|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PowerShell) Example: Crypt2.RandomizeIV methodDemonstrates using a random initialization vector for AES GCM encryption.
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll" # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. $crypt = New-Object Chilkat.Crypt2 $crypt.CryptAlgorithm = "aes" $crypt.CipherMode = "gcm" $crypt.KeyLength = 256 $K = "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F" $AAD = "feedfacedeadbeeffeedfacedeadbeefabaddad2" $PT = "This is the text to be AES-GCM encrypted." # Generate a random IV. $crypt.RandomizeIV() $IV = $crypt.GetEncodedIV("hex") $crypt.SetEncodedKey($K,"hex") $success = $crypt.SetEncodedAad($AAD,"hex") # Return the encrypted bytes as base64 $crypt.EncodingMode = "base64" $crypt.Charset = "utf-8" $cipherText = $crypt.EncryptStringENC($PT) if ($crypt.LastMethodSuccess -ne $true) { $($crypt.LastErrorText) exit } # Get the GCM authenticated tag computed when encrypting. $authTag = $crypt.GetEncodedAuthTag("base64") $("Cipher Text: " + $cipherText) $("Auth Tag: " + $authTag) # Let's send the IV, CipherText, and AuthTag to the decrypting party. # We'll send them concatenated like this: [IV || Ciphertext || AuthTag] # In base64 format. $bdEncrypted = New-Object Chilkat.BinData $bdEncrypted.AppendEncoded($IV,"hex") $bdEncrypted.AppendEncoded($cipherText,"base64") $bdEncrypted.AppendEncoded($authTag,"base64") $concatenatedGcmOutput = $bdEncrypted.GetEncoded("base64") $("Concatenated GCM Output: " + $concatenatedGcmOutput) # Sample output so far: # ------------------------------------------------------------------------------------- # Now let's GCM decrypt... # ------------------------------------------------------------------------------------- $decrypt = New-Object Chilkat.Crypt2 # The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD. # Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor. $decrypt.CryptAlgorithm = "aes" $decrypt.CipherMode = "gcm" $decrypt.KeyLength = 256 $decrypt.SetEncodedKey($K,"hex") $decrypt.SetEncodedAad($AAD,"hex") $bdFromEncryptor = New-Object Chilkat.BinData $bdFromEncryptor.AppendEncoded($concatenatedGcmOutput,"base64") $sz = $bdFromEncryptor.NumBytes # Extract the parts. $extractedIV = $bdFromEncryptor.GetEncodedChunk(0,16,"hex") $extractedCipherText = $bdFromEncryptor.GetEncodedChunk(16,$sz - 32,"base64") $expectedAuthTag = $bdFromEncryptor.GetEncodedChunk($sz - 16,16,"base64") # Before GCM decrypting, we must set the authenticated tag to the value that is expected. # The decryption will fail if the resulting authenticated tag is not equal to the expected result. $success = $decrypt.SetEncodedAuthTag($expectedAuthTag,"base64") # Also set the IV. $decrypt.SetEncodedIV($extractedIV,"hex") # Decrypt.. $decrypt.EncodingMode = "base64" $decrypt.Charset = "utf-8" $decryptedText = $decrypt.DecryptStringENC($extractedCipherText) if ($decrypt.LastMethodSuccess -ne $true) { # Failed. The resultant authenticated tag did not equal the expected authentication tag. $($decrypt.LastErrorText) exit } $("Decrypted: " + $decryptedText) |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.