|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP Extension) Example: Crypt2.RandomizeIV methodDemonstrates using a random initialization vector for AES GCM encryption.
<?php include("chilkat.php"); // This example assumes the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. $crypt = new CkCrypt2(); $crypt->put_CryptAlgorithm('aes'); $crypt->put_CipherMode('gcm'); $crypt->put_KeyLength(256); $K = '000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F'; $AAD = 'feedfacedeadbeeffeedfacedeadbeefabaddad2'; $PT = 'This is the text to be AES-GCM encrypted.'; // Generate a random IV. $crypt->RandomizeIV(); $IV = $crypt->getEncodedIV('hex'); $crypt->SetEncodedKey($K,'hex'); $success = $crypt->SetEncodedAad($AAD,'hex'); // Return the encrypted bytes as base64 $crypt->put_EncodingMode('base64'); $crypt->put_Charset('utf-8'); $cipherText = $crypt->encryptStringENC($PT); if ($crypt->get_LastMethodSuccess() != true) { print $crypt->lastErrorText() . "\n"; exit; } // Get the GCM authenticated tag computed when encrypting. $authTag = $crypt->getEncodedAuthTag('base64'); print 'Cipher Text: ' . $cipherText . "\n"; print 'Auth Tag: ' . $authTag . "\n"; // Let's send the IV, CipherText, and AuthTag to the decrypting party. // We'll send them concatenated like this: [IV || Ciphertext || AuthTag] // In base64 format. $bdEncrypted = new CkBinData(); $bdEncrypted->AppendEncoded($IV,'hex'); $bdEncrypted->AppendEncoded($cipherText,'base64'); $bdEncrypted->AppendEncoded($authTag,'base64'); $concatenatedGcmOutput = $bdEncrypted->getEncoded('base64'); print 'Concatenated GCM Output: ' . $concatenatedGcmOutput . "\n"; // Sample output so far: // ------------------------------------------------------------------------------------- // Now let's GCM decrypt... // ------------------------------------------------------------------------------------- $decrypt = new CkCrypt2(); // The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD. // Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor. $decrypt->put_CryptAlgorithm('aes'); $decrypt->put_CipherMode('gcm'); $decrypt->put_KeyLength(256); $decrypt->SetEncodedKey($K,'hex'); $decrypt->SetEncodedAad($AAD,'hex'); $bdFromEncryptor = new CkBinData(); $bdFromEncryptor->AppendEncoded($concatenatedGcmOutput,'base64'); $sz = $bdFromEncryptor->get_NumBytes(); // Extract the parts. $extractedIV = $bdFromEncryptor->getEncodedChunk(0,16,'hex'); $extractedCipherText = $bdFromEncryptor->getEncodedChunk(16,$sz - 32,'base64'); $expectedAuthTag = $bdFromEncryptor->getEncodedChunk($sz - 16,16,'base64'); // Before GCM decrypting, we must set the authenticated tag to the value that is expected. // The decryption will fail if the resulting authenticated tag is not equal to the expected result. $success = $decrypt->SetEncodedAuthTag($expectedAuthTag,'base64'); // Also set the IV. $decrypt->SetEncodedIV($extractedIV,'hex'); // Decrypt.. $decrypt->put_EncodingMode('base64'); $decrypt->put_Charset('utf-8'); $decryptedText = $decrypt->decryptStringENC($extractedCipherText); if ($decrypt->get_LastMethodSuccess() != true) { // Failed. The resultant authenticated tag did not equal the expected authentication tag. print $decrypt->lastErrorText() . "\n"; exit; } print 'Decrypted: ' . $decryptedText . "\n"; ?> |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.