Unicode C++
Unicode C++
Example: Crypt2.RandomizeIV method
Demonstrates using a random initialization vector for AES GCM encryption.Chilkat Unicode C++ Downloads
#include <CkCrypt2W.h>
#include <CkBinDataW.h>
void ChilkatSample(void)
{
bool success = false;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
CkCrypt2W crypt;
crypt.put_CryptAlgorithm(L"aes");
crypt.put_CipherMode(L"gcm");
crypt.put_KeyLength(256);
const wchar_t *K = L"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F";
const wchar_t *AAD = L"feedfacedeadbeeffeedfacedeadbeefabaddad2";
const wchar_t *PT = L"This is the text to be AES-GCM encrypted.";
// Generate a random IV.
crypt.RandomizeIV();
const wchar_t *IV = crypt.getEncodedIV(L"hex");
crypt.SetEncodedKey(K,L"hex");
success = crypt.SetEncodedAad(AAD,L"hex");
// Return the encrypted bytes as base64
crypt.put_EncodingMode(L"base64");
crypt.put_Charset(L"utf-8");
const wchar_t *cipherText = crypt.encryptStringENC(PT);
if (crypt.get_LastMethodSuccess() != true) {
wprintf(L"%s\n",crypt.lastErrorText());
return;
}
// Get the GCM authenticated tag computed when encrypting.
const wchar_t *authTag = crypt.getEncodedAuthTag(L"base64");
wprintf(L"Cipher Text: %s\n",cipherText);
wprintf(L"Auth Tag: %s\n",authTag);
// Let's send the IV, CipherText, and AuthTag to the decrypting party.
// We'll send them concatenated like this: [IV || Ciphertext || AuthTag]
// In base64 format.
CkBinDataW bdEncrypted;
bdEncrypted.AppendEncoded(IV,L"hex");
bdEncrypted.AppendEncoded(cipherText,L"base64");
bdEncrypted.AppendEncoded(authTag,L"base64");
const wchar_t *concatenatedGcmOutput = bdEncrypted.getEncoded(L"base64");
wprintf(L"Concatenated GCM Output: %s\n",concatenatedGcmOutput);
// Sample output so far:
// -------------------------------------------------------------------------------------
// Now let's GCM decrypt...
// -------------------------------------------------------------------------------------
CkCrypt2W decrypt;
// The values shared and agreed upon by both sides beforehand are: algorithm, cipher mode, secret key, and AAD.
// Sometimes the IV can be a value already known and agreed upon, but in this case the encryptor sends the IV to the decryptor.
decrypt.put_CryptAlgorithm(L"aes");
decrypt.put_CipherMode(L"gcm");
decrypt.put_KeyLength(256);
decrypt.SetEncodedKey(K,L"hex");
decrypt.SetEncodedAad(AAD,L"hex");
CkBinDataW bdFromEncryptor;
bdFromEncryptor.AppendEncoded(concatenatedGcmOutput,L"base64");
int sz = bdFromEncryptor.get_NumBytes();
// Extract the parts.
const wchar_t *extractedIV = bdFromEncryptor.getEncodedChunk(0,16,L"hex");
const wchar_t *extractedCipherText = bdFromEncryptor.getEncodedChunk(16,sz - 32,L"base64");
const wchar_t *expectedAuthTag = bdFromEncryptor.getEncodedChunk(sz - 16,16,L"base64");
// Before GCM decrypting, we must set the authenticated tag to the value that is expected.
// The decryption will fail if the resulting authenticated tag is not equal to the expected result.
success = decrypt.SetEncodedAuthTag(expectedAuthTag,L"base64");
// Also set the IV.
decrypt.SetEncodedIV(extractedIV,L"hex");
// Decrypt..
decrypt.put_EncodingMode(L"base64");
decrypt.put_Charset(L"utf-8");
const wchar_t *decryptedText = decrypt.decryptStringENC(extractedCipherText);
if (decrypt.get_LastMethodSuccess() != true) {
// Failed. The resultant authenticated tag did not equal the expected authentication tag.
wprintf(L"%s\n",decrypt.lastErrorText());
return;
}
wprintf(L"Decrypted: %s\n",decryptedText);
}