(C) RSAES-OAEP Encrypt/Decrypt Binary Data with AES-128 and SHA56

Demonstrates the use of the new EncryptBd and DecryptBd methods introduced in Chilkat v9.5.0.67 to create a PKCS7/CMS (Cryptographic Message Syntax) message using RSAES-OAEP with AES-128 and SHA256.

Note: This example requires Chilkat v9.5.0.67 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkBinData.h>
#include <C_CkCrypt2.h>
#include <C_CkCert.h>

void ChilkatSample(void)
    {
    HCkBinData jpgBytes;
    BOOL success;
    HCkCrypt2 crypt;
    HCkCert cert;

    // This example requires the Chilkat Crypt API to have been previously unlocked.
    // See Unlock Chilkat Crypt for sample code.

    // Load a small JPG file to be encrypted/decrypted.
    jpgBytes = CkBinData_Create();
    success = CkBinData_LoadFile(jpgBytes,"qa_data/jpg/starfish20.jpg");
    if (success != TRUE) {
        printf("Failed to load JPG file.\n");
        CkBinData_Dispose(jpgBytes);
        return;
    }

    // Show the unencrypted JPG bytes in Base64 format.
    // (The "base64_mime" encoding was added in Chilkat v9.5.0.67.
    // The "base64" encoding emits a single line of base64, whereas
    // "base64_mime" will emit multi-line base64 as it would appear
    // in MIME.)
    printf("%s\n",CkBinData_getEncoded(jpgBytes,"base64_mime"));

    // Sample base64_mime JPG data:

    // /9j/4AAQSkZJRgABAQEASABIAAD//gAmRmlsZSB3cml0dGVuIGJ5IEFkb2JlIFBob3Rvc2hvcD8g
    // NC4w/9sAQwAQCwwODAoQDg0OEhEQExgoGhgWFhgxIyUdKDozPTw5Mzg3QEhcTkBEV0U3OFBtUVdf
    // YmdoZz5NcXlwZHhcZWdj/9sAQwEREhIYFRgvGhovY0I4QmNjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj
    // Y2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2Nj/8IAEQgAFAAUAwERAAIRAQMRAf/EABcAAAMBAAAA
    // AAAAAAAAAAAAAAIDBAX/xAAYAQADAQEAAAAAAAAAAAAAAAABAgMEAP/aAAwDAQACEAMQAAAB2kZY
    // NNEijWKddfTmLgALWH//xAAbEAACAgMBAAAAAAAAAAAAAAABAgMRAAQSE//aAAgBAQABBQL0XqN+
    // pM2aqJGMiqFFCyg7z//EABwRAAICAgMAAAAAAAAAAAAAAAERAAIQIQMSUf/aAAgBAwEBPwHqU5aq
    // Axx+y1tMQl4elj//xAAcEQEAAQUBAQAAAAAAAAAAAAABEQACEBIhA1H/2gAIAQIBAT8B3Bhqy7Zc
    // enyiwmGgDhiOzj//xAAdEAABAwUBAAAAAAAAAAAAAAABAAIREBIhIkFR/9oACAEBAAY/ArZyn+Cg
    // xtxWuJaoCnqDuin/xAAcEAABBAMBAAAAAAAAAAAAAAABABEhYRAxQVH/2gAIAQEAAT8hkEwPUUR9
    // DYfE4nxtRpIkBTsayuALIiuY/9oADAMBAAIAAwAAABDWPTsf/8QAGhEAAwADAQAAAAAAAAAAAAAA
    // AAEREDFBIf/aAAgBAwEBPxC0DVPcWm+Ce4OesrkE6bjH/8QAGBEBAQEBAQAAAAAAAAAAAAAAAREA
    // QRD/2gAIAQIBAT8QahMiOc8YgSrnTY3ELclHXn//xAAcEAEBAAIDAQEAAAAAAAAAAAABEQAhMUFx
    // EFH/2gAIAQEAAT8Qn3igmSZSj+c4N4zapMy9IjFV98wncN2iuLFsCEbDGxQkI6RO/n//2Q==

    crypt = CkCrypt2_Create();

    // Specify the encryption to be used.
    // "pki" indicates "Public Key Infrastructure" and will create a PKCS7/CMS message.
    CkCrypt2_putCryptAlgorithm(crypt,"pki");
    CkCrypt2_putPkcs7CryptAlg(crypt,"aes");
    CkCrypt2_putKeyLength(crypt,128);
    CkCrypt2_putOaepHash(crypt,"sha256");
    CkCrypt2_putOaepPadding(crypt,TRUE);

    // A certificate is needed as the encryption key..
    cert = CkCert_Create();
    success = CkCert_LoadFromFile(cert,"qa_data/rsaes-oaep/cert.pem");
    if (success != TRUE) {
        printf("%s\n",CkCert_lastErrorText(cert));
        CkBinData_Dispose(jpgBytes);
        CkCrypt2_Dispose(crypt);
        CkCert_Dispose(cert);
        return;
    }

    // Tell the crypt object to use the certificate.
    CkCrypt2_SetEncryptCert(crypt,cert);

    // Do the in-place RSAES-OAEP encryption.
    // The contents of jpgBytes are replaced with the CMS message.
    success = CkCrypt2_EncryptBd(crypt,jpgBytes);
    if (success != TRUE) {
        printf("%s\n",CkCrypt2_lastErrorText(crypt));
        CkBinData_Dispose(jpgBytes);
        CkCrypt2_Dispose(crypt);
        CkCert_Dispose(cert);
        return;
    }

    // Examine the JPG bytes again.  The bytes should be different because they are encrypted:
    printf("%s\n",CkBinData_getEncoded(jpgBytes,"base64_mime"));

    // Sample CMS message:
    // This CMS message can be copy-and-pasted into the online web form
    // at https://lapo.it/asn1js/   to verify the algorithms used.

