Encryption_Main.cpp
[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]
The following code example shows the _tmain function of a console application that encrypts content. In this example, the content to be encrypted is defined in the EncryptingContent.h file.
// Content to encrypt.
#define PLAINTEXT L"This is the content to be encrypted."
The Encryption_Main.cpp function performs the following actions:
- Creates a client session.
- Retrieves the machine certificate from the license store.
- Retrieves the client licensor certificate (used to sign an issuance license offline).
- Retrieves the rights account certificate for the user specified on the command line.
- Retrieves the application manifest.
- Creates a secure environment.
- Retrieves the signed issuance license.
- Encrypts the content and writes it to a file.
#include "EncryptingContent.h"
/*===================================================================
File: Encryption_Main.cpp
THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.
Copyright (C) Microsoft. All rights reserved.
===================================================================*/
/////////////////////////////////////////////////////////////////////
// This sample demonstrates how to use AD RMS to encrypt content.
// You must enter an Active Directory user account and manifest file
// path on the command line.
//
int _tmain(int argc, _TCHAR* argv[])
{
HRESULT hr = S_OK; // HRESULT return code
DRMHSESSION hClient = NULL; // Client handle
DRMENVHANDLE hEnv = NULL; // Environment handle
DRMHANDLE hLib = NULL; // Library handle
DRMPUBHANDLE hIssuanceLic = NULL; // IL handle
PWSTR pwszUserID = NULL; // User ID
PWSTR pwszManFileName = NULL; // Manifest file name
PWSTR pwszManifest = NULL; // Manifest string
PWSTR pwszCLC = NULL; // Signing certificate
PWSTR pwszMachineCert = NULL; // Machine certificate
PWSTR pwszSignedIL = NULL; // Signed license
PWSTR pwszGUID = NULL; // Content ID GUID
PWSTR pwszRAC = NULL; // Rights account cert
BYTE* pbEncrypted = NULL; // Encrypted content
// Validate input. The client must supply a user ID and the
// name of the application manifest file.
if(NULL==argv[1] || NULL==argv[2]) return hr;
pwszUserID = argv[1];
pwszManFileName = argv[2];
// Create a client session.
hr = DRMCreateClientSession(
&StatusCallback, // Callback function
0, // Reserved
DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH, // Authentication type
pwszUserID, // User ID
&hClient ); // Client handle
if (FAILED(hr)) return hr;
wprintf(L"DRMCreateClientSession: hClient = %i \r\n", hClient);
// Retrieve the machine certificate for the user. This call fails
// if the computer and the user have not been activated.
hr = GetCertificate(
hClient, // Client handle
DRM_EL_MACHINE, // Certificate type
&pwszMachineCert); // Machine certificate
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetCertificate (pwszMachineCert) succeeded.\r\n");
// Retrieve the client licensor certificate (CLC) from the license
// store.
hr = GetCertificate(
hClient, // Client handle
DRM_EL_SPECIFIED_CLIENTLICENSOR, // Certificate type
&pwszCLC); // Signing certificate
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetCertificate (pwszCLC) succeeded.\r\n");
// Retrieve the rights account certificate (RAC) from the license
// store.
hr = GetCertificate(
hClient, // Client handle
DRM_EL_SPECIFIED_GROUPIDENTITY, // Certificate type
&pwszRAC); // RAC string
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetCertificate (pwszRAC) succeeded.\r\n");
// Read the manifest file into a string.
hr = GetManifest(
pwszManFileName, // File name
&pwszManifest); // Application manifest
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetManifest (pwszManifest) succeeded.\r\n");
// Create a secure environment.
hr = GetSecureEnvironment(
pwszMachineCert, // Machine certificate
pwszManifest, // Application manifest
&hEnv, // Environment handle
&hLib); // Library handle
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetSecureEnvironment (hEnv and hLib) succeeded.\r\n");
// Create and sign an issuance license (IL) offline.
hr = GetOfflineSignedIL(
hEnv, // Environment handle
hLib, // Library handle
pwszUserID, // User account
pwszMachineCert, // Machine certificate
pwszCLC, // CLC string
pwszManifest, // Application manifest
&pwszGUID, // GUID
&hIssuanceLic, // IL handle
&pwszSignedIL); // Signed IL
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetOfflineSignedIL (pwszSignedIL) succeeded.\r\n");
// Encrypt the content. In this example, the content to be
// encrypted is in the header file, and the encrypted content
// is written to a new file.
hr = EncryptContent(
hEnv, // Environment handle
hLib, // Library handle
pwszRAC, // Rights account cert
pwszGUID, // Content ID from IL
hIssuanceLic, // IL handle
pwszSignedIL, // Signed IL
&pbEncrypted); // Encrypted content
if (FAILED(hr)) goto e_Exit;
wprintf(L"EncryptContent (pbEncrypted) succeeded.\r\n");
e_Exit:
if(NULL != pbEncrypted)
{
SecureZeroMemory(pbEncrypted, sizeof(pbEncrypted));
pbEncrypted = NULL;
}
if(NULL != pwszMachineCert)
{
delete [] pwszMachineCert;
pwszMachineCert = NULL;
}
if (NULL != pwszCLC)
{
delete [] pwszCLC;
pwszCLC = NULL;
}
if (NULL != pwszRAC)
{
delete [] pwszRAC;
pwszRAC = NULL;
}
if (NULL != pwszManifest)
{
delete [] pwszManifest;
pwszManifest = NULL;
}
if(NULL != pwszSignedIL)
{
delete [] pwszSignedIL;
pwszSignedIL = NULL;
}
if(NULL != pwszGUID)
{
delete [] pwszGUID;
pwszGUID = NULL;
}
if(NULL != hIssuanceLic)
{
hr = DRMClosePubHandle(hIssuanceLic);
hIssuanceLic = NULL;
}
if(NULL != hClient)
{
DRMCloseSession(hClient);
hClient = NULL;
}
if(NULL != hLib)
{
hr = DRMCloseHandle(hLib);
hLib = NULL;
}
if(NULL != hEnv)
{
hr = DRMCloseEnvironmentHandle(hEnv);
hEnv = NULL;
}
return 0;
}
Related topics