|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Node.js) AES-GCM Encryption / DecryptionSee more Encryption ExamplesDemonstrates AES-GCM encryption. Afterwards, the encrypted bytes, the authentication tag, and the IV are concatenated into one byte array and encoded to base64. For decryption, we decode the base64, extract the IV, authentication tag, and encrypted bytes, and then perform AES-GCM decryption.
var os = require('os'); if (os.platform() == 'win32') { var chilkat = require('@chilkat/ck-node23-win64'); } else if (os.platform() == 'linux') { if (os.arch() == 'arm') { var chilkat = require('@chilkat/ck-node23-linux-arm'); } else if (os.arch() == 'arm64') { var chilkat = require('@chilkat/ck-node23-linux-arm64'); } else { var chilkat = require('@chilkat/ck-node23-linux-x64'); } } else if (os.platform() == 'darwin') { var chilkat = require('@chilkat/ck-node23-mac-universal'); } function chilkatExample() { // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. var crypt = new chilkat.Crypt2(); crypt.CryptAlgorithm = "aes"; crypt.CipherMode = "gcm"; crypt.KeyLength = 256; var K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F"; var IV = "000102030405060708090A0B0C0D0E0F"; var AAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2"; var PT = "This is the text to be AES-GCM encrypted."; crypt.SetEncodedIV(IV,"hex"); crypt.SetEncodedKey(K,"hex"); var success = crypt.SetEncodedAad(AAD,"hex"); // Return the encrypted bytes as base64 crypt.EncodingMode = "base64"; crypt.Charset = "utf-8"; var cipherText = crypt.EncryptStringENC(PT); if (crypt.LastMethodSuccess !== true) { console.log(crypt.LastErrorText); return; } // Get the GCM authenticated tag computed when encrypting. var authTag = crypt.GetEncodedAuthTag("base64"); console.log("Cipher Text: " + cipherText); console.log("Auth Tag: " + authTag); // Let's send the IV, CipherText, and AuthTag to the decrypting party. // We'll send them concatenated like this: [IV || Ciphertext || AuthTag] // In base64 format. var bdEncrypted = new chilkat.BinData(); bdEncrypted.AppendEncoded(IV,"hex"); bdEncrypted.AppendEncoded(cipherText,"base64"); bdEncrypted.AppendEncoded(authTag,"base64"); var concatenatedGcmOutput = bdEncrypted.GetEncoded("base64"); console.log("Concatenated GCM Output: " + concatenatedGcmOutput); // Sample output so far: // ------------------------------------------------------------------------------------- // Now let's GCM decrypt... // ------------------------------------------------------------------------------------- var decrypt = new chilkat.Crypt2(); // The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD. // Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor. decrypt.CryptAlgorithm = "aes"; decrypt.CipherMode = "gcm"; decrypt.KeyLength = 256; decrypt.SetEncodedKey(K,"hex"); decrypt.SetEncodedAad(AAD,"hex"); var bdFromEncryptor = new chilkat.BinData(); bdFromEncryptor.AppendEncoded(concatenatedGcmOutput,"base64"); var sz = bdFromEncryptor.NumBytes; // Extract the parts. var extractedIV = bdFromEncryptor.GetEncodedChunk(0,16,"hex"); var extractedCipherText = bdFromEncryptor.GetEncodedChunk(16,sz - 32,"base64"); var expectedAuthTag = bdFromEncryptor.GetEncodedChunk(sz - 16,16,"base64"); // Before GCM decrypting, we must set the authenticated tag to the value that is expected. // The decryption will fail if the resulting authenticated tag is not equal to the expected result. success = decrypt.SetEncodedAuthTag(expectedAuthTag,"base64"); // Also set the IV. decrypt.SetEncodedIV(extractedIV,"hex"); // Decrypt.. decrypt.EncodingMode = "base64"; decrypt.Charset = "utf-8"; var decryptedText = decrypt.DecryptStringENC(extractedCipherText); if (decrypt.LastMethodSuccess !== true) { // Failed. The resultant authenticated tag did not equal the expected authentication tag. console.log(decrypt.LastErrorText); return; } console.log("Decrypted: " + decryptedText); // Sample output: // Cipher Text: cYspSW4GuSj0Msho4OgZZ0AwspDEpTF5Br8NlA+qT3f+g3nQo+xalmU= // Auth Tag: z/N82vdj/ZsM0WnHNCnPPw== // Concatenated GCM Output: AAECAwQFBgcICQoLDA0OD3GLKUluBrko9DLIaODoGWdAMLKQxKUxeQa/DZQPqk93/oN50KPsWpZlz/N82vdj/ZsM0WnHNCnPPw== // Decrypted: This is the text to be AES-GCM encrypted. } chilkatExample(); |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.