Sample code for 30+ languages & platforms
Unicode C++

Example: Crypt2.RandomizeIV method

Demonstrates using a random initialization vector for AES GCM encryption.

Chilkat Unicode C++ Downloads

Unicode C++
#include <CkCrypt2W.h>
#include <CkBinDataW.h>

void ChilkatSample(void)
    {
    bool success = false;

    //  This example assumes the Chilkat API to have been previously unlocked.
    //  See Global Unlock Sample for sample code.

    CkCrypt2W crypt;

    crypt.put_CryptAlgorithm(L"aes");
    crypt.put_CipherMode(L"gcm");
    crypt.put_KeyLength(256);

    const wchar_t *K = L"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
    const wchar_t *AAD = L"feedfacedeadbeeffeedfacedeadbeefabaddad2";
    const wchar_t *PT = L"This is the text to be AES-GCM encrypted.";

    //  Generate a random IV.
    crypt.RandomizeIV();
    const wchar_t *IV = crypt.getEncodedIV(L"hex");

    crypt.SetEncodedKey(K,L"hex");

    success = crypt.SetEncodedAad(AAD,L"hex");

    //  Return the encrypted bytes as base64
    crypt.put_EncodingMode(L"base64");
    crypt.put_Charset(L"utf-8");
    const wchar_t *cipherText = crypt.encryptStringENC(PT);
    if (crypt.get_LastMethodSuccess() != true) {
        wprintf(L"%s\n",crypt.lastErrorText());
        return;
    }

    //  Get the GCM authenticated tag computed when encrypting.
    const wchar_t *authTag = crypt.getEncodedAuthTag(L"base64");

    wprintf(L"Cipher Text: %s\n",cipherText);
    wprintf(L"Auth Tag: %s\n",authTag);

    //  Let's send the IV, CipherText, and AuthTag to the decrypting party.
    //  We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
    //  In base64 format.
    CkBinDataW bdEncrypted;
    bdEncrypted.AppendEncoded(IV,L"hex");
    bdEncrypted.AppendEncoded(cipherText,L"base64");
    bdEncrypted.AppendEncoded(authTag,L"base64");

    const wchar_t *concatenatedGcmOutput = bdEncrypted.getEncoded(L"base64");
    wprintf(L"Concatenated GCM Output: %s\n",concatenatedGcmOutput);

    //  Sample output so far:

    //  -------------------------------------------------------------------------------------
    //  Now let's GCM decrypt...
    //  -------------------------------------------------------------------------------------

    CkCrypt2W decrypt;

    //  The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
    //  Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
    decrypt.put_CryptAlgorithm(L"aes");
    decrypt.put_CipherMode(L"gcm");
    decrypt.put_KeyLength(256);
    decrypt.SetEncodedKey(K,L"hex");
    decrypt.SetEncodedAad(AAD,L"hex");

    CkBinDataW bdFromEncryptor;
    bdFromEncryptor.AppendEncoded(concatenatedGcmOutput,L"base64");

    int sz = bdFromEncryptor.get_NumBytes();

    //  Extract the parts.
    const wchar_t *extractedIV = bdFromEncryptor.getEncodedChunk(0,16,L"hex");
    const wchar_t *extractedCipherText = bdFromEncryptor.getEncodedChunk(16,sz - 32,L"base64");
    const wchar_t *expectedAuthTag = bdFromEncryptor.getEncodedChunk(sz - 16,16,L"base64");

    //  Before GCM decrypting, we must set the authenticated tag to the value that is expected.
    //  The decryption will fail if the resulting authenticated tag is not equal to the expected result.
    success = decrypt.SetEncodedAuthTag(expectedAuthTag,L"base64");

    //  Also set the IV.
    decrypt.SetEncodedIV(extractedIV,L"hex");

    //  Decrypt..
    decrypt.put_EncodingMode(L"base64");
    decrypt.put_Charset(L"utf-8");
    const wchar_t *decryptedText = decrypt.decryptStringENC(extractedCipherText);
    if (decrypt.get_LastMethodSuccess() != true) {
        //  Failed.  The resultant authenticated tag did not equal the expected authentication tag.
        wprintf(L"%s\n",decrypt.lastErrorText());
        return;
    }

    wprintf(L"Decrypted: %s\n",decryptedText);
    }