DataFlex
DataFlex
Example: Crypt2.RandomizeIV method
Demonstrates using a random initialization vector for AES GCM encryption.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoCrypt
String K
String sAAD
String sPT
String sIV
String sCipherText
String sAuthTag
Handle hoBdEncrypted
String sConcatenatedGcmOutput
Handle hoDecrypt
Handle hoBdFromEncryptor
Integer iSz
String sExtractedIV
String sExtractedCipherText
String sExpectedAuthTag
String sDecryptedText
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
If (Not(IsComObjectCreated(hoCrypt))) Begin
Send CreateComObject of hoCrypt
End
Set ComCryptAlgorithm Of hoCrypt To "aes"
Set ComCipherMode Of hoCrypt To "gcm"
Set ComKeyLength Of hoCrypt To 256
Move "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F" To K
Move "feedfacedeadbeeffeedfacedeadbeefabaddad2" To sAAD
Move "This is the text to be AES-GCM encrypted." To sPT
// Generate a random IV.
Send ComRandomizeIV To hoCrypt
Get ComGetEncodedIV Of hoCrypt "hex" To sIV
Send ComSetEncodedKey To hoCrypt K "hex"
Get ComSetEncodedAad Of hoCrypt sAAD "hex" To iSuccess
// Return the encrypted bytes as base64
Set ComEncodingMode Of hoCrypt To "base64"
Set ComCharset Of hoCrypt To "utf-8"
Get ComEncryptStringENC Of hoCrypt sPT To sCipherText
Get ComLastMethodSuccess Of hoCrypt To bTemp1
If (bTemp1 <> True) Begin
Get ComLastErrorText Of hoCrypt To sTemp1
Showln sTemp1
Procedure_Return
End
// Get the GCM authenticated tag computed when encrypting.
Get ComGetEncodedAuthTag Of hoCrypt "base64" To sAuthTag
Showln "Cipher Text: " sCipherText
Showln "Auth Tag: " sAuthTag
// Let's send the IV, CipherText, and AuthTag to the decrypting party.
// We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
// In base64 format.
Get Create (RefClass(cComChilkatBinData)) To hoBdEncrypted
If (Not(IsComObjectCreated(hoBdEncrypted))) Begin
Send CreateComObject of hoBdEncrypted
End
Get ComAppendEncoded Of hoBdEncrypted sIV "hex" To iSuccess
Get ComAppendEncoded Of hoBdEncrypted sCipherText "base64" To iSuccess
Get ComAppendEncoded Of hoBdEncrypted sAuthTag "base64" To iSuccess
Get ComGetEncoded Of hoBdEncrypted "base64" To sConcatenatedGcmOutput
Showln "Concatenated GCM Output: " sConcatenatedGcmOutput
// Sample output so far:
// -------------------------------------------------------------------------------------
// Now let's GCM decrypt...
// -------------------------------------------------------------------------------------
Get Create (RefClass(cComChilkatCrypt2)) To hoDecrypt
If (Not(IsComObjectCreated(hoDecrypt))) Begin
Send CreateComObject of hoDecrypt
End
// The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
// Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
Set ComCryptAlgorithm Of hoDecrypt To "aes"
Set ComCipherMode Of hoDecrypt To "gcm"
Set ComKeyLength Of hoDecrypt To 256
Send ComSetEncodedKey To hoDecrypt K "hex"
Get ComSetEncodedAad Of hoDecrypt sAAD "hex" To iSuccess
Get Create (RefClass(cComChilkatBinData)) To hoBdFromEncryptor
If (Not(IsComObjectCreated(hoBdFromEncryptor))) Begin
Send CreateComObject of hoBdFromEncryptor
End
Get ComAppendEncoded Of hoBdFromEncryptor sConcatenatedGcmOutput "base64" To iSuccess
Get ComNumBytes Of hoBdFromEncryptor To iSz
// Extract the parts.
Get ComGetEncodedChunk Of hoBdFromEncryptor 0 16 "hex" To sExtractedIV
Get ComGetEncodedChunk Of hoBdFromEncryptor 16 (iSz - 32) "base64" To sExtractedCipherText
Get ComGetEncodedChunk Of hoBdFromEncryptor (iSz - 16) 16 "base64" To sExpectedAuthTag
// Before GCM decrypting, we must set the authenticated tag to the value that is expected.
// The decryption will fail if the resulting authenticated tag is not equal to the expected result.
Get ComSetEncodedAuthTag Of hoDecrypt sExpectedAuthTag "base64" To iSuccess
// Also set the IV.
Send ComSetEncodedIV To hoDecrypt sExtractedIV "hex"
// Decrypt..
Set ComEncodingMode Of hoDecrypt To "base64"
Set ComCharset Of hoDecrypt To "utf-8"
Get ComDecryptStringENC Of hoDecrypt sExtractedCipherText To sDecryptedText
Get ComLastMethodSuccess Of hoDecrypt To bTemp1
If (bTemp1 <> True) Begin
// Failed. The resultant authenticated tag did not equal the expected authentication tag.
Get ComLastErrorText Of hoDecrypt To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "Decrypted: " sDecryptedText
End_Procedure