We have recently received multiple support questions regarding compatibility between .NET's implementation of the AES cipher and that of AspEncrypt.
In response to these inquiries, we have added a new section to Chapter 10 of the user manual dedicated to AES.
The service release incorporates a small but important improvement in the OpenStoreFromPFX method of the CryptoManager object.
In previous versions, to use OpenStoreFromPFX, a call to CM.LogonUser was needed to avoid an error.
As of the new version, it is no longer necessary. OpenStoreFromPFX is widely used
to open a certificate containing a private key from a .pfx (.p12) file for digital signing when AspEncrypt is used stand-alone or
in conjunction with AspEmail (to send signed and DKIM-enabled email) and AspPDF (to digitally sign PDF documents).
The service release contains an enhancement in the private method VerifySignatureFileParts which is called
internally by AspPDF's VerifySignature method. The enhancement allows SHA256-based signatures
to be verified. Previous versions only allowed SHA and MD5-based signatures to be verified.
The new version incorporates an important bug fix and adds two new properties to the CryptoCert object.
In response to our clients' numerous support questions,
we have added a new chapter to our user manual
dedicated to the cipher key compatibility between AspEncrypt and
the Microsoft .NET framework. Both AspEncrypt and .NET
use standard ciphers, but mismatching keys may wreak havoc in an otherwise
perfectly coded cryptography-based application.
Chapter 10: Microsoft .NET and AspEncrypt Compatibility
covers the GenerateKeyFromPassword and ImportRawKey
methods and their .NET equivalents in various scenarios, UTF8 vs. Unicode character encoding,
and also legacy-related issues, such as
using the MD5 hash with 3DES cipher, and 40-bit RC2 keys.
Version 2.9 contains an enhancement which makes it possible
to perform secure client-side signing of server-side data.
The data being signed never has to leave the server while the private key
performing the signing never has to leave the user's workstation.
The new CryptoMessage.SignHash method generates a PKCS#7 signature
based solely on the SHA hash value of the data being signed. The data
itself does not need to be present. Also, the CryptoHash.Value
property, which used to be read-only, is not read/write.
While these new features can be used to sign any server-side data,
they were specifically added to facilitate the client-side signing
of PDF files by the AspPDF and AspPDF.NET components.
For more information, see Subsection 9.4.3 - Client-Side Signing of Server-Side Data.
The new version adds a new CryptoManager method, OpenStoreFromPFXBlob,
which is a binary-array version of OpenStoreFromPFX.
The new version adds a new property to the CryptoCert object: PublicKeyInfo.
This property returns the underlying certificate's public key information
in a format compatible with various cryptographic standards
such as DomainKeys Identified Mail (DKIM), Privacy Enhanced Mail (PEM),
The service pack adds support for the PPKLite digital signature format
used in PDF documents. Use this service release with Persits Software AspPDF 18.104.22.168+
to create and verify PPKLite signatures in PDF documents.
The service pack increases a buffer size to improve performance
when encrypting or decrypting large files.
- The release fixes a bug in the CryptoBlob.Base64 property responsible
for generating a random last character in the Base64 encoding when the length of the binary
data being encoded is not divisible by 3.
- The release also fixes a bug in the CryptoKey.DeriveFromPassword method
introduced in a previous release by mistake.
Version 2.6 offers the following new features:
- Support for the Hash-based Message Authentication Code (HMAC) function has been added
via the new CryptoContext method
ComputeHmac. For more information, see the section
3.5 Hash-based Message Authentication Code (HMAC).
- The CryptoContext methods EncryptText and EncryptBinary have been enhanced
to allow public-key encryption. The older versions of these methods could only perform symmetric encryption.
For more information, see the section
9.5 Public-key Encryption without Certificates.
- Public keys in PEM format can now be imported into the CryptoKey object
via the new CryptoContext method ImportPublicKey.
For more information, see the section
9.5.2 Importing Public Keys in PEM Format.
- A new method Append and new property Length
have been added to the CryptoBlob object.
The release fixes a bug in the CryptoKey.RawBits property responsible for
improperly and prematurely releasing the current context handle and causing run-time errors.
The new version offers the following features:
- New CryptoCert methods ExportToBlob and ExportToBlobPKCS7
have been added which are the memory equivalents of ExportToFile
and ExportToFilePKCS7 and export the certificate to a memory blob as opposed to
- The method OpenContext now allows you to specify the public-key length
via the first parameter, as follows:
Set Context = CM.OpenContext("mycontainer##2048", True )
The previous versions could only create public keys with the default length (usually 1024 bits.)
- Some minor changes to the object model have been made that will require your C# code
to be modified slightly (VB script code should not require any modifications).
In all methods requiring a Boolean argument, such as OpenContext, OpenStore, and others,
the BOOL data type was replaced with VARIANT_BOOL. As a result, C# code such as
ICryptoStore objStore = objCM.OpenStore("MY", 1 );
will have to be replaced with
ICryptoStore objStore = objCM.OpenStore("MY", true );
Also the default Item method of the CryptoCerts and CryptoName objects has been
replaced with a parameterized property with the same name. As a result, C# code such as
ICryptoCert objCert = objStore.Certificates(1);
will have to be replaced with
ICryptoCert objCert = objStore.Certificates;
Why New User Manual?
AspEncrypt is one of Persits Software’s oldest products, and while this component’s functionality
is still in great demand, its original user manual, the Cryptographic Tasks, has been showing signs of old age.
The Tasks were written back in 1999 and focused mainly on classic ASP and Windows 2000.
Microsoft .NET and modern operating systems like Windows 2008 and Windows 7 have rendered
much of that information obsolete. Also, we felt that a reorganization of the material
from "tasks" to chapters was needed for consistency with the documentation
written for our other products, and to make the user manual more structured and
easier to grasp.
In the new User Manual, the information is laid out
in a more organized manner, with the material divided into numbered chapters, sections and subsections.
The coverage of the product’s features progresses from the simple to the complex.
For every ASP/VBScript code sample, there is a .NET/C# equivalent.
Some obsolete features are no longer covered at all while others are given less attention,
resulting in a leaner, meaner manual: 9 new chapters vs. 14 old "tasks."
The old Tasks will remain online but will no longer be updated
or linked to from the main pages.
- CryptoManager.RegKey property added. This property enables you to specify your registration
key right in the script instead of the system registry.
- CryptoBlob.Ansi property added. This property enables you to initialize binary data
using an ASCII string. This is useful because external DES and Triple-DES keys are often specified in the form of ASCII strings.
- CryptoBlob.Reverse method added. This method allows you to reverse the bytes in a binary blob in one simple step.
This may be useful when an external key needs to be utilized.
- A bug in CryptoHash.AddText method fixed which caused this method to crash on very long text strings.
- CryptoHash.AddTextWide method added. This method allows you to calculate the hash function of Unicode strings.
- CryptoManager.ImportStoreFromBlob method added. This method performs the same function as CryptoManager.ImportStoreFromFile
but reads the certificate store from a binary blob as opposed to disk.
- CryptoManager.ImportCertFromBlob enhanced to read Base64-encoded certificates.
In previos versions, only CryptoManager.ImportCertFromFile method recognized the Base64 encoding.
- Our cryptographic component is now available as a native X64 library.
- The service release fixes memory overflow issues in CryptoKey.EncryptText and CryptoBlob.Hex.