PHP Extension
PHP Extension
Example: Crypt2.RandomizeIV method
Demonstrates using a random initialization vector for AES GCM encryption.Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
$crypt = new CkCrypt2();
$crypt->put_CryptAlgorithm('aes');
$crypt->put_CipherMode('gcm');
$crypt->put_KeyLength(256);
$K = '000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F';
$AAD = 'feedfacedeadbeeffeedfacedeadbeefabaddad2';
$PT = 'This is the text to be AES-GCM encrypted.';
// Generate a random IV.
$crypt->RandomizeIV();
$IV = $crypt->getEncodedIV('hex');
$crypt->SetEncodedKey($K,'hex');
$success = $crypt->SetEncodedAad($AAD,'hex');
// Return the encrypted bytes as base64
$crypt->put_EncodingMode('base64');
$crypt->put_Charset('utf-8');
$cipherText = $crypt->encryptStringENC($PT);
if ($crypt->get_LastMethodSuccess() != true) {
print $crypt->lastErrorText() . "\n";
exit;
}
// Get the GCM authenticated tag computed when encrypting.
$authTag = $crypt->getEncodedAuthTag('base64');
print 'Cipher Text: ' . $cipherText . "\n";
print 'Auth Tag: ' . $authTag . "\n";
// Let's send the IV, CipherText, and AuthTag to the decrypting party.
// We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
// In base64 format.
$bdEncrypted = new CkBinData();
$bdEncrypted->AppendEncoded($IV,'hex');
$bdEncrypted->AppendEncoded($cipherText,'base64');
$bdEncrypted->AppendEncoded($authTag,'base64');
$concatenatedGcmOutput = $bdEncrypted->getEncoded('base64');
print 'Concatenated GCM Output: ' . $concatenatedGcmOutput . "\n";
// Sample output so far:
// -------------------------------------------------------------------------------------
// Now let's GCM decrypt...
// -------------------------------------------------------------------------------------
$decrypt = new CkCrypt2();
// The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
// Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
$decrypt->put_CryptAlgorithm('aes');
$decrypt->put_CipherMode('gcm');
$decrypt->put_KeyLength(256);
$decrypt->SetEncodedKey($K,'hex');
$decrypt->SetEncodedAad($AAD,'hex');
$bdFromEncryptor = new CkBinData();
$bdFromEncryptor->AppendEncoded($concatenatedGcmOutput,'base64');
$sz = $bdFromEncryptor->get_NumBytes();
// Extract the parts.
$extractedIV = $bdFromEncryptor->getEncodedChunk(0,16,'hex');
$extractedCipherText = $bdFromEncryptor->getEncodedChunk(16,$sz - 32,'base64');
$expectedAuthTag = $bdFromEncryptor->getEncodedChunk($sz - 16,16,'base64');
// Before GCM decrypting, we must set the authenticated tag to the value that is expected.
// The decryption will fail if the resulting authenticated tag is not equal to the expected result.
$success = $decrypt->SetEncodedAuthTag($expectedAuthTag,'base64');
// Also set the IV.
$decrypt->SetEncodedIV($extractedIV,'hex');
// Decrypt..
$decrypt->put_EncodingMode('base64');
$decrypt->put_Charset('utf-8');
$decryptedText = $decrypt->decryptStringENC($extractedCipherText);
if ($decrypt->get_LastMethodSuccess() != true) {
// Failed. The resultant authenticated tag did not equal the expected authentication tag.
print $decrypt->lastErrorText() . "\n";
exit;
}
print 'Decrypted: ' . $decryptedText . "\n";
?>