PowerBuilder
PowerBuilder
AES Key Wrap / Unwrap
See more Encryption Examples
Demonstrates the AesKeyWrap and AesKeyUnwrap methods that were added to Chilkat v9.5.0.66.This example implements the AES Key Wrap Algorithm as described in RFC 3394. It demonstrates wrapping and unwrapping the test data provided in the RFC. This example requires Chilkat v9.5.0.66 or later.
Chilkat PowerBuilder Downloads
integer li_rc
oleobject loo_Crypt
string ls_Kek
string ls_KeyData
string ls_WrappedKey
string ls_Expected
string ls_UnwrappedKey
string ls_Encoding
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: This example requires Chilkat v9.5.0.66 or later.
loo_Crypt = create oleobject
li_rc = loo_Crypt.ConnectToNewObject("Chilkat.Crypt2")
if li_rc < 0 then
destroy loo_Crypt
MessageBox("Error","Connecting to COM object failed")
return
end if
// The KEK is the Key Encryption Key. It's the AES key that is used
// to wrap another AES key which is called the "Key Data".
// The KEK can be 128-bit, 192-bit, or 256-bit.
// (In other words, it can be 16 bytes, 24 bytes, or 32 bytes)
// The Key Data must be a multiple of 64-bits in length. (i.e. a multiple of 8 bytes)
// The AES Key Wrap algorithm can wrap not only AES keys, but any data that is a
// multiple of 8 bytes in size.
ls_Encoding = "hex"
// Use a 128-bit KEK to wrap a 128-bit AES key.
ls_Kek = "000102030405060708090A0B0C0D0E0F"
ls_KeyData = "00112233445566778899AABBCCDDEEFF"
ls_Expected = "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5"
Write-Debug "---- Use a 128-bit KEK to wrap a 128-bit AES key."
Write-Debug "kek = " + ls_Kek
Write-Debug "keyData = " + ls_KeyData
Write-Debug "expected = " + ls_Expected
ls_WrappedKey = loo_Crypt.AesKeyWrap(ls_Kek,ls_KeyData,ls_Encoding)
Write-Debug "computed = " + ls_WrappedKey
ls_UnwrappedKey = loo_Crypt.AesKeyUnwrap(ls_Kek,ls_WrappedKey,ls_Encoding)
Write-Debug "unwrapped = " + ls_UnwrappedKey
Write-Debug "----"
// Use a 192-bit KEK to wrap a 128-bit AES key.
ls_Kek = "000102030405060708090A0B0C0D0E0F1011121314151617"
ls_KeyData = "00112233445566778899AABBCCDDEEFF"
ls_Expected = "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D"
Write-Debug "---- Use a 192-bit KEK to wrap a 128-bit AES key."
Write-Debug "kek = " + ls_Kek
Write-Debug "keyData = " + ls_KeyData
Write-Debug "expected = " + ls_Expected
ls_WrappedKey = loo_Crypt.AesKeyWrap(ls_Kek,ls_KeyData,ls_Encoding)
Write-Debug "computed = " + ls_WrappedKey
ls_UnwrappedKey = loo_Crypt.AesKeyUnwrap(ls_Kek,ls_WrappedKey,ls_Encoding)
Write-Debug "unwrapped = " + ls_UnwrappedKey
Write-Debug "----"
// Use a 256-bit KEK to wrap a 128-bit AES key.
ls_Kek = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
ls_KeyData = "00112233445566778899AABBCCDDEEFF"
ls_Expected = "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7"
Write-Debug "---- Use a 256-bit KEK to wrap a 128-bit AES key."
Write-Debug "kek = " + ls_Kek
Write-Debug "keyData = " + ls_KeyData
Write-Debug "expected = " + ls_Expected
ls_WrappedKey = loo_Crypt.AesKeyWrap(ls_Kek,ls_KeyData,ls_Encoding)
Write-Debug "computed = " + ls_WrappedKey
ls_UnwrappedKey = loo_Crypt.AesKeyUnwrap(ls_Kek,ls_WrappedKey,ls_Encoding)
Write-Debug "unwrapped = " + ls_UnwrappedKey
Write-Debug "----"
// Use a 192-bit KEK to wrap a 192-bit AES key.
ls_Kek = "000102030405060708090A0B0C0D0E0F1011121314151617"
ls_KeyData = "00112233445566778899AABBCCDDEEFF0001020304050607"
ls_Expected = "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2"
Write-Debug "---- Use a 192-bit KEK to wrap a 192-bit AES key."
Write-Debug "kek = " + ls_Kek
Write-Debug "keyData = " + ls_KeyData
Write-Debug "expected = " + ls_Expected
ls_WrappedKey = loo_Crypt.AesKeyWrap(ls_Kek,ls_KeyData,ls_Encoding)
Write-Debug "computed = " + ls_WrappedKey
ls_UnwrappedKey = loo_Crypt.AesKeyUnwrap(ls_Kek,ls_WrappedKey,ls_Encoding)
Write-Debug "unwrapped = " + ls_UnwrappedKey
Write-Debug "----"
// Use a 256-bit KEK to wrap a 192-bit AES key.
ls_Kek = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
ls_KeyData = "00112233445566778899AABBCCDDEEFF0001020304050607"
ls_Expected = "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1"
Write-Debug "---- Use a 256-bit KEK to wrap a 192-bit AES key."
Write-Debug "kek = " + ls_Kek
Write-Debug "keyData = " + ls_KeyData
Write-Debug "expected = " + ls_Expected
ls_WrappedKey = loo_Crypt.AesKeyWrap(ls_Kek,ls_KeyData,ls_Encoding)
Write-Debug "computed = " + ls_WrappedKey
ls_UnwrappedