|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Lianja) Example: Crypt2.RandomizeIV methodDemonstrates using a random initialization vector for AES GCM encryption.
// This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. loCrypt = createobject("CkCrypt2") loCrypt.CryptAlgorithm = "aes" loCrypt.CipherMode = "gcm" loCrypt.KeyLength = 256 K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F" lcAAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2" lcPT = "This is the text to be AES-GCM encrypted." // Generate a random IV. loCrypt.RandomizeIV() lcIV = loCrypt.GetEncodedIV("hex") loCrypt.SetEncodedKey(K,"hex") llSuccess = loCrypt.SetEncodedAad(lcAAD,"hex") // Return the encrypted bytes as base64 loCrypt.EncodingMode = "base64" loCrypt.Charset = "utf-8" lcCipherText = loCrypt.EncryptStringENC(lcPT) if (loCrypt.LastMethodSuccess <> .T.) then ? loCrypt.LastErrorText release loCrypt return endif // Get the GCM authenticated tag computed when encrypting. lcAuthTag = loCrypt.GetEncodedAuthTag("base64") ? "Cipher Text: " + lcCipherText ? "Auth Tag: " + lcAuthTag // Let's send the IV, CipherText, and AuthTag to the decrypting party. // We'll send them concatenated like this: [IV || Ciphertext || AuthTag] // In base64 format. loBdEncrypted = createobject("CkBinData") loBdEncrypted.AppendEncoded(lcIV,"hex") loBdEncrypted.AppendEncoded(lcCipherText,"base64") loBdEncrypted.AppendEncoded(lcAuthTag,"base64") lcConcatenatedGcmOutput = loBdEncrypted.GetEncoded("base64") ? "Concatenated GCM Output: " + lcConcatenatedGcmOutput // Sample output so far: // ------------------------------------------------------------------------------------- // Now let's GCM decrypt... // ------------------------------------------------------------------------------------- loDecrypt = createobject("CkCrypt2") // The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD. // Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor. loDecrypt.CryptAlgorithm = "aes" loDecrypt.CipherMode = "gcm" loDecrypt.KeyLength = 256 loDecrypt.SetEncodedKey(K,"hex") loDecrypt.SetEncodedAad(lcAAD,"hex") loBdFromEncryptor = createobject("CkBinData") loBdFromEncryptor.AppendEncoded(lcConcatenatedGcmOutput,"base64") lnSz = loBdFromEncryptor.NumBytes // Extract the parts. lcExtractedIV = loBdFromEncryptor.GetEncodedChunk(0,16,"hex") lcExtractedCipherText = loBdFromEncryptor.GetEncodedChunk(16,lnSz - 32,"base64") lcExpectedAuthTag = loBdFromEncryptor.GetEncodedChunk(lnSz - 16,16,"base64") // Before GCM decrypting, we must set the authenticated tag to the value that is expected. // The decryption will fail if the resulting authenticated tag is not equal to the expected result. llSuccess = loDecrypt.SetEncodedAuthTag(lcExpectedAuthTag,"base64") // Also set the IV. loDecrypt.SetEncodedIV(lcExtractedIV,"hex") // Decrypt.. loDecrypt.EncodingMode = "base64" loDecrypt.Charset = "utf-8" lcDecryptedText = loDecrypt.DecryptStringENC(lcExtractedCipherText) if (loDecrypt.LastMethodSuccess <> .T.) then // Failed. The resultant authenticated tag did not equal the expected authentication tag. ? loDecrypt.LastErrorText release loCrypt release loBdEncrypted release loDecrypt release loBdFromEncryptor return endif ? "Decrypted: " + lcDecryptedText release loCrypt release loBdEncrypted release loDecrypt release loBdFromEncryptor |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.