Perl
Perl
Duplicate SQL Server ENCRYPTBYPASSPHRASE
See more Encryption Examples
Demonstrates how to duplicate SQL Server's ENCRYPTBYPASSPHRASE.Chilkat Perl Downloads
use chilkat();
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# For SQL Server 2008 - SQL Server 2016 we must use TripleDES with SHA1
# For SQL Server 2017 and later, use AES256 / SHA256.
$password = "tEst1234";
$encryptedHex_v1 = "0x010000001E8E7DCDBD4061B951999E25D18445D2305474D2D71EEE98A241C755246F58AB";
# Here's an encrypted string using AES256/SHA256
$encryptedHex_v2 = "0x02000000FFE880C0354780481E64EF25B6197A02E2A854A4BA9D8D9BDDFDAB27EB56537ABDA0B1D9C4D1050C91B313550DECF429";
$sbEncHex = chilkat::CkStringBuilder->new();
$sbEncHex->Append($encryptedHex_v1);
# If present, we don't want the leading "0x"
if ($sbEncHex->StartsWith("0x",0) == 1) {
$sbEncHex->RemoveCharsAt(0,2);
}
$crypt = chilkat::CkCrypt2->new();
$crypt->put_EncodingMode("hex");
# The encrypted hex string will begin with either 01000000 or 02000000
# version 1 is produced by SQL Server 2008 to SQL Server 2016, and we must use TripleDES with SHA1
# version 2 is for SQL Server 2017 and later, and uses AES256 / SHA256.
$v1 = $sbEncHex->StartsWith("01",0);
$ivLen = 0;
if ($v1 == 1) {
$crypt->put_CryptAlgorithm("3des");
$crypt->put_CipherMode("cbc");
$crypt->put_KeyLength(168);
$ivLen = 8;
$hashAlg = "sha1";
}
else {
$crypt->put_CryptAlgorithm("aes");
$crypt->put_CipherMode("cbc");
$crypt->put_KeyLength(256);
$ivLen = 16;
$hashAlg = "sha256";
}
# Remove the SQL Server version info (i.e. the "01000000")
$sbEncHex->RemoveCharsAt(0,8);
# Get the IV part of the sbEncHex, and also remove it from the StringBuilder.
$ivHex = $sbEncHex->getRange(0,$ivLen * 2,1);
print "IV = " . $ivHex . "\r\n";
$crypt->SetEncodedIV($ivHex,"hex");
$sbPassword = chilkat::CkStringBuilder->new();
$sbPassword->Append($password);
$pwd_hash = $sbPassword->getHash($hashAlg,"hex","utf-16");
$sbKey = chilkat::CkStringBuilder->new();
$sbKey->Append($pwd_hash);
if ($v1 == 1) {
# For v1, we only want the 1st 16 bytes of the 20 byte hash.
# (remember, the hex encoding uses 2 chars per byte, so we remove the last 8 chars)
$sbKey->Shorten(8);
}
print "crypt key: " . $sbKey->getAsString() . "\r\n";
$crypt->SetEncodedKey($sbKey->getAsString(),"hex");
# Decrypt
$bd = chilkat::CkBinData->new();
$bd->AppendEncoded($sbEncHex->getAsString(),"hex");
$crypt->DecryptBd($bd);
# The result is composed of a header of 8 bytes which we can discard.
# The remainder is the decrypted text.
# The header we are discarding is composed of:
# Bytes 0-3: Magic number equal to 0DF0ADBA
# Bytes 4-5: Number of integrity bytes, which is 0 unless an authenticator is used. We're assuming no authenticator is used.
# Bytes 6-7: Number of plain-text bytes. We really don't need this because the CBC padding takes care of it.
# Therefore, just return the data after the 1st 8 bytes.
# Assuming the encrypted string was utf-8 text...
$bd->RemoveChunk(0,8);
$plainText = $bd->getString("utf-8");
print "decrypted plain text: " . $plainText . "\r\n";
# The output:
# IV = 1E8E7DCDBD4061B9
# crypt key: 710B9C2E61ACCC9570D4112203BD9738
# decrypted plain text: Hello world.
# ------------------------------------------------------------------------------------------
# To encrypt, do the reverse...
# Let's do v1 with TripleDES with SHA1
$encryptor = chilkat::CkCrypt2->new();
$encryptor->put_EncodingMode("hex");
$encryptor->put_CryptAlgorithm("3des");
$encryptor->put_CipherMode("cbc");
$encryptor->put_KeyLength(168);
# Generate a random 8-byte IV
$prng = chilkat::CkPrng->new();
$ivHex = $prng->genRandom(8,"hex");
$encryptor->SetEncodedIV($ivHex,"hex");
# The binary password is generated the same as above.
# We'll use the same password (and same binary password)
$encryptor->SetEncodedKey($sbKey->getAsString(),"hex");
$plainTextLen = 8;
$plainText = "ABCD1234";
# Encrypt the header + the plain-text.
$bdData = chilkat::CkBinData->new();
$bdData->AppendEncoded("0DF0ADBA","hex");
$bdData->AppendEncoded("0000","hex");
$bdData->AppendInt2($plainTextLen,1);
print "header: " . $bdData->getEncoded("hex") . "\r\n";
$bdData->AppendString($plainText,"utf-8");
$encryptor->EncryptBd($bdData);
# Compose the result..
$sbEnc = chilkat::CkStringBuilder->new();
$sbEnc->Append("0x01000000");
$sbEnc->Append($ivHex);
$sbEnc->Append($bdData->getEncoded("hex"));
print "result: " . $sbEnc->getAsString() . "\r\n";