ID: Q177201
The information in this article applies to:
Enveloped data messages generated with the initial release of CryptoAPI 2.0 are illegible to the release of CryptoAPI 2.0, which shipped as part of Internet Explorer 4.0. Likewise, enveloped data messages generated via the CryptoAPI on Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2 are not successfully interpreted by Internet Explorer 4.0's CryptoAPI implementation. Note that CryptoAPI 2.0 originally shipped as part of Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2.
In the interest of improved S/MIME compatibility, changes to the way the CryptoAPI generates and parses enveloped data messages were introduced with Internet Explorer version 4.0. A detailed description of these changes can be found in the "Remarks" section of the CryptoAPI 2.0 SDK documentation for the function CryptMsgOpenToEncode.
RESOLUTION
Versions of the CryptoAPI that shipped after the release of Internet Explorer 4.0 automatically detect, and parse appropriately, enveloped data messages that were formatted by versions of the CryptoAPI prior to Internet Explorer 4.0. Versions of the CryptoAPI that shipped after the release of Internet Explorer 4.0 also write out the data with the new formatting introduced with Internet Explorer 4.0. Furthermore, for backward compatibility, these future versions of the CryptoAPI also expose a flag for explicitly producing enveloped data messages in the old format produced by the CryptoAPI as part of Windows NT 4.0 Service Pack 3 and Internet Explorer 3.02 Auth2. This same backward compatible functionality slated for versions of the CryptoAPI after Internet Explorer 4.0 is available today to applications calling to the CryptoAPI provided by Internet Explorer 4.0, but via a separate, re-distributable DLL, Sp3crmsg.dll.
If you simply load Sp3crmsg.dll dynamically prior to executing any of the affected Internet Explorer 4.0 CryptoAPI functions (for example, CryptMsgOpenToEncode, CryptEncryptMessage, CryptSignAndEncryptMessage, etc.), it automatically causes these functions to detect and decode enveloped data messages that have been formatted by versions of the CryptoAPI prior to Internet Explorer 4.0. If enveloped data messages with the characteristic formatting are not detected, processing will default to Internet Explorer 4.0's original CryptoAPI functionality. In addition (in a manner similar to releases of the CryptoAPI to come after Internet Explorer 4.0), this DLL allows Internet Explorer 4.0 to generate messages compatible with the earlier versions of the CryptoAPI, but only if an application developer explicitly chooses to do so.
This DLL, along with additional details, installation instructions, and sample code, are in the file Sp3crmsg.zip, which can be found at the following Internet location:
http://drg.microsoft.com/cryptoext
When prompted for credentials enter the string "crypto" for both the
username and the password fields. Then download Sp3crmsg.zip, unpack it
using your favorite ZIP file utility, and read the enclosed Readme.txt file
for more details.
An Alpha version of Sp3crmsg.dll is also available upon request; please send email to Cryptoapi@listserv.msn.com.
Additional query words: CRYPT_E_OSS_ERROR NTE_BAD_DATA
Keywords : kbAPI kbKernBase kbGrpKernBase
Version : WINNT:4.0
Platform : Win95 winnt
Issue type : kbprb
Last Reviewed: November 26, 1997