Share via

Encrypting Content by Using AD RMS Functions

  • Article

To encrypt content by using the DRMEncrypt function that this SDK provides, you must encrypt content as your last step and by using an AD RMS encrypting object.

To create an AD RMS encrypting object

  1. Obtain an end-user license for your content.
  2. Bind to this license with the EDIT or OWNER right. The license binding steps are detailed in the section Building a Consuming Application.
  3. Create an AD RMS encrypting object by using the DRMCreateEnablingBitsEncryptor function. This encrypting object then allows you to use the DRMEncrypt function.

An application can choose its own content encryption key, or it can allow the AD RMS system to create one by passing in DRM_AUTO_GENERATE_KEY. After a signed issuance license has been created, you do not need to store the license. Be sure to dispose of a content key safely and completely by using functions such as SecureZeroMemory.

The following example shows how the AD RMS encrypting object is created, using a handle from the bound object. You can only create an encrypting object if you are granted the OWNER or EDIT right. For more information about encrypting and decrypting objects, see Interpreting XrML Rights.

This example creates extra padding at the end of the document. An application is expected to create a padding scheme to determine the amount of extra padding to be added to the clear text. The length, in bytes, of the buffer holding content to be encrypted should be a multiple of the block cipher block size. The simplest way to achieve this is to pad the buffer with zero WCHARS and later strip them after decryption. If the buffer itself can contain zero WCHARS, then the original size of the buffer needs to be saved somewhere.

DRMHANDLE  hEBEncryptor = NULL;
hr = DRMCreateEnablingBitsEncryptor( 
    hBoundLicense,    // License bound to EDIT.
    L"EDIT",          // Can also be OWNER.
    NULL,
    NULL,
    &hEBEncryptor );
if(FAILED(hr))
{// Handle error. }

// Get the buffer size needed to encrypt content.
hr = DRMEncrypt( hEBEncryptor,
          0, 
          sizeof(WCHAR) * wcslen(g_wszPlainText),
          (BYTE *)g_wszPlainText,
          &cSealedContent,
          NULL
          );
if(FAILED(hr))
{// Handle error. }

wszSealedContent = (PWSTR)HeapAlloc(
    GetProcessHeap(), 
    HEAP_ZERO_MEMORY, 
    cSealedContent);
if(NULL == wszSealedContent)
{// Handle error. }

// Encrypt the content.
hr = DRMEncrypt( hEBEncryptor,
    0, 
    sizeof(WCHAR) * wcslen(g_wszPlainText),
    (BYTE *)g_wszPlainText,
    &cSealedContent,
    (BYTE *)wszSealedContent);
if(FAILED(hr))
{// Handle error. }

See Also

Building a Publishing Application

Send comments about this topic to Microsoft

Build date: 3/13/2008