PBES2 Password-Based Encryption (PBE)

Demonstrates how to implement password-based encryption according to the PKCS #5 v2.0: Password-Based Cryptography Standard (published by RSA Laboratories). This example uses PBES2, which ise based on the PBKDF2 function and an underlying block cipher such as RC2, DES, etc.

Download Chilkat Crypt ActiveX

LOCAL loCrypt
LOCAL lnSuccess
LOCAL lcPlainText
LOCAL lcEncryptedText
LOCAL lcDecryptedText

loCrypt = CreateObject('Chilkat.Crypt2')

lnSuccess = loCrypt.UnlockComponent("Anything for 30-day trial")
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX(loCrypt.LastErrorText)
    QUIT
ENDIF

*  Set properties for PBES2 encryption:

loCrypt.CryptAlgorithm = "pbes2"
loCrypt.PbesPassword = "mySecretPassword"

*  Set the underlying PBE algorithm (and key length):
loCrypt.PbesAlgorithm = "rc2"
loCrypt.KeyLength = 128
*  Only required for the RC2 algorithm:
loCrypt.Rc2EffectiveKeyLength = 128

*  By definition, the block encryption algorithm (RC2 or whichever
*  was selected) will run in CBC mode.  Therefore, we need
*  an IV.  The IV is equal in length to the block size of the
*  algorithm.  RC2 has a block size of 8 bytes (regardless of
*  key length), so set the IV to some value that is 8 bytes
*  in length:
loCrypt.SetEncodedIV("0000000000000000","hex")

*  Give it some salt:
loCrypt.SetEncodedSalt("0102030405060708","hex")

*  A higher iteration count makes the algorithm more
*  computationally expensive and therefore exhaustive
*  searches (for breaking the encryption) is more difficult:
loCrypt.IterationCount = 1024

*  A hash algorithm needs to be set for PBES2:
loCrypt.HashAlgorithm = "sha1"

*  Indicate that the encrypted bytes should be returned
*  as a hex string:
loCrypt.EncodingMode = "hex"

lcPlainText = "To be encrypted."

lcEncryptedText = loCrypt.EncryptStringENC(lcPlainText)

? lcEncryptedText

*  Now decrypt:

lcDecryptedText = loCrypt.DecryptStringENC(lcEncryptedText)

? lcDecryptedText