I fixed it. It turns out the problem was due to the "Reader's Digest" version of the encryption example in Craig Kimpel's original FoxTalk article (June 2000). He made it seem like all you had to do was get a context, then get the session key handle, then encrypt. But if your machine doesn't have any keys created in the default container, .cryptAcquireContext() will fail. So the first step has to be .CreateCryptKeys(), which I didn't have in my .dll's init method. Putting that in solves everything.

-Rick