Sample code for 30+ languages & platforms
C#

Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat C# Downloads

C#
bool success = false;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

Chilkat.Crypt2 crypt = new Chilkat.Crypt2();

crypt.CryptAlgorithm = "aes";
crypt.CipherMode = "gcm";
crypt.KeyLength = 256;

string K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
string AAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2";
string PT = "This is the text to be AES-GCM encrypted.";

// Generate a random IV.
crypt.RandomizeIV();
string IV = crypt.GetEncodedIV("hex");

crypt.SetEncodedKey(K,"hex");

success = crypt.SetEncodedAad(AAD,"hex");

// Return the encrypted bytes as base64
crypt.EncodingMode = "base64";
crypt.Charset = "utf-8";
string cipherText = crypt.EncryptStringENC(PT);
if (crypt.LastMethodSuccess != true) {
    Debug.WriteLine(crypt.LastErrorText);
    return;
}

// Get the GCM authenticated tag computed when encrypting.
string authTag = crypt.GetEncodedAuthTag("base64");

Debug.WriteLine("Cipher Text: " + cipherText);
Debug.WriteLine("Auth Tag: " + authTag);

// Let's send the IV, CipherText, and AuthTag to the decrypting party.
// We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
// In base64 format.
Chilkat.BinData bdEncrypted = new Chilkat.BinData();
bdEncrypted.AppendEncoded(IV,"hex");
bdEncrypted.AppendEncoded(cipherText,"base64");
bdEncrypted.AppendEncoded(authTag,"base64");

string concatenatedGcmOutput = bdEncrypted.GetEncoded("base64");
Debug.WriteLine("Concatenated GCM Output: " + concatenatedGcmOutput);

// Sample output so far:

// -------------------------------------------------------------------------------------
// Now let's GCM decrypt...
// -------------------------------------------------------------------------------------

Chilkat.Crypt2 decrypt = new Chilkat.Crypt2();

// The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
// Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
decrypt.CryptAlgorithm = "aes";
decrypt.CipherMode = "gcm";
decrypt.KeyLength = 256;
decrypt.SetEncodedKey(K,"hex");
decrypt.SetEncodedAad(AAD,"hex");

Chilkat.BinData bdFromEncryptor = new Chilkat.BinData();
bdFromEncryptor.AppendEncoded(concatenatedGcmOutput,"base64");

int sz = bdFromEncryptor.NumBytes;

// Extract the parts.
string extractedIV = bdFromEncryptor.GetEncodedChunk(0,16,"hex");
string extractedCipherText = bdFromEncryptor.GetEncodedChunk(16,sz - 32,"base64");
string expectedAuthTag = bdFromEncryptor.GetEncodedChunk(sz - 16,16,"base64");

// Before GCM decrypting, we must set the authenticated tag to the value that is expected.
// The decryption will fail if the resulting authenticated tag is not equal to the expected result.
success = decrypt.SetEncodedAuthTag(expectedAuthTag,"base64");

// Also set the IV.
decrypt.SetEncodedIV(extractedIV,"hex");

// Decrypt..
decrypt.EncodingMode = "base64";
decrypt.Charset = "utf-8";
string decryptedText = decrypt.DecryptStringENC(extractedCipherText);
if (decrypt.LastMethodSuccess != true) {
    // Failed.  The resultant authenticated tag did not equal the expected authentication tag.
    Debug.WriteLine(decrypt.LastErrorText);
    return;
}

Debug.WriteLine("Decrypted: " + decryptedText);