Decryption_Main.cpp
[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]
The following code example shows the _tmain function of a console application that decrypts content. The encrypted content is created by the Encrypting Content Code Example and saved in a custom file. You must specify the name of the file on the command line. The _tmain function performs the following actions:
- Creates a client session.
- Retrieves the machine certificate for the user specified on the command line.
- Retrieves the application manifest from the file specified on the command line.
- Creates a secure environment.
- Retrieves the signed issuance license and encrypted content from the file specified on the command line.
- Retrieves the rights account certificate (RAC) for the user.
- Retrieves an end-user license.
- Decrypts the content.
#include "DecryptingContent.h"
/*===================================================================
File: Decryption_Main.cpp
THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.
Copyright (C) Microsoft. All rights reserved.
===================================================================*/
/////////////////////////////////////////////////////////////////////
// This sample demonstrates how to use the AD RMS SDK to decrypt
// previously encrypted content. The content is encrypted to a file
// by using the EncryptingContent example shown previously in this
// documentation. The name of the file that includes the encrypted
// content must be specified on the command line.
//
int _tmain(int argc, _TCHAR* argv[])
{
HRESULT hr = S_OK; // HRESULT return code
DRMHSESSION hClient = NULL; // Client handle
DRMENVHANDLE hEnv = NULL; // Environment handle
DRMHANDLE hLib = NULL; // Library handle
DRMHANDLE hBoundLic = NULL; // Bound license handle
PWSTR pwszUserID = NULL; // User ID
PWSTR pwszEncryptedFile = NULL; // Encrypted file
PWSTR pwszManifestFile = NULL; // Manifest file name
PWSTR pwszManifest = NULL; // Manifest string
PWSTR pwszSignedIL = NULL; // Signed IL
PWSTR pwszContentID = NULL; // Content ID
PWSTR pwszMachineCert = NULL; // Machine certificate
PWSTR pwszRAC = NULL; // Rights account cert
BYTE* pbEncrypted = NULL; // Encrypted content
BYTE* pbDecrypted = NULL; // Decrypted content
UINT uiEncrypted = 0; // Encrypted byte count
// Validate input. The client must supply a user account ID, the
// path of a file that contains the application manifest, and the
// path of a file that contains the encrypted content and the
// issuance license used to publish and encrypt that content.
// In this example, the file that contains the encrypted content
// has a custom format and is created by the EncryptingContent
// example.
if(argc<4 || NULL==argv[1] || NULL==argv[2] || NULL== argv[3])
{
return E_FAIL;
}
pwszUserID = argv[1];
pwszEncryptedFile = argv[2];
pwszManifestFile = argv[3];
// Create a client session.
hr = DRMCreateClientSession(
&StatusCallback, // Callback function
0, // Reserved
DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH, // Authentication type
pwszUserID, // User ID
&hClient ); // Client handle
if (FAILED(hr)) return hr;
wprintf(L"DRMCreateClientSession: hClient = %i\r\n", hClient);
// Retrieve the machine certificate for the user. The machine
// certificate is used to create a secure environment. This call
// fails if the computer and the user have not been activated.
hr = GetCertificate(
hClient, // Client handle
DRM_EL_MACHINE, // Certificate type
&pwszMachineCert); // Machine certificate
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetCertificate (pwszMachineCert) succeeded.\r\n");
// Read the manifest file into a string. The manifest is used to
// create a secure environment.
hr = GetManifest(
pwszManifestFile, // File name
&pwszManifest); // Application manifest
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetManifest (pwszManifest) succeeded.\r\n");
// Create a secure environment.
hr = GetSecureEnvironment(
pwszMachineCert, // Machine certificate
pwszManifest, // Application manifest
&hEnv, // Environment handle
&hLib); // Library handle
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetSecureEnvironment succeeded.\r\n");
// Retrieve the signed issuance license and the previously
// encrypted content from the file specified on the command line.
// The signed issuance license is used to retrieve an end user
// license, and the encrypted content will be decrypted by the
// DecryptContent function later in this example.
hr = ReadEncryptedContent(
pwszEncryptedFile, // File name
&pwszSignedIL, // Issuance license
&uiEncrypted, // Number of encrypted bytes
&pbEncrypted); // Encrypted content
if (FAILED(hr)) goto e_Exit;
wprintf(L"ReadEncryptedContent succeeded.\r\n");
// Retrieve the rights account certificate (RAC) from the license
// store. The RAC is used to retrieve a bound license.
hr = GetCertificate(
hClient, // Client handle
DRM_EL_SPECIFIED_GROUPIDENTITY, // Certificate type
&pwszRAC); // RAC string
if (FAILED(hr)) goto e_Exit;
wprintf(L"GetCertificate (pwszRAC) succeeded.\r\n");
// Retrieve the end user license and use it to create a license
// that is bound to the EDIT right.
hr = GetBoundLicense(
hClient, // Client handle
hEnv, // Secure environment
hLib, // Library handle
pwszRAC, // Rights account certificate
pwszSignedIL, // Signed issuance license
&hBoundLic); // Bound license
wprintf(L"GetBoundLicense: hBoundLic = %i\r\n", hBoundLic);
// Decrypt the content.
hr = DecryptContent(
hBoundLic, // Bound license handle
uiEncrypted, // Number of encrypted bytes
pbEncrypted, // Encrypted content byte array
&pbDecrypted); // Decrypted content byte array
if (FAILED(hr)) goto e_Exit;
// Print the decrypted content to the console.
wprintf(L"DecryptContent succeeded.\r\n\n");
wprintf(L"Decrypted content = %s \r\n", pbDecrypted);
e_Exit:
if (NULL != hClient)
{
hr = DRMCloseSession(hClient);
hClient = NULL;
}
if (NULL != pwszUserID)
{
pwszUserID = NULL;
}
if (NULL != pwszEncryptedFile)
{
pwszEncryptedFile = NULL;
}
if (NULL != pwszManifestFile)
{
pwszManifestFile = NULL;
}
if (NULL != pwszRAC)
{
delete [] pwszRAC;
pwszRAC = NULL;
}
if (NULL != hBoundLic)
{
hBoundLic = NULL;
}
if (NULL != pbDecrypted)
{
delete [] pbDecrypted;
pbDecrypted = NULL;
}
if (NULL != hLib)
{
hr = DRMCloseHandle(hLib);
hLib = NULL;
}
if (NULL != hEnv)
{
hr = DRMCloseEnvironmentHandle(hEnv);
hEnv = NULL;
}
return 0;
}
Related topics