SQL Server
SQL Server
Decrypt 256-bit AES GCM Produced by Something Unknown
See more Encryption Examples
Demonstrates how to decrypt something produced elsewhere (unknown) with 256-bit AES GCM.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example assumes the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- We have the following to decrypt:
-- Key (Base64):
DECLARE @keyBase64 nvarchar(4000)
SELECT @keyBase64 = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
-- IV (Base64Url):
DECLARE @ivBase64Url nvarchar(4000)
SELECT @ivBase64Url = 'xrvaINMLqotAbWRK'
-- ciphertext (base64url):
DECLARE @cipherBase64Url nvarchar(4000)
SELECT @cipherBase64Url = 'RtGNAS-zQOxSB8W0HfqJjCoyt9KgImW_l-HjVC40hOOl-RNfRF3hzDIT1kvFVF8i_KX9XmqAftb6lyq-jLCEc_MSgqt3q1ixv3Ez4SbS3G5e3qGzLwxIMi2sCt00aDNwK2ipsJ4aw8s7ePPnl4oY-y1st9rwCWR0rrgEZwS9jmS4uJWGPn9K3jbKRnMslznDbtFLNJctMVXBTP-cv47JelxLCBOQSlK29rMuEFrhHR_VQrPq6gtZaBVSXZSYT0XOklp7nu9mVhrMCRtBCC5oiu5MPE5JYx4ANo3hUY7_NyQl2bpn9GfRXrdvqRGE-gy2upj-cDkm0t_tV8xmYge9DBQTH3B_4BGl2qTk_o-m7pEmKkS8XSdQhGcuFlykqrkE8SzB5I8esfzWOM0pwxbz0H_VaylKYHY='
DECLARE @crypt int
EXEC @hr = sp_OACreate 'Chilkat.Crypt2', @crypt OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OASetProperty @crypt, 'CryptAlgorithm', 'aes'
EXEC sp_OASetProperty @crypt, 'CipherMode', 'gcm'
EXEC sp_OASetProperty @crypt, 'KeyLength', 256
EXEC sp_OAMethod @crypt, 'SetEncodedAad', @success OUT, 'random', 'ascii'
EXEC sp_OAMethod @crypt, 'SetEncodedKey', NULL, @keyBase64, 'base64'
EXEC sp_OAMethod @crypt, 'SetEncodedIV', NULL, @ivBase64Url, 'base64url'
-- The cipher text contains the 16-byte auth tag at the end.
-- get it separately..
DECLARE @bdEncrypted int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdEncrypted OUT
DECLARE @bdAuthTag int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdAuthTag OUT
EXEC sp_OAMethod @bdEncrypted, 'AppendEncoded', @success OUT, @cipherBase64Url, 'base64url'
DECLARE @numBytes int
EXEC sp_OAGetProperty @bdEncrypted, 'NumBytes', @numBytes OUT
DECLARE @authTagHex nvarchar(4000)
EXEC sp_OAMethod @bdEncrypted, 'GetEncodedChunk', @authTagHex OUT, @numBytes - 16, 16, 'hex'
PRINT 'Auth tag in hex: ' + @authTagHex
EXEC sp_OAMethod @bdAuthTag, 'AppendEncoded', @success OUT, @authTagHex, 'hex'
EXEC sp_OAMethod @bdEncrypted, 'RemoveChunk', @success OUT, @numBytes - 16, 16
-- Use this special value to tell Chilkat to ignore the auth tag.
EXEC sp_OAMethod @crypt, 'SetEncodedAuthTag', @success OUT, 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF', 'hex'
-- Decrypt
EXEC sp_OASetProperty @crypt, 'EncodingMode', 'base64'
DECLARE @originalText nvarchar(4000)
EXEC sp_OAMethod @bdEncrypted, 'GetEncoded', @sTmp0 OUT, 'base64'
EXEC sp_OAMethod @crypt, 'DecryptStringENC', @originalText OUT, @sTmp0
EXEC sp_OAGetProperty @crypt, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @crypt, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
END
ELSE
BEGIN
PRINT @originalText
PRINT 'Success.'
END
-- Decrypted text
EXEC @hr = sp_OADestroy @crypt
EXEC @hr = sp_OADestroy @bdEncrypted
EXEC @hr = sp_OADestroy @bdAuthTag
END
GO