Sample code for 30+ languages & platforms
Unicode C

Duplicate SQL Server ENCRYPTBYPASSPHRASE

See more Encryption Examples

Demonstrates how to duplicate SQL Server's ENCRYPTBYPASSPHRASE.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkStringBuilderW.h>
#include <C_CkCrypt2W.h>
#include <C_CkBinDataW.h>
#include <C_CkPrngW.h>

void ChilkatSample(void)
    {
    const wchar_t *password;
    const wchar_t *encryptedHex_v1;
    const wchar_t *encryptedHex_v2;
    HCkStringBuilderW sbEncHex;
    HCkCrypt2W crypt;
    BOOL v1;
    int ivLen;
    const wchar_t *hashAlg;
    const wchar_t *ivHex;
    HCkStringBuilderW sbPassword;
    const wchar_t *pwd_hash;
    HCkStringBuilderW sbKey;
    HCkBinDataW bd;
    const wchar_t *plainText;
    HCkCrypt2W encryptor;
    HCkPrngW prng;
    int plainTextLen;
    HCkBinDataW bdData;
    HCkStringBuilderW sbEnc;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // For SQL Server 2008 - SQL Server 2016 we must use TripleDES with SHA1
    // For SQL Server 2017 and later, use AES256 / SHA256.

    password = L"tEst1234";
    encryptedHex_v1 = L"0x010000001E8E7DCDBD4061B951999E25D18445D2305474D2D71EEE98A241C755246F58AB";

    // Here's an encrypted string using AES256/SHA256
    encryptedHex_v2 = L"0x02000000FFE880C0354780481E64EF25B6197A02E2A854A4BA9D8D9BDDFDAB27EB56537ABDA0B1D9C4D1050C91B313550DECF429";

    sbEncHex = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbEncHex,encryptedHex_v1);

    // If present, we don't want the leading "0x"
    if (CkStringBuilderW_StartsWith(sbEncHex,L"0x",FALSE) == TRUE) {
        CkStringBuilderW_RemoveCharsAt(sbEncHex,0,2);
    }

    crypt = CkCrypt2W_Create();
    CkCrypt2W_putEncodingMode(crypt,L"hex");

    // The encrypted hex string will begin with either 01000000 or 02000000
    // version 1 is produced by SQL Server 2008 to SQL Server 2016, and we must use TripleDES with SHA1
    // version 2 is for SQL Server 2017 and later, and uses AES256 / SHA256.
    v1 = CkStringBuilderW_StartsWith(sbEncHex,L"01",FALSE);

    ivLen = 0;

    if (v1 == TRUE) {
        CkCrypt2W_putCryptAlgorithm(crypt,L"3des");
        CkCrypt2W_putCipherMode(crypt,L"cbc");
        CkCrypt2W_putKeyLength(crypt,168);
        ivLen = 8;
        hashAlg = L"sha1";
    }
    else {
        CkCrypt2W_putCryptAlgorithm(crypt,L"aes");
        CkCrypt2W_putCipherMode(crypt,L"cbc");
        CkCrypt2W_putKeyLength(crypt,256);
        ivLen = 16;
        hashAlg = L"sha256";
    }

    // Remove the SQL Server version info (i.e. the "01000000")
    CkStringBuilderW_RemoveCharsAt(sbEncHex,0,8);

    // Get the IV part of the sbEncHex, and also remove it from the StringBuilder.
    ivHex = CkStringBuilderW_getRange(sbEncHex,0,ivLen * 2,TRUE);
    wprintf(L"IV = %s\n",ivHex);
    CkCrypt2W_SetEncodedIV(crypt,ivHex,L"hex");

    sbPassword = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbPassword,password);
    pwd_hash = CkStringBuilderW_getHash(sbPassword,hashAlg,L"hex",L"utf-16");
    sbKey = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbKey,pwd_hash);
    if (v1 == TRUE) {
        // For v1, we only want the 1st 16 bytes of the 20 byte hash.
        // (remember, the hex encoding uses 2 chars per byte, so we remove the last 8 chars)
        CkStringBuilderW_Shorten(sbKey,8);
    }

    wprintf(L"crypt key: %s\n",CkStringBuilderW_getAsString(sbKey));

