(C) Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <C_CkCrypt2.h>
#include <C_CkBinData.h>

void ChilkatSample(void)
    {
    HCkCrypt2 crypt;
    const char *K;
    const char *AAD;
    const char *PT;
    const char *IV;
    BOOL success;
    const char *cipherText;
    const char *authTag;
    HCkBinData bdEncrypted;
    const char *concatenatedGcmOutput;
    HCkCrypt2 decrypt;
    HCkBinData bdFromEncryptor;
    int sz;
    const char *extractedIV;
    const char *extractedCipherText;
    const char *expectedAuthTag;
    const char *decryptedText;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    crypt = CkCrypt2_Create();

    CkCrypt2_putCryptAlgorithm(crypt,"aes");
    CkCrypt2_putCipherMode(crypt,"gcm");
    CkCrypt2_putKeyLength(crypt,256);

    K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
    AAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2";
    PT = "This is the text to be AES-GCM encrypted.";

    // Generate a random IV.
    CkCrypt2_RandomizeIV(crypt);
    IV = CkCrypt2_getEncodedIV(crypt,"hex");

    CkCrypt2_SetEncodedKey(crypt,K,"hex");

    success = CkCrypt2_SetEncodedAad(crypt,AAD,"hex");

    // Return the encrypted bytes as base64
    CkCrypt2_putEncodingMode(crypt,"base64");
    CkCrypt2_putCharset(crypt,"utf-8");
    cipherText = CkCrypt2_encryptStringENC(crypt,PT);
    if (CkCrypt2_getLastMethodSuccess(crypt) != TRUE) {
        printf("%s\n",CkCrypt2_lastErrorText(crypt));
        CkCrypt2_Dispose(crypt);
        return;
    }

    // Get the GCM authenticated tag computed when encrypting.
    authTag = CkCrypt2_getEncodedAuthTag(crypt,"base64");

    printf("Cipher Text: %s\n",cipherText);
    printf("Auth Tag: %s\n",authTag);

    // Let's send the IV, CipherText, and AuthTag to the decrypting party.
    // We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
    // In base64 format.
    bdEncrypted = CkBinData_Create();
    CkBinData_AppendEncoded(bdEncrypted,IV,"hex");
    CkBinData_AppendEncoded(bdEncrypted,cipherText,"base64");
    CkBinData_AppendEncoded(bdEncrypted,authTag,"base64");

    concatenatedGcmOutput = CkBinData_getEncoded(bdEncrypted,"base64");
    printf("Concatenated GCM Output: %s\n",concatenatedGcmOutput);

    // Sample output so far:

    // -------------------------------------------------------------------------------------
    // Now let's GCM decrypt...
    // -------------------------------------------------------------------------------------

    decrypt = CkCrypt2_Create();

    // The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
    // Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
    CkCrypt2_putCryptAlgorithm(decrypt,"aes");
    CkCrypt2_putCipherMode(decrypt,"gcm");
    CkCrypt2_putKeyLength(decrypt,256);
    CkCrypt2_SetEncodedKey(decrypt,K,"hex");
    CkCrypt2_SetEncodedAad(decrypt,AAD,"hex");

    bdFromEncryptor = CkBinData_Create();
    CkBinData_AppendEncoded(bdFromEncryptor,concatenatedGcmOutput,"base64");

    sz = CkBinData_getNumBytes(bdFromEncryptor);

    // Extract the parts.
    extractedIV = CkBinData_getEncodedChunk(bdFromEncryptor,0,16,"hex");
    extractedCipherText = CkBinData_getEncodedChunk(bdFromEncryptor,16,sz - 32,"base64");
    expectedAuthTag = CkBinData_getEncodedChunk(bdFromEncryptor,sz - 16,16,"base64");

    // Before GCM decrypting, we must set the authenticated tag to the value that is expected.
    // The decryption will fail if the resulting authenticated tag is not equal to the expected result.
    success = CkCrypt2_SetEncodedAuthTag(decrypt,expectedAuthTag,"base64");

    // Also set the IV.
    CkCrypt2_SetEncodedIV(decrypt,extractedIV,"hex");

    // Decrypt..
    CkCrypt2_putEncodingMode(decrypt,"base64");
    CkCrypt2_putCharset(decrypt,"utf-8");
    decryptedText = CkCrypt2_decryptStringENC(decrypt,extractedCipherText);
    if (CkCrypt2_getLastMethodSuccess(decrypt) != TRUE) {
        // Failed.  The resultant authenticated tag did not equal the expected authentication tag.
        printf("%s\n",CkCrypt2_lastErrorText(decrypt));
        CkCrypt2_Dispose(crypt);
        CkBinData_Dispose(bdEncrypted);
        CkCrypt2_Dispose(decrypt);
        CkBinData_Dispose(bdFromEncryptor);
        return;
    }

    printf("Decrypted: %s\n",decryptedText);


    CkCrypt2_Dispose(crypt);
    CkBinData_Dispose(bdEncrypted);
    CkCrypt2_Dispose(decrypt);
    CkBinData_Dispose(bdFromEncryptor);

    }