Sample code for 30+ languages & platforms
PHP Extension

Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$crypt = new CkCrypt2();

$crypt->put_CryptAlgorithm('aes');
$crypt->put_CipherMode('gcm');
$crypt->put_KeyLength(256);

$K = '000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F';
$AAD = 'feedfacedeadbeeffeedfacedeadbeefabaddad2';
$PT = 'This is the text to be AES-GCM encrypted.';

// Generate a random IV.
$crypt->RandomizeIV();
$IV = $crypt->getEncodedIV('hex');

$crypt->SetEncodedKey($K,'hex');

$success = $crypt->SetEncodedAad($AAD,'hex');

// Return the encrypted bytes as base64
$crypt->put_EncodingMode('base64');
$crypt->put_Charset('utf-8');
$cipherText = $crypt->encryptStringENC($PT);
if ($crypt->get_LastMethodSuccess() != true) {
    print $crypt->lastErrorText() . "\n";
    exit;
}

// Get the GCM authenticated tag computed when encrypting.
$authTag = $crypt->getEncodedAuthTag('base64');

print 'Cipher Text: ' . $cipherText . "\n";
print 'Auth Tag: ' . $authTag . "\n";

// Let's send the IV, CipherText, and AuthTag to the decrypting party.
// We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
// In base64 format.
$bdEncrypted = new CkBinData();
$bdEncrypted->AppendEncoded($IV,'hex');
$bdEncrypted->AppendEncoded($cipherText,'base64');
$bdEncrypted->AppendEncoded($authTag,'base64');

$concatenatedGcmOutput = $bdEncrypted->getEncoded('base64');
print 'Concatenated GCM Output: ' . $concatenatedGcmOutput . "\n";

// Sample output so far:

// -------------------------------------------------------------------------------------
// Now let's GCM decrypt...
// -------------------------------------------------------------------------------------

$decrypt = new CkCrypt2();

// The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
// Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
$decrypt->put_CryptAlgorithm('aes');
$decrypt->put_CipherMode('gcm');
$decrypt->put_KeyLength(256);
$decrypt->SetEncodedKey($K,'hex');
$decrypt->SetEncodedAad($AAD,'hex');

$bdFromEncryptor = new CkBinData();
$bdFromEncryptor->AppendEncoded($concatenatedGcmOutput,'base64');

$sz = $bdFromEncryptor->get_NumBytes();

// Extract the parts.
$extractedIV = $bdFromEncryptor->getEncodedChunk(0,16,'hex');
$extractedCipherText = $bdFromEncryptor->getEncodedChunk(16,$sz - 32,'base64');
$expectedAuthTag = $bdFromEncryptor->getEncodedChunk($sz - 16,16,'base64');

// Before GCM decrypting, we must set the authenticated tag to the value that is expected.
// The decryption will fail if the resulting authenticated tag is not equal to the expected result.
$success = $decrypt->SetEncodedAuthTag($expectedAuthTag,'base64');

// Also set the IV.
$decrypt->SetEncodedIV($extractedIV,'hex');

// Decrypt..
$decrypt->put_EncodingMode('base64');
$decrypt->put_Charset('utf-8');
$decryptedText = $decrypt->decryptStringENC($extractedCipherText);
if ($decrypt->get_LastMethodSuccess() != true) {
    // Failed.  The resultant authenticated tag did not equal the expected authentication tag.
    print $decrypt->lastErrorText() . "\n";
    exit;
}

print 'Decrypted: ' . $decryptedText . "\n";

?>