C
C
Duplicate PHP's openssl_encrypt and openssl_random_pseudo_bytes
See more OpenSSL Examples
Demonstrates how to duplicate PHP's openssl_encrypt function. (https://www.php.net/manual/en/function.openssl-encrypt.php)Chilkat C Downloads
#include <C_CkCrypt2.h>
#include <C_CkBinData.h>
void ChilkatSample(void)
{
BOOL success;
HCkCrypt2 crypt;
const char *text;
const char *passphrase;
const char *ivBase64;
HCkBinData bdKey;
int sz;
const char *cipherText64;
HCkBinData bd;
const char *result;
HCkBinData bdResult;
const char *originalText;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Duplicates thw following PHP script:
// $text = "This is a test";
// $passphrase = "my password";
// $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length("AES-256-CBC"));
// $crypted = base64_encode($iv.openssl_encrypt($text, "AES-256-CBC", $passphrase, OPENSSL_RAW_DATA, $iv));
// echo $crypted;
crypt = CkCrypt2_Create();
text = "This is a test";
passphrase = "my password";
// AES is a block cipher. The IV size for any block cipher is the size of the block, which is defined by the encryption algorithm.
// For AES, the block size is always 16 bytes, regardless of key size (i.e. 128-bits, 192-bits, or 256-bits).
// Therefore, generate 16 random bytes for the IV.
CkCrypt2_putEncodingMode(crypt,"base64");
ivBase64 = CkCrypt2_genRandomBytesENC(crypt,16);
printf("Generated IV = %s\n",ivBase64);
// Because we're doing AES-256-CBC, the key length must be 256-bits (i.e. 32 bytes).
// Given that our passphrase is a us-ascii string that can be shorter or longer than 32-bytes, we need to
// somehow transform the passphrase to a 32-byte secret key. We need to know what openssl_encrypt does.
// Here's the answer from the openssl_encrypt documentation:
//
// "If the passphrase is shorter than expected, it is silently padded with NUL characters;
// if the passphrase is longer than expected, it is silently truncated."
// OK.... so let's pad or shorten to get a 32-byte key.
bdKey = CkBinData_Create();
CkBinData_AppendString(bdKey,passphrase,"utf-8");
sz = CkBinData_getNumBytes(bdKey);
if (sz > 32) {
CkBinData_RemoveChunk(bdKey,32,sz - 32);
}
else {
CkBinData_Clear(bdKey);
CkBinData_AppendPadded(bdKey,passphrase,"utf-8",FALSE,32);
}
// Setup for encryption.
CkCrypt2_putCryptAlgorithm(crypt,"aes");
CkCrypt2_putKeyLength(crypt,256);
CkCrypt2_SetEncodedIV(crypt,ivBase64,"base64");
CkCrypt2_SetEncodedKey(crypt,CkBinData_getEncoded(bdKey,"base64"),"base64");
// Encrypt and base64 encode.
cipherText64 = CkCrypt2_encryptStringENC(crypt,text);
// The PHP code fragment above returns the base64 encoded bytes of the IV and the encrypted text.
// So let's do that..
bd = CkBinData_Create();
CkBinData_AppendEncoded(bd,ivBase64,"base64");
CkBinData_AppendEncoded(bd,cipherText64,"base64");
result = CkBinData_getEncoded(bd,"base64");
printf("result = %s\n",result);
// Sample output:
// dN0vS1O0cWi5BbLAAY+NTf7bs3S27xzPf11RkG47sjs=
// Now let's decrypt from the output...
// Setup for decryption.
CkCrypt2_putCryptAlgorithm(crypt,"aes");
CkCrypt2_putKeyLength(crypt,256);
CkCrypt2_SetEncodedKey(crypt,CkBinData_getEncoded(bdKey,"base64"),"base64");
bdResult = CkBinData_Create();
CkBinData_AppendEncoded(bdResult,result,"base64");
CkCrypt2_SetEncodedIV(crypt,CkBinData_getEncodedChunk(bdResult,0,16,"base64"),"base64");
// Remove the IV (first 16 bytes) from the result.
CkBinData_RemoveChunk(bdResult,0,16);
success = CkCrypt2_DecryptBd(crypt,bdResult);
originalText = CkBinData_getString(bdResult,"utf-8");
printf("original text = %s\n",originalText);
CkCrypt2_Dispose(crypt);
CkBinData_Dispose(bdKey);
CkBinData_Dispose(bd);
CkBinData_Dispose(bdResult);
}