|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Perl) Example: Crypt2.RandomizeIV methodDemonstrates using a random initialization vector for AES GCM encryption.
use chilkat(); # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. $crypt = chilkat::CkCrypt2->new(); $crypt->put_CryptAlgorithm("aes"); $crypt->put_CipherMode("gcm"); $crypt->put_KeyLength(256); $K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F"; $AAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2"; $PT = "This is the text to be AES-GCM encrypted."; # Generate a random IV. $crypt->RandomizeIV(); $IV = $crypt->getEncodedIV("hex"); $crypt->SetEncodedKey($K,"hex"); $success = $crypt->SetEncodedAad($AAD,"hex"); # Return the encrypted bytes as base64 $crypt->put_EncodingMode("base64"); $crypt->put_Charset("utf-8"); $cipherText = $crypt->encryptStringENC($PT); if ($crypt->get_LastMethodSuccess() != 1) { print $crypt->lastErrorText() . "\r\n"; exit; } # Get the GCM authenticated tag computed when encrypting. $authTag = $crypt->getEncodedAuthTag("base64"); print "Cipher Text: " . $cipherText . "\r\n"; print "Auth Tag: " . $authTag . "\r\n"; # Let's send the IV, CipherText, and AuthTag to the decrypting party. # We'll send them concatenated like this: [IV || Ciphertext || AuthTag] # In base64 format. $bdEncrypted = chilkat::CkBinData->new(); $bdEncrypted->AppendEncoded($IV,"hex"); $bdEncrypted->AppendEncoded($cipherText,"base64"); $bdEncrypted->AppendEncoded($authTag,"base64"); $concatenatedGcmOutput = $bdEncrypted->getEncoded("base64"); print "Concatenated GCM Output: " . $concatenatedGcmOutput . "\r\n"; # Sample output so far: # ------------------------------------------------------------------------------------- # Now let's GCM decrypt... # ------------------------------------------------------------------------------------- $decrypt = chilkat::CkCrypt2->new(); # The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD. # Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor. $decrypt->put_CryptAlgorithm("aes"); $decrypt->put_CipherMode("gcm"); $decrypt->put_KeyLength(256); $decrypt->SetEncodedKey($K,"hex"); $decrypt->SetEncodedAad($AAD,"hex"); $bdFromEncryptor = chilkat::CkBinData->new(); $bdFromEncryptor->AppendEncoded($concatenatedGcmOutput,"base64"); $sz = $bdFromEncryptor->get_NumBytes(); # Extract the parts. $extractedIV = $bdFromEncryptor->getEncodedChunk(0,16,"hex"); $extractedCipherText = $bdFromEncryptor->getEncodedChunk(16,$sz - 32,"base64"); $expectedAuthTag = $bdFromEncryptor->getEncodedChunk($sz - 16,16,"base64"); # Before GCM decrypting, we must set the authenticated tag to the value that is expected. # The decryption will fail if the resulting authenticated tag is not equal to the expected result. $success = $decrypt->SetEncodedAuthTag($expectedAuthTag,"base64"); # Also set the IV. $decrypt->SetEncodedIV($extractedIV,"hex"); # Decrypt.. $decrypt->put_EncodingMode("base64"); $decrypt->put_Charset("utf-8"); $decryptedText = $decrypt->decryptStringENC($extractedCipherText); if ($decrypt->get_LastMethodSuccess() != 1) { # Failed. The resultant authenticated tag did not equal the expected authentication tag. print $decrypt->lastErrorText() . "\r\n"; exit; } print "Decrypted: " . $decryptedText . "\r\n"; |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.