    // MIIFDAYJKoZIhvcNAQcDoIIE/TCCBPkCAQAxggGgMIIBnAIBADB1MGgxCzAJBgNVBAYTAlVTMQsw
    // CQYDVQQIDAJJTDEQMA4GA1UEBwwHV2hlYXRvbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
    // dHkgTHRkMRcwFQYDVQQDDA5DaGlsa2F0V2lkZ2V0cwIJAMRwugDmvniwMBwGCSqGSIb3DQEBBzAP
    // oA0wCwYJYIZIAWUDBAIBBIIBAHyWLgkJfIvoA3cYEAR/uHfA7uoi4eQXHl2woQAd6W5BbUNVBcYD
    // zuCTTOTWo1e7Uh0j0AhMZvVQf3+cngTiimzKwIZ2LNuNAgYOhrO/7coHyB22ImVetncUpCsAv/u7
    // 2tYp1dO36T56K+2hMELwcQXTj6v5ODO6a3emdCjITCjHhlYePvq2l0HyU2ALG5RFB6ldk9imhKzn
    // 6gfcijfH65S+KfMRlFBCXFu5nCBKmi8Ywo8Ue0rFssUDKLCjCeQNY52symiDbN/d06K/luOUwVhY
    // 1KQffdIKmTrZUugw+FaoQRq0xGj39T/sYu8qCinNZu/vPdUmxcXszSaSVJ/LGwcwggNOBgkqhkiG
    // 9w0BBwEwHQYJYIZIAWUDBAECBBDLnqRASqqnNUV2IiDkTRl/gIIDIPRaxdKEjhR5RD7pc7yI5j7N
    // TioZNvuMETdHWgHy7eOGz+1hP7fObk/RI0mtQx7IPEjkxaduNbXNzTpXAVRVj4Fw1zzXlqh9UPwt
    // p3TN3NsVRPQ5GmQ+cnPTSZD8i3i8ru8WFHyj1M6vyA0phrEGltKgqsZbb+OkuO5qG3laJv4XGkmn
    // 039pPGSTydQzW+HAp/hsJZLEMwdngXToi854ytjEk+ahCkeOz+d2MAfXZAR+nBCkmAmCQ9SDVTqH
    // FVJOAV2WrKBqNv4+iMn63f7QeoVIjk0QTE8D2iRsUiFYjy4ICaUpplLJEewneH5l0W40KA2+mOep
    // lIrvWnaX2H8ltOEBGD6Jng7i6p/Q4Lr+Y+HBYIHsBPLox3A4NOh/b0MZcyBr/AV2CsIwkIUGLlYl
    // /3rnpl7dRTuHP+fe1lDQVLAxD+U0c73sW7vOALhEe2t2Ae3ayukWPRyfXK9FNHAMhcOI4stHNSwx
    // o2fHa+ctTpPh0V5CHY/ELAKKkrH3nW954pk52tc8Xt6CnzVO5ry/ndcmTlQA0PkG6CK98TE9hCTA
    // hBdSL4/gVFgi9c35I6VXieY9kJe5ICljw5Ftm5yqTwlJIxGU3Z/WeIYBF4uyMegG75AQ9Md9tX0h
    // w8OOu2b6sIvxOZ+durIrYQDlXUXU/IR9exzAlYFENNBPhBgtDsWKSx5gcp+32kC5wtSYSiy3JxNt
    // 0W1yEJz8JGZXhuUvRXjwf+AjS4+/o82WTNXVLVKZ0TP50NVvtf9QqWuXvK/kDDPx6w+abK/aqdAs
    // QSL7wCxOosR2YUPWbXtwGhyHbIfAwWXijO2RnrqKeXL25Ywg16LQUTHq9Mlbgfw/tx3l5pjrmqFC
    // e9t9aaU6kDZqyyfRDOeWwkuDIsT90ulazbed2apgUXYj6AVVvMiC1pRld9wSuHH0vW0x5VsNbmXy
    // EY0NJlJY6II/1szy3bpiP6MsqFveCyCX8rM7UgGgpMNbvWPnsX0F/0eJywIrXrnQYXpvfgghIrlr
    // qu/ftXWypfcfvATxme+cN2EBsCDhq4VcMgB6JY3ykv6P8PK/QpMTbu4Y

    // To decrypt, we'll need the cert with private key.  
    // (The certificate alone contains only the public key.)
    // Provide the required cert + private key from a PFX (.pfx/.p12) file.
    success = CkCrypt2_AddPfxSourceFile(crypt,"qa_data/rsaes-oaep/cert_plus_privatekey.pfx","PFX_PASSWORD");
    if (success != TRUE) {
        printf("%s\n",CkCrypt2_lastErrorText(crypt));
        CkBinData_Dispose(jpgBytes);
        CkCrypt2_Dispose(crypt);
        CkCert_Dispose(cert);
        return;
    }

    // Decrypt to restore back to the original:
    success = CkCrypt2_DecryptBd(crypt,jpgBytes);
    if (success != TRUE) {
        printf("%s\n",CkCrypt2_lastErrorText(crypt));
        CkBinData_Dispose(jpgBytes);
        CkCrypt2_Dispose(crypt);
        CkCert_Dispose(cert);
        return;
    }

    printf("%s\n",CkBinData_getEncoded(jpgBytes,"base64_mime"));


    CkBinData_Dispose(jpgBytes);
    CkCrypt2_Dispose(crypt);
    CkCert_Dispose(cert);

    }