(Unicode C++) Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat C/C++ Library Downloads
MS Visual C/C++ C++ Builder Linux C/C++ Alpine Linux C/C++	MacOS C/C++ iOS C/C++ Android C/C++ MinGW C/C++

#include <CkCrypt2W.h>
#include <CkBinDataW.h>

void ChilkatSample(void)
    {
    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    CkCrypt2W crypt;

    crypt.put_CryptAlgorithm(L"aes");
    crypt.put_CipherMode(L"gcm");
    crypt.put_KeyLength(256);

    const wchar_t *K = L"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
    const wchar_t *AAD = L"feedfacedeadbeeffeedfacedeadbeefabaddad2";
    const wchar_t *PT = L"This is the text to be AES-GCM encrypted.";

    // Generate a random IV.
    crypt.RandomizeIV();
    const wchar_t *IV = crypt.getEncodedIV(L"hex");

    crypt.SetEncodedKey(K,L"hex");

    bool success = crypt.SetEncodedAad(AAD,L"hex");

    // Return the encrypted bytes as base64
    crypt.put_EncodingMode(L"base64");
    crypt.put_Charset(L"utf-8");
    const wchar_t *cipherText = crypt.encryptStringENC(PT);
    if (crypt.get_LastMethodSuccess() != true) {
        wprintf(L"%s\n",crypt.lastErrorText());
        return;
    }

    // Get the GCM authenticated tag computed when encrypting.
    const wchar_t *authTag = crypt.getEncodedAuthTag(L"base64");

    wprintf(L"Cipher Text: %s\n",cipherText);
    wprintf(L"Auth Tag: %s\n",authTag);

    // Let's send the IV, CipherText, and AuthTag to the decrypting party.
    // We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
    // In base64 format.
    CkBinDataW bdEncrypted;
    bdEncrypted.AppendEncoded(IV,L"hex");
    bdEncrypted.AppendEncoded(cipherText,L"base64");
    bdEncrypted.AppendEncoded(authTag,L"base64");

    const wchar_t *concatenatedGcmOutput = bdEncrypted.getEncoded(L"base64");
    wprintf(L"Concatenated GCM Output: %s\n",concatenatedGcmOutput);

    // Sample output so far:

    // -------------------------------------------------------------------------------------
    // Now let's GCM decrypt...
    // -------------------------------------------------------------------------------------

    CkCrypt2W decrypt;

    // The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
    // Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
    decrypt.put_CryptAlgorithm(L"aes");
    decrypt.put_CipherMode(L"gcm");
    decrypt.put_KeyLength(256);
    decrypt.SetEncodedKey(K,L"hex");
    decrypt.SetEncodedAad(AAD,L"hex");

    CkBinDataW bdFromEncryptor;
    bdFromEncryptor.AppendEncoded(concatenatedGcmOutput,L"base64");

    int sz = bdFromEncryptor.get_NumBytes();

    // Extract the parts.
    const wchar_t *extractedIV = bdFromEncryptor.getEncodedChunk(0,16,L"hex");
    const wchar_t *extractedCipherText = bdFromEncryptor.getEncodedChunk(16,sz - 32,L"base64");
    const wchar_t *expectedAuthTag = bdFromEncryptor.getEncodedChunk(sz - 16,16,L"base64");

    // Before GCM decrypting, we must set the authenticated tag to the value that is expected.
    // The decryption will fail if the resulting authenticated tag is not equal to the expected result.
    success = decrypt.SetEncodedAuthTag(expectedAuthTag,L"base64");

    // Also set the IV.
    decrypt.SetEncodedIV(extractedIV,L"hex");

    // Decrypt..
    decrypt.put_EncodingMode(L"base64");
    decrypt.put_Charset(L"utf-8");
    const wchar_t *decryptedText = decrypt.decryptStringENC(extractedCipherText);
    if (decrypt.get_LastMethodSuccess() != true) {
        // Failed.  The resultant authenticated tag did not equal the expected authentication tag.
        wprintf(L"%s\n",decrypt.lastErrorText());
        return;
    }

    wprintf(L"Decrypted: %s\n",decryptedText);
    }