Search code examples

How to decrypt AES cipherText with NCryptDecrypt on Windows

I'm trying to use Ncrypt.lib to encrypt plain text with AES and then decrypt it.

I use Ncrypt.lib because I want to use a persistent symetric key.

My problem is that the decryption works partially. Indeed, I don't have my first 16 bytes decrypted correctly.

#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
#include <ncrypt.h>
#include <bcrypt.h>

void PrintBytes(
  IN BYTE     *pbPrintData,
  IN DWORD    cbDataLen) {
    DWORD dwCount = 0;

    for (dwCount = 0; dwCount < cbDataLen; dwCount++) {
      printf("0x%02x, ", pbPrintData[dwCount]);

      if (0 == (dwCount + 1) % 10) putchar('\n');

int main() {

  BYTE plaintext[] =
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  static const int plainTextLen = 48;

  PrintBytes(plaintext, plainTextLen);

  LPCWSTR keyName = L"NCryptTest";

  // Open storage provider
  status = NCryptOpenStorageProvider(&hProvider, NULL, 0);

  // Get stored key
  status = NCryptOpenKey(hProvider, &hKey, keyName, 0, 0);
  if (status == NTE_BAD_KEYSET) {
    // Create key if it doesn't exist
    status = NCryptCreatePersistedKey(hProvider, &hKey, BCRYPT_AES_ALGORITHM, keyName, 0, 0);
    status = NCryptFinalizeKey(hKey, 0);

  // Set the chaining mode to cipher feedback
  status = NCryptSetProperty(hKey, NCRYPT_CHAINING_MODE_PROPERTY, 
  (PBYTE)chainMode, wcslen(chainMode) * 2 + 2, 0);

  // Random iv but here, it's fixed
  //char* iv = "0123456789abcdef";
  //status = NCryptSetProperty(hKey, BCRYPT_INITIALIZATION_VECTOR, 
  //(PBYTE)iv, 16, 0);

  // Get size of the cipher text
  DWORD cbCipherText = 0;
  status = NCryptEncrypt(hKey, plaintext, plainTextLen, NULL, NULL, 0, 
  &cbCipherText, 0);
  PBYTE pbCipherText = NULL;
  pbCipherText = (PBYTE)HeapAlloc(GetProcessHeap(), 0, cbCipherText);
  if (pbCipherText == NULL) {
    printf("Error! memory allocation failed\n");

  // Encrypt
  DWORD outlen = -1;
  status = NCryptEncrypt(hKey, plaintext, plainTextLen, NULL, pbCipherText, 
  cbCipherText, &outlen, 0);
  PrintBytes(pbCipherText, cbCipherText);

  // Get size of the plain text
  DWORD cbPlainText = 0;
  status = NCryptDecrypt(hKey, pbCipherText, cbCipherText, NULL, NULL, 0, 
  &cbPlainText, 0);
  PBYTE pbPlainText = NULL;
  pbPlainText = (PBYTE)HeapAlloc(GetProcessHeap(), 0, cbPlainText);
  if (pbPlainText == NULL) {
      printf("Error! memory allocation failed\n");

  // Decrypt
  outlen = -1;
  status = NCryptDecrypt(hKey, pbCipherText, cbCipherText, NULL, 
  pbPlainText, cbPlainText, &outlen, 0);
  PrintBytes(pbPlainText, cbPlainText);

  // Cleanup

  return 0;

And the result is :

0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
0x0e, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

0xc5, 0xdc, 0x7e, 0xde, 0x83, 0x35, 0xbc, 0x34, 0x27, 0x4b,
0xf9, 0xde, 0x40, 0x36, 0xeb, 0x6d, 0xaf, 0x51, 0x8c, 0x48,
0x69, 0xa0, 0x16, 0xfb, 0x6d, 0x80, 0x44, 0xea, 0x5c, 0x74,
0x27, 0x38, 0xf1, 0x20, 0xa3, 0x87, 0x65, 0xc3, 0xcf, 0x62,
0x94, 0x84, 0xc9, 0xcd, 0x55, 0x4c, 0x7b, 0x48,

0x1d, 0x52, 0x88, 0x1b, 0x0c, 0x01, 0x13, 0xed, 0xe0, 0x39,
0x1e, 0x96, 0x67, 0x39, 0x72, 0x38, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
0x0e, 0x0f, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,

I suspect a initialisation vector problem but I don't know how to use it, simply with BCRYPT_INITIALIZATION_VECTOR ? or I must place the random iv in front of the plain text ?

Thanks for your help.


  • Answer in comment:

    this is because every success call NCryptEncrypt or NCryptDecrypt change state of the hKey. so you can not use the same key. after you encrypt - you need again obtaining key for decrypt – RbMm

    Thank you @RbMm !