  cryptPushData( cryptEnvelope, NULL, 0, NULL );
  cryptPopData( cryptEnvelope, encryptedMessage, encryptedSize, &bytesOut );

  /* Clean up */
  cryptDestroyEnvelope( cryptEnvelope );

This performs the same task as a program like PGP, using just 6 function calls. All data management is handled automatically by Cryptlib, so there's no need to worry about encryption modes and algorithms and key-lengths and key types and initialisation vectors and other details (although Cryptlib provides the ability to specify all this if you feel the need).

The code shown above results in Cryptlib performing the following actions:

Generate a random session key for the default encryption algorithm (usually triple DES).

Look up the recipients public key in the key database.

Encrypt the session key using the recipients public key.

Encrypt the signed data with the session key.

Pass the result back to the user.

However unless you want to call Cryptlib using the low-level interface, you never need to know about any of this. Cryptlib will automatically know what to do with the data based on the resources you add to the envelope - if you add a signature key it will sign the data, if you add an encryption key it will encrypt the data, and so on.