Sample code for 30+ languages & platforms
PowerShell

Decrypt 256-bit AES GCM Produced by Something Unknown

See more Encryption Examples

Demonstrates how to decrypt something produced elsewhere (unknown) with 256-bit AES GCM.

Chilkat PowerShell Downloads

PowerShell
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"

$success = $false

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# We have the following to decrypt:

# Key (Base64): 
$keyBase64 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# IV (Base64Url):
$ivBase64Url = "xrvaINMLqotAbWRK"

# ciphertext (base64url):
$cipherBase64Url = "RtGNAS-zQOxSB8W0HfqJjCoyt9KgImW_l-HjVC40hOOl-RNfRF3hzDIT1kvFVF8i_KX9XmqAftb6lyq-jLCEc_MSgqt3q1ixv3Ez4SbS3G5e3qGzLwxIMi2sCt00aDNwK2ipsJ4aw8s7ePPnl4oY-y1st9rwCWR0rrgEZwS9jmS4uJWGPn9K3jbKRnMslznDbtFLNJctMVXBTP-cv47JelxLCBOQSlK29rMuEFrhHR_VQrPq6gtZaBVSXZSYT0XOklp7nu9mVhrMCRtBCC5oiu5MPE5JYx4ANo3hUY7_NyQl2bpn9GfRXrdvqRGE-gy2upj-cDkm0t_tV8xmYge9DBQTH3B_4BGl2qTk_o-m7pEmKkS8XSdQhGcuFlykqrkE8SzB5I8esfzWOM0pwxbz0H_VaylKYHY="

$crypt = New-Object Chilkat.Crypt2

$crypt.CryptAlgorithm = "aes"
$crypt.CipherMode = "gcm"
$crypt.KeyLength = 256

$success = $crypt.SetEncodedAad("random","ascii")
$crypt.SetEncodedKey($keyBase64,"base64")
$crypt.SetEncodedIV($ivBase64Url,"base64url")

# The cipher text contains the 16-byte auth tag at the end.
# get it separately..
$bdEncrypted = New-Object Chilkat.BinData
$bdAuthTag = New-Object Chilkat.BinData
$success = $bdEncrypted.AppendEncoded($cipherBase64Url,"base64url")

$numBytes = $bdEncrypted.NumBytes
$authTagHex = $bdEncrypted.GetEncodedChunk($numBytes - 16,16,"hex")

$("Auth tag in hex: " + $authTagHex)

$success = $bdAuthTag.AppendEncoded($authTagHex,"hex")
$bdEncrypted.RemoveChunk($numBytes - 16,16)

# Use this special value to tell Chilkat to ignore the auth tag.
$success = $crypt.SetEncodedAuthTag("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF","hex")

# Decrypt
$crypt.EncodingMode = "base64"
$originalText = $crypt.DecryptStringENC($bdEncrypted.GetEncoded("base64"))
if ($crypt.LastMethodSuccess -eq $false) {
    $($crypt.LastErrorText)
}
else {
    $($originalText)
    $("Success.")
}

# Decrypted text