Sample code for 30+ languages & platforms
Android™

Duplicate SQL Server ENCRYPTBYPASSPHRASE

See more Encryption Examples

Demonstrates how to duplicate SQL Server's ENCRYPTBYPASSPHRASE.

Chilkat Android™ Downloads

Android™
// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // For SQL Server 2008 - SQL Server 2016 we must use TripleDES with SHA1
    // For SQL Server 2017 and later, use AES256 / SHA256.

    String password = "tEst1234";
    String encryptedHex_v1 = "0x010000001E8E7DCDBD4061B951999E25D18445D2305474D2D71EEE98A241C755246F58AB";

    // Here's an encrypted string using AES256/SHA256
    String encryptedHex_v2 = "0x02000000FFE880C0354780481E64EF25B6197A02E2A854A4BA9D8D9BDDFDAB27EB56537ABDA0B1D9C4D1050C91B313550DECF429";

    CkStringBuilder sbEncHex = new CkStringBuilder();
    sbEncHex.Append(encryptedHex_v1);

    // If present, we don't want the leading "0x"
    if (sbEncHex.StartsWith("0x",false) == true) {
        sbEncHex.RemoveCharsAt(0,2);
        }

    CkCrypt2 crypt = new CkCrypt2();
    crypt.put_EncodingMode("hex");

    // The encrypted hex string will begin with either 01000000 or 02000000
    // version 1 is produced by SQL Server 2008 to SQL Server 2016, and we must use TripleDES with SHA1
    // version 2 is for SQL Server 2017 and later, and uses AES256 / SHA256.
    boolean v1 = sbEncHex.StartsWith("01",false);

    int ivLen = 0;
    String hashAlg;

    if (v1 == true) {
        crypt.put_CryptAlgorithm("3des");
        crypt.put_CipherMode("cbc");
        crypt.put_KeyLength(168);
        ivLen = 8;
        hashAlg = "sha1";
        }
    else {
        crypt.put_CryptAlgorithm("aes");
        crypt.put_CipherMode("cbc");
        crypt.put_KeyLength(256);
        ivLen = 16;
        hashAlg = "sha256";
        }

    // Remove the SQL Server version info (i.e. the "01000000")
    sbEncHex.RemoveCharsAt(0,8);

    // Get the IV part of the sbEncHex, and also remove it from the StringBuilder.
    String ivHex = sbEncHex.getRange(0,ivLen * 2,true);
    Log.i(TAG, "IV = " + ivHex);
    crypt.SetEncodedIV(ivHex,"hex");

    CkStringBuilder sbPassword = new CkStringBuilder();
    sbPassword.Append(password);
    String pwd_hash = sbPassword.getHash(hashAlg,"hex","utf-16");
    CkStringBuilder sbKey = new CkStringBuilder();
    sbKey.Append(pwd_hash);
    if (v1 == true) {
        // For v1, we only want the 1st 16 bytes of the 20 byte hash.
        // (remember, the hex encoding uses 2 chars per byte, so we remove the last 8 chars)
        sbKey.Shorten(8);
        }

    Log.i(TAG, "crypt key: " + sbKey.getAsString());

    crypt.SetEncodedKey(sbKey.getAsString(),"hex");

    // Decrypt
    CkBinData bd = new CkBinData();
    bd.AppendEncoded(sbEncHex.getAsString(),"hex");
    crypt.DecryptBd(bd);

    // The result is composed of a header of 8 bytes which we can discard.
    // The remainder is the decrypted text.

    // The header we are discarding is composed of:
    // Bytes 0-3: Magic number equal to 0DF0ADBA
    // Bytes 4-5: Number of integrity bytes, which is 0 unless an authenticator is used. We're assuming no authenticator is used.
    // Bytes 6-7: Number of plain-text bytes. We really don't need this because the CBC padding takes care of it.

    // Therefore, just return the data after the 1st 8 bytes.
    // Assuming the encrypted string was utf-8 text...
    bd.RemoveChunk(0,8);
    String plainText = bd.getString("utf-8");
    Log.i(TAG, "decrypted plain text: " + plainText);

    // The output:

    // IV = 1E8E7DCDBD4061B9
    // crypt key: 710B9C2E61ACCC9570D4112203BD9738
    // decrypted plain text: Hello world.

    // ------------------------------------------------------------------------------------------
    // To encrypt, do the reverse...

    // Let's do v1 with TripleDES with SHA1

    CkCrypt2 encryptor = new CkCrypt2();
    encryptor.put_EncodingMode("hex");

    encryptor.put_CryptAlgorithm("3des");
    encryptor.put_CipherMode("cbc");
    encryptor.put_KeyLength(168);

    // Generate a random 8-byte IV
    CkPrng prng = new CkPrng();
    ivHex = prng.genRandom(8,"hex");
    encryptor.SetEncodedIV(ivHex,"hex");

    // The binary password is generated the same as above.
    // We'll use the same password (and same binary password)
    encryptor.SetEncodedKey(sbKey.getAsString(),"hex");

    int plainTextLen = 8;
    plainText = "ABCD1234";

    // Encrypt the header + the plain-text.
    CkBinData bdData = new CkBinData();
    bdData.AppendEncoded("0DF0ADBA","hex");
    bdData.AppendEncoded("0000","hex");
    bdData.AppendInt2(plainTextLen,true);
    Log.i(TAG, "header: " + bdData.getEncoded("hex"));
    bdData.AppendString(plainText,"utf-8");
    encryptor.EncryptBd(bdData);

    // Compose the result..
    CkStringBuilder sbEnc = new CkStringBuilder();
    sbEnc.Append("0x01000000");
    sbEnc.Append(ivHex);
    sbEnc.Append(bdData.getEncoded("hex"));

    Log.i(TAG, "result: " + sbEnc.getAsString());

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}