(C) AES 256-bit CBC using PBKDF2 Generated Secret Key

See more Encryption Examples

First generates a 32-byte secret key using PBKDF2 (with HMAC-SHA256), and then uses the secret key to do 256-bit AES CBC mode decryption.

(Duplicates the following Java code)

public String decrypt(String strToDecrypt) {
        try  {
            // Read the initialization vector from the first bytes for the data
            byte [] rawData = Base64.getDecoder().decode(strToDecrypt);
            byte [] iv = new byte[Config.get().encryptionIVLength()];
            byte [] encryptedData = new byte[rawData.length - iv.length];
            System.arraycopy(rawData, 0, iv, 0, iv.length);
            System.arraycopy(rawData, iv.length, encryptedData, 0, encryptedData.length);
 
            IvParameterSpec ivspec = new IvParameterSpec(iv);
 
            SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
            KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
            SecretKey tmp = factory.generateSecret(spec);
            SecretKeySpec secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
 
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
            cipher.init(Cipher.DECRYPT_MODE, secretKey, ivspec);
            return new String(cipher.doFinal(encryptedData));
        }
        catch (Exception e) {
            log.error("Could not decrypt the string.", e);
        }
        return null;
    }

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkCrypt2.h>

void ChilkatSample(void)
    {
    HCkCrypt2 crypt;
    const char *password;
    const char *saltHex;
    int iterationCount;
    int outputKeyBitLen;
    const char *secretKeyHex;
    const char *iv;
    const char *strToDecrypt;
    const char *decryptedStr;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    crypt = CkCrypt2_Create();

    password = "some arbitrary length password";
    // We have 8 bytes of salt encoded using hex.
    // (The salt can be any number of bytes, in any desired encoding such as base64, hex, etc.)
    saltHex = "0102030405060708";

    // Generate the 256-bit (32-byte) AES secret key we'll use to decrypt.
    iterationCount = 65536;
    outputKeyBitLen = 256;
    secretKeyHex = CkCrypt2_pbkdf2(crypt,password,"utf-8","sha256",saltHex,iterationCount,outputKeyBitLen,"hex");

    // Setup for 256-bit AES CBC decryption.
    CkCrypt2_putCryptAlgorithm(crypt,"aes");
    CkCrypt2_putKeyLength(crypt,256);
    CkCrypt2_putCipherMode(crypt,"cbc");
    CkCrypt2_putPaddingScheme(crypt,0);

    // The IV for AES is 16 bytes.
    iv = "000102030405060708090A0B0C0D0E0F";
    CkCrypt2_SetEncodedIV(crypt,iv,"hex");

    // Set the secret key for 256-bit AES.
    CkCrypt2_SetEncodedKey(crypt,secretKeyHex,"hex");

    // AES decrypt
    // assume our string to decrypt is base64
    strToDecrypt = "....";
    CkCrypt2_putEncodingMode(crypt,"base64");
    decryptedStr = CkCrypt2_decryptStringENC(crypt,strToDecrypt);

    printf("%s\n",decryptedStr);


    CkCrypt2_Dispose(crypt);

    }