Cryptography for Visual Basic: A Programmer’s Guide to the Microsoft CryptoAPI

"This is essential reading for anyone who needs to understand Microsoft’s CryptoAPI, its strengths and its limitations."
—Bruce Schneier, author of Applied Cryptography and CTO of Counterpane Internet Security, Inc

See author’s description below.



John Wiley & Sons


Richard Bondi

Pub. Date

September 2000




Paperback & CD, 480pp


Author’s Description

I wrote this book in order to make strong cryptography available to as many Visual Basic programmers as possible. The best way to do that was to write some very intuitive VB COM wrappers, and release them to the world with an Open Source license. That kind of license both permits and encourages programmers to make the source code available to other programmers, and to modify it for their own use, free of charge. (You can read more about Open Source licenses here.)

Unfortunately, cryptography is complicated. That means that there can be no such thing as simple COM cryptography objects per se. In order to program with cryptography, a programmer must first have a good grasp of the basics of modern cryptography. Therefore my approach was to write a book that does that, and then write my COM objects so that they would be intuitive and simple for someone who understands cryptography.

So my book has three main goals:

  1. Explain modern cryptography to Visual Basic programmers (Chapter 1).
  2. Provide Visual Basic programmers with a set of COM objects that are very intuitive once you understand modern cryptography, and to make the source code freely available (Chapter 5, Appendix B, and the source code on the CDROM).
  3. Show Visual Basic programmers how to call Microsoft’s built-in cryptography API (the CryptoAPI) (Chapters 2 through 9), so they can understand the source code of my COM objects, and write more CryptoAPI code without me.

My COM objects for calling the CryptoAPI are called WCCO (Wiley CryptoAPI COM Objects). The object model is simple: there is a CryptoAPI provider object, a key container object, a session key object, a message text object, an RSA key pair object, and a hash object. So for example, to encrypt some plaintext you would load it into a messagetext object, load or generate a key inside a session key object, and then pass the message text object to an “encrypt” method; finally, you would retrieve your ciphertext from the message text object.

To assure readers (and myself!) that the WCCO actually work the CD includes tests, described in Chapter 10, that do things like e.g. encrypt and decrypt random text thousands of times. Programmers can use this code to test their own modifications of the WCCO. Chapter 11 provides information on key management with the CryptoAPI.

The book is dedicated to everyone who reads the final chapter, chapter 12. This is a brief history of 20th century cryptography and surveillance policy in the United States. Very few people understand cryptography, just as few people understand genetic engineering, nuclear power, and other complicated subjects with grave social consequences. I hope my book gives its readers enough of an understanding of cryptography to begin to follow, and perhaps participate in, the policy battles surrounding it. The final chapter is an introduction to those battles.

Finally, I welcome feedback. You can use the links at the top left of this page to obtain help and additional code. For example, you can search the archive of the listserv to see if anyone has already asked about your problem.

cryptography for visual basic

Note: the book and companion source code do not currently include support for certificates.