Sample code for 30+ languages & platforms
SQL Server

Decrypt 256-bit AES GCM Produced by Something Unknown

See more Encryption Examples

Demonstrates how to decrypt something produced elsewhere (unknown) with 256-bit AES GCM.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- We have the following to decrypt:

    -- Key (Base64): 
    DECLARE @keyBase64 nvarchar(4000)
    SELECT @keyBase64 = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

    -- IV (Base64Url):
    DECLARE @ivBase64Url nvarchar(4000)
    SELECT @ivBase64Url = 'xrvaINMLqotAbWRK'

    -- ciphertext (base64url):
    DECLARE @cipherBase64Url nvarchar(4000)
    SELECT @cipherBase64Url = 'RtGNAS-zQOxSB8W0HfqJjCoyt9KgImW_l-HjVC40hOOl-RNfRF3hzDIT1kvFVF8i_KX9XmqAftb6lyq-jLCEc_MSgqt3q1ixv3Ez4SbS3G5e3qGzLwxIMi2sCt00aDNwK2ipsJ4aw8s7ePPnl4oY-y1st9rwCWR0rrgEZwS9jmS4uJWGPn9K3jbKRnMslznDbtFLNJctMVXBTP-cv47JelxLCBOQSlK29rMuEFrhHR_VQrPq6gtZaBVSXZSYT0XOklp7nu9mVhrMCRtBCC5oiu5MPE5JYx4ANo3hUY7_NyQl2bpn9GfRXrdvqRGE-gy2upj-cDkm0t_tV8xmYge9DBQTH3B_4BGl2qTk_o-m7pEmKkS8XSdQhGcuFlykqrkE8SzB5I8esfzWOM0pwxbz0H_VaylKYHY='

    DECLARE @crypt int
    EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OASetProperty @crypt, 'CryptAlgorithm', 'aes'
    EXEC sp_OASetProperty @crypt, 'CipherMode', 'gcm'
    EXEC sp_OASetProperty @crypt, 'KeyLength', 256

    EXEC sp_OAMethod @crypt, 'SetEncodedAad', @success OUT, 'random', 'ascii'
    EXEC sp_OAMethod @crypt, 'SetEncodedKey', NULL, @keyBase64, 'base64'
    EXEC sp_OAMethod @crypt, 'SetEncodedIV', NULL, @ivBase64Url, 'base64url'

    -- The cipher text contains the 16-byte auth tag at the end.
    -- get it separately..
    DECLARE @bdEncrypted int
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdEncrypted OUT

    DECLARE @bdAuthTag int
    EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdAuthTag OUT

    EXEC sp_OAMethod @bdEncrypted, 'AppendEncoded', @success OUT, @cipherBase64Url, 'base64url'

    DECLARE @numBytes int
    EXEC sp_OAGetProperty @bdEncrypted, 'NumBytes', @numBytes OUT
    DECLARE @authTagHex nvarchar(4000)
    EXEC sp_OAMethod @bdEncrypted, 'GetEncodedChunk', @authTagHex OUT, @numBytes - 16, 16, 'hex'


    PRINT 'Auth tag in hex: ' + @authTagHex

    EXEC sp_OAMethod @bdAuthTag, 'AppendEncoded', @success OUT, @authTagHex, 'hex'
    EXEC sp_OAMethod @bdEncrypted, 'RemoveChunk', @success OUT, @numBytes - 16, 16

    -- Use this special value to tell Chilkat to ignore the auth tag.
    EXEC sp_OAMethod @crypt, 'SetEncodedAuthTag', @success OUT, 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF', 'hex'

    -- Decrypt
    EXEC sp_OASetProperty @crypt, 'EncodingMode', 'base64'
    DECLARE @originalText nvarchar(4000)
    EXEC sp_OAMethod @bdEncrypted, 'GetEncoded', @sTmp0 OUT, 'base64'
    EXEC sp_OAMethod @crypt, 'DecryptStringENC', @originalText OUT, @sTmp0
    EXEC sp_OAGetProperty @crypt, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
      END
    ELSE
      BEGIN

        PRINT @originalText

        PRINT 'Success.'
      END

    -- Decrypted text

    EXEC @hr = sp_OADestroy @crypt
    EXEC @hr = sp_OADestroy @bdEncrypted
    EXEC @hr = sp_OADestroy @bdAuthTag


END
GO