    CkCrypt2W_SetEncodedKey(crypt,CkStringBuilderW_getAsString(sbKey),L"hex");

    // Decrypt
    bd = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bd,CkStringBuilderW_getAsString(sbEncHex),L"hex");
    CkCrypt2W_DecryptBd(crypt,bd);

    // The result is composed of a header of 8 bytes which we can discard.
    // The remainder is the decrypted text.

    // The header we are discarding is composed of:
    // Bytes 0-3: Magic number equal to 0DF0ADBA
    // Bytes 4-5: Number of integrity bytes, which is 0 unless an authenticator is used. We're assuming no authenticator is used.
    // Bytes 6-7: Number of plain-text bytes. We really don't need this because the CBC padding takes care of it.

    // Therefore, just return the data after the 1st 8 bytes.
    // Assuming the encrypted string was utf-8 text...
    CkBinDataW_RemoveChunk(bd,0,8);
    plainText = CkBinDataW_getString(bd,L"utf-8");
    wprintf(L"decrypted plain text: %s\n",plainText);

    // The output:

    // IV = 1E8E7DCDBD4061B9
    // crypt key: 710B9C2E61ACCC9570D4112203BD9738
    // decrypted plain text: Hello world.

    // ------------------------------------------------------------------------------------------
    // To encrypt, do the reverse...

    // Let's do v1 with TripleDES with SHA1

    encryptor = CkCrypt2W_Create();
    CkCrypt2W_putEncodingMode(encryptor,L"hex");

    CkCrypt2W_putCryptAlgorithm(encryptor,L"3des");
    CkCrypt2W_putCipherMode(encryptor,L"cbc");
    CkCrypt2W_putKeyLength(encryptor,168);

    // Generate a random 8-byte IV
    prng = CkPrngW_Create();
    ivHex = CkPrngW_genRandom(prng,8,L"hex");
    CkCrypt2W_SetEncodedIV(encryptor,ivHex,L"hex");

    // The binary password is generated the same as above.
    // We'll use the same password (and same binary password)
    CkCrypt2W_SetEncodedKey(encryptor,CkStringBuilderW_getAsString(sbKey),L"hex");

    plainTextLen = 8;
    plainText = L"ABCD1234";

    // Encrypt the header + the plain-text.
    bdData = CkBinDataW_Create();
    CkBinDataW_AppendEncoded(bdData,L"0DF0ADBA",L"hex");
    CkBinDataW_AppendEncoded(bdData,L"0000",L"hex");
    CkBinDataW_AppendInt2(bdData,plainTextLen,TRUE);
    wprintf(L"header: %s\n",CkBinDataW_getEncoded(bdData,L"hex"));
    CkBinDataW_AppendString(bdData,plainText,L"utf-8");
    CkCrypt2W_EncryptBd(encryptor,bdData);

    // Compose the result..
    sbEnc = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbEnc,L"0x01000000");
    CkStringBuilderW_Append(sbEnc,ivHex);
    CkStringBuilderW_Append(sbEnc,CkBinDataW_getEncoded(bdData,L"hex"));

    wprintf(L"result: %s\n",CkStringBuilderW_getAsString(sbEnc));


    CkStringBuilderW_Dispose(sbEncHex);
    CkCrypt2W_Dispose(crypt);
    CkStringBuilderW_Dispose(sbPassword);
    CkStringBuilderW_Dispose(sbKey);
    CkBinDataW_Dispose(bd);
    CkCrypt2W_Dispose(encryptor);
    CkPrngW_Dispose(prng);
    CkBinDataW_Dispose(bdData);
    CkStringBuilderW_Dispose(sbEnc);

    }