Sample code for 30+ languages & platforms
Delphi DLL

Duplicate PHP's openssl_encrypt and openssl_random_pseudo_bytes

See more OpenSSL Examples

Demonstrates how to duplicate PHP's openssl_encrypt function. (https://www.php.net/manual/en/function.openssl-encrypt.php)

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, BinData, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
crypt: HCkCrypt2;
text: PWideChar;
passphrase: PWideChar;
ivBase64: PWideChar;
bdKey: HCkBinData;
sz: Integer;
cipherText64: PWideChar;
bd: HCkBinData;
result: PWideChar;
bdResult: HCkBinData;
originalText: PWideChar;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Duplicates thw following PHP script:

// $text = "This is a test";
// $passphrase = "my password";
// $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length("AES-256-CBC"));
// $crypted = base64_encode($iv.openssl_encrypt($text, "AES-256-CBC", $passphrase, OPENSSL_RAW_DATA, $iv));
// echo $crypted;

crypt := CkCrypt2_Create();

text := 'This is a test';
passphrase := 'my password';

// AES is a block cipher.  The IV size for any block cipher is the size of the block, which is defined by the encryption algorithm. 
// For AES, the block size is always 16 bytes, regardless of key size (i.e. 128-bits, 192-bits, or 256-bits).
// Therefore, generate 16 random bytes for the IV.
CkCrypt2_putEncodingMode(crypt,'base64');
ivBase64 := CkCrypt2__genRandomBytesENC(crypt,16);

Memo1.Lines.Add('Generated IV = ' + ivBase64);

// Because we're doing AES-256-CBC, the key length must be 256-bits (i.e. 32 bytes).
// Given that our passphrase is a us-ascii string that can be shorter or longer than 32-bytes, we need to 
// somehow transform the passphrase to a 32-byte secret key.  We need to know what openssl_encrypt does.
// Here's the answer from the openssl_encrypt documentation:
// 
// "If the passphrase is shorter than expected, it is silently padded with NUL characters; 
// if the passphrase is longer than expected, it is silently truncated."

// OK.... so let's pad or shorten to get a 32-byte key.
bdKey := CkBinData_Create();
CkBinData_AppendString(bdKey,passphrase,'utf-8');

sz := CkBinData_getNumBytes(bdKey);
if (sz > 32) then
  begin
    CkBinData_RemoveChunk(bdKey,32,sz - 32);
  end
else
  begin
    CkBinData_Clear(bdKey);
    CkBinData_AppendPadded(bdKey,passphrase,'utf-8',False,32);
  end;

// Setup for encryption.
CkCrypt2_putCryptAlgorithm(crypt,'aes');
CkCrypt2_putKeyLength(crypt,256);
CkCrypt2_SetEncodedIV(crypt,ivBase64,'base64');
CkCrypt2_SetEncodedKey(crypt,CkBinData__getEncoded(bdKey,'base64'),'base64');

// Encrypt and base64 encode.
cipherText64 := CkCrypt2__encryptStringENC(crypt,text);

// The PHP code fragment above returns the base64 encoded bytes of the IV and the encrypted text.
// So let's do that..
bd := CkBinData_Create();
CkBinData_AppendEncoded(bd,ivBase64,'base64');
CkBinData_AppendEncoded(bd,cipherText64,'base64');
result := CkBinData__getEncoded(bd,'base64');

Memo1.Lines.Add('result = ' + result);

// Sample output:
// dN0vS1O0cWi5BbLAAY+NTf7bs3S27xzPf11RkG47sjs=

// Now let's decrypt from the output...

// Setup for decryption.
CkCrypt2_putCryptAlgorithm(crypt,'aes');
CkCrypt2_putKeyLength(crypt,256);
CkCrypt2_SetEncodedKey(crypt,CkBinData__getEncoded(bdKey,'base64'),'base64');

bdResult := CkBinData_Create();
CkBinData_AppendEncoded(bdResult,result,'base64');
CkCrypt2_SetEncodedIV(crypt,CkBinData__getEncodedChunk(bdResult,0,16,'base64'),'base64');

// Remove the IV (first 16 bytes) from the result.
CkBinData_RemoveChunk(bdResult,0,16);
success := CkCrypt2_DecryptBd(crypt,bdResult);
originalText := CkBinData__getString(bdResult,'utf-8');

Memo1.Lines.Add('original text = ' + originalText);

CkCrypt2_Dispose(crypt);
CkBinData_Dispose(bdKey);
CkBinData_Dispose(bd);
CkBinData_Dispose(bdResult);

end;