Sample code for 30+ languages & platforms
DataFlex

AES CTR Mode Encryption

See more Encryption Examples

Demonstrates how to encrypt using AES CTR mode.

CTR mode is special in a few ways:

(1) Padding doesn't apply. Normally, a block encryption algorithm (AES, Blowfish, DES, RC2, etc.) emit encrypted output that is a multiple of the block size (16 bytes for AES as an example). With CTR mode, the number of bytes output is exactly equal to the number of bytes input, so no padding/unpadding is required. The PaddingScheme property does not apply for counter mode.

(2) CTR mode increments a counter for each subsequent block encrypted. For example, if an application encrypted the string "1234567890" twenty times in a row, using the same instance of the Chilkat Crypt2 object, then each iteration's result would be different. This is because the counter is being incremented. The decrypting application would need to decrypt in exactly the same manner. The 1st decrypt should begin with a new instance of a Crypt2 object so that it's counter is at the initial value of 0.

It would be a mistake to encrypt 20 strings using an instance of the Crypt2 object, and then attempt to decrypt with the same Crypt2 object. To decrypt successfully, the app would need to instantiate a new Crypt2 object and then decrypt, so that the counters match.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Handle hoCrypt
    String sIvHex
    String sKeyHex
    String sEncStr
    Handle hoDecrypt
    String sDecStr

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    // AES is also known as Rijndael.		
    Set ComCryptAlgorithm Of hoCrypt To "aes"

    // CipherMode may be "ctr", "cfb", "ecb" or "cbc"
    Set ComCipherMode Of hoCrypt To "ctr"

    // KeyLength may be 128, 192, 256
    Set ComKeyLength Of hoCrypt To 256

    // Counter mode emits the exact number of bytes input, and therefore 
    // padding is not used.  The PaddingScheme property does not apply with CTR mode.

    // EncodingMode specifies the encoding of the output for
    // encryption, and the input for decryption.
    // It may be "hex", "url", "base64", "quoted-printable", or many other choices.
    Set ComEncodingMode Of hoCrypt To "hex"

    // An initialization vector (nonce) is required if using CTR mode.
    // The length of the IV is equal to the algorithm's block size.
    // It is NOT equal to the length of the key.
    Move "000102030405060708090A0B0C0D0E0F" To sIvHex
    Send ComSetEncodedIV To hoCrypt sIvHex "hex"

    // The secret key must equal the size of the key.  For
    // 256-bit encryption, the binary secret key is 32 bytes.
    // For 128-bit encryption, the binary secret key is 16 bytes.
    Move "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F" To sKeyHex
    Send ComSetEncodedKey To hoCrypt sKeyHex "hex"

    // Encrypt a string...
    // The input string is 44 ANSI characters (i.e. 44 bytes), so
    // the output should be 48 bytes (a multiple of 16).
    // Because the output is a hex string, it should
    // be 96 characters long (2 chars per byte).
    Get ComEncryptStringENC Of hoCrypt "The quick red fox jumps over the sleeping dog." To sEncStr
    Showln sEncStr

    Get Create (RefClass(cComChilkatCrypt2)) To hoDecrypt
    If (Not(IsComObjectCreated(hoDecrypt))) Begin
        Send CreateComObject of hoDecrypt
    End

    Set ComCryptAlgorithm Of hoDecrypt To "aes"
    Set ComCipherMode Of hoDecrypt To "ctr"
    Set ComKeyLength Of hoDecrypt To 256
    Set ComEncodingMode Of hoDecrypt To "hex"
    Send ComSetEncodedIV To hoDecrypt sIvHex "hex"
    Send ComSetEncodedKey To hoDecrypt sKeyHex "hex"

    // Now decrypt:
    Get ComDecryptStringENC Of hoDecrypt sEncStr To sDecStr
    Showln sDecStr


End_Procedure