(C++) Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <CkCrypt2.h>
#include <CkBinData.h>

void ChilkatSample(void)
    {
    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkCrypt2 crypt;

    crypt.put_CryptAlgorithm("aes");
    crypt.put_CipherMode("gcm");
    crypt.put_KeyLength(256);

    const char *K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
    const char *AAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2";
    const char *PT = "This is the text to be AES-GCM encrypted.";

    // Generate a random IV.
    crypt.RandomizeIV();
    const char *IV = crypt.getEncodedIV("hex");

    crypt.SetEncodedKey(K,"hex");

    bool success = crypt.SetEncodedAad(AAD,"hex");

    // Return the encrypted bytes as base64
    crypt.put_EncodingMode("base64");
    crypt.put_Charset("utf-8");
    const char *cipherText = crypt.encryptStringENC(PT);
    if (crypt.get_LastMethodSuccess() != true) {
        std::cout << crypt.lastErrorText() << "\r\n";
        return;
    }

    // Get the GCM authenticated tag computed when encrypting.
    const char *authTag = crypt.getEncodedAuthTag("base64");

    std::cout << "Cipher Text: " << cipherText << "\r\n";
    std::cout << "Auth Tag: " << authTag << "\r\n";

    // Let's send the IV, CipherText, and AuthTag to the decrypting party.
    // We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
    // In base64 format.
    CkBinData bdEncrypted;
    bdEncrypted.AppendEncoded(IV,"hex");
    bdEncrypted.AppendEncoded(cipherText,"base64");
    bdEncrypted.AppendEncoded(authTag,"base64");

    const char *concatenatedGcmOutput = bdEncrypted.getEncoded("base64");
    std::cout << "Concatenated GCM Output: " << concatenatedGcmOutput << "\r\n";

    // Sample output so far:

    // -------------------------------------------------------------------------------------
    // Now let's GCM decrypt...
    // -------------------------------------------------------------------------------------

    CkCrypt2 decrypt;

    // The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
    // Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
    decrypt.put_CryptAlgorithm("aes");
    decrypt.put_CipherMode("gcm");
    decrypt.put_KeyLength(256);
    decrypt.SetEncodedKey(K,"hex");
    decrypt.SetEncodedAad(AAD,"hex");

    CkBinData bdFromEncryptor;
    bdFromEncryptor.AppendEncoded(concatenatedGcmOutput,"base64");

    int sz = bdFromEncryptor.get_NumBytes();

    // Extract the parts.
    const char *extractedIV = bdFromEncryptor.getEncodedChunk(0,16,"hex");
    const char *extractedCipherText = bdFromEncryptor.getEncodedChunk(16,sz - 32,"base64");
    const char *expectedAuthTag = bdFromEncryptor.getEncodedChunk(sz - 16,16,"base64");

    // Before GCM decrypting, we must set the authenticated tag to the value that is expected.
    // The decryption will fail if the resulting authenticated tag is not equal to the expected result.
    success = decrypt.SetEncodedAuthTag(expectedAuthTag,"base64");

    // Also set the IV.
    decrypt.SetEncodedIV(extractedIV,"hex");

    // Decrypt..
    decrypt.put_EncodingMode("base64");
    decrypt.put_Charset("utf-8");
    const char *decryptedText = decrypt.decryptStringENC(extractedCipherText);
    if (decrypt.get_LastMethodSuccess() != true) {
        // Failed.  The resultant authenticated tag did not equal the expected authentication tag.
        std::cout << decrypt.lastErrorText() << "\r\n";
        return;
    }

    std::cout << "Decrypted: " << decryptedText << "\r\n";
    }