C
C
Duplicate SQL Server ENCRYPTBYPASSPHRASE
See more Encryption Examples
Demonstrates how to duplicate SQL Server's ENCRYPTBYPASSPHRASE.Chilkat C Downloads
#include <C_CkStringBuilder.h>
#include <C_CkCrypt2.h>
#include <C_CkBinData.h>
#include <C_CkPrng.h>
void ChilkatSample(void)
{
const char *password;
const char *encryptedHex_v1;
const char *encryptedHex_v2;
HCkStringBuilder sbEncHex;
HCkCrypt2 crypt;
BOOL v1;
int ivLen;
const char *hashAlg;
const char *ivHex;
HCkStringBuilder sbPassword;
const char *pwd_hash;
HCkStringBuilder sbKey;
HCkBinData bd;
const char *plainText;
HCkCrypt2 encryptor;
HCkPrng prng;
int plainTextLen;
HCkBinData bdData;
HCkStringBuilder sbEnc;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// For SQL Server 2008 - SQL Server 2016 we must use TripleDES with SHA1
// For SQL Server 2017 and later, use AES256 / SHA256.
password = "tEst1234";
encryptedHex_v1 = "0x010000001E8E7DCDBD4061B951999E25D18445D2305474D2D71EEE98A241C755246F58AB";
// Here's an encrypted string using AES256/SHA256
encryptedHex_v2 = "0x02000000FFE880C0354780481E64EF25B6197A02E2A854A4BA9D8D9BDDFDAB27EB56537ABDA0B1D9C4D1050C91B313550DECF429";
sbEncHex = CkStringBuilder_Create();
CkStringBuilder_Append(sbEncHex,encryptedHex_v1);
// If present, we don't want the leading "0x"
if (CkStringBuilder_StartsWith(sbEncHex,"0x",FALSE) == TRUE) {
CkStringBuilder_RemoveCharsAt(sbEncHex,0,2);
}
crypt = CkCrypt2_Create();
CkCrypt2_putEncodingMode(crypt,"hex");
// The encrypted hex string will begin with either 01000000 or 02000000
// version 1 is produced by SQL Server 2008 to SQL Server 2016, and we must use TripleDES with SHA1
// version 2 is for SQL Server 2017 and later, and uses AES256 / SHA256.
v1 = CkStringBuilder_StartsWith(sbEncHex,"01",FALSE);
ivLen = 0;
if (v1 == TRUE) {
CkCrypt2_putCryptAlgorithm(crypt,"3des");
CkCrypt2_putCipherMode(crypt,"cbc");
CkCrypt2_putKeyLength(crypt,168);
ivLen = 8;
hashAlg = "sha1";
}
else {
CkCrypt2_putCryptAlgorithm(crypt,"aes");
CkCrypt2_putCipherMode(crypt,"cbc");
CkCrypt2_putKeyLength(crypt,256);
ivLen = 16;
hashAlg = "sha256";
}
// Remove the SQL Server version info (i.e. the "01000000")
CkStringBuilder_RemoveCharsAt(sbEncHex,0,8);
// Get the IV part of the sbEncHex, and also remove it from the StringBuilder.
ivHex = CkStringBuilder_getRange(sbEncHex,0,ivLen * 2,TRUE);
printf("IV = %s\n",ivHex);
CkCrypt2_SetEncodedIV(crypt,ivHex,"hex");
sbPassword = CkStringBuilder_Create();
CkStringBuilder_Append(sbPassword,password);
pwd_hash = CkStringBuilder_getHash(sbPassword,hashAlg,"hex","utf-16");
sbKey = CkStringBuilder_Create();
CkStringBuilder_Append(sbKey,pwd_hash);
if (v1 == TRUE) {
// For v1, we only want the 1st 16 bytes of the 20 byte hash.
// (remember, the hex encoding uses 2 chars per byte, so we remove the last 8 chars)
CkStringBuilder_Shorten(sbKey,8);
}
printf("crypt key: %s\n",CkStringBuilder_getAsString(sbKey));
CkCrypt2_SetEncodedKey(crypt,CkStringBuilder_getAsString(sbKey),"hex");
// Decrypt
bd = CkBinData_Create();
CkBinData_AppendEncoded(bd,CkStringBuilder_getAsString(sbEncHex),"hex");
CkCrypt2_DecryptBd(crypt,bd);
// The result is composed of a header of 8 bytes which we can discard.
// The remainder is the decrypted text.
// The header we are discarding is composed of:
// Bytes 0-3: Magic number equal to 0DF0ADBA
// Bytes 4-5: Number of integrity bytes, which is 0 unless an authenticator is used. We're assuming no authenticator is used.
// Bytes 6-7: Number of plain-text bytes. We really don't need this because the CBC padding takes care of it.
// Therefore, just return the data after the 1st 8 bytes.
// Assuming the encrypted string was utf-8 text...
CkBinData_RemoveChunk(bd,0,8);
plainText = CkBinData_getString(bd,"utf-8");
printf("decrypted plain text: %s\n",plainText);
// The output:
// IV = 1E8E7DCDBD4061B9
// crypt key: 710B9C2E61ACCC9570D4112203BD9738
// decrypted plain text: Hello world.
// ------------------------------------------------------------------------------------------
// To encrypt, do the reverse...
// Let's do v1 with TripleDES with SHA1
encryptor = CkCrypt2_Create();
CkCrypt2_putEncodingMode(encryptor,"hex");
CkCrypt2_putCryptAlgorithm(encryptor,"3des");
CkCrypt2_putCipherMode(encryptor,"cbc");
CkCrypt2_putKeyLength(encryptor,168);
// Generate a random 8-byte IV
prng = CkPrng_Create();
ivHex = CkPrng_genRandom(prng,8,"hex");
CkCrypt2_SetEncodedIV(encryptor,ivHex,"hex");
// The binary password is generated the same as above.
// We'll use the same password (and same binary password)
CkCrypt2_SetEncodedKey(encryptor,CkStringBuilder_getAsString(sbKey),"hex");
plainTextLen = 8;
plainText = "ABCD1234";
// Encrypt the header + the plain-text.
bdData = CkBinData_Create();
CkBinData_AppendEncoded(bdData,"0DF0ADBA","hex");
CkBinData_AppendEncoded(bdData,"0000","hex");
CkBinData_AppendInt2(bdData,plainTextLen,TRUE);
printf("header: %s\n",CkBinData_getEncoded(bdData,"hex"));
CkBinData_AppendString(bdData,plainText,"utf-8");
CkCrypt2_EncryptBd(encryptor,bdData);
// Compose the result..
sbEnc = CkStringBuilder_Create();
CkStringBuilder_Append(sbEnc,"0x01000000");
CkStringBuilder_Append(sbEnc,ivHex);
CkStringBuilder_Append(sbEnc,CkBinData_getEncoded(bdData,"hex"));
printf("result: %s\n",CkStringBuilder_getAsString(sbEnc));
CkStringBuilder_Dispose(sbEncHex);
CkCrypt2_Dispose(crypt);
CkStringBuilder_Dispose(sbPassword);
CkStringBuilder_Dispose(sbKey);
CkBinData_Dispose(bd);
CkCrypt2_Dispose(encryptor);
CkPrng_Dispose(prng);
CkBinData_Dispose(bdData);
CkStringBuilder_Dispose(sbEnc);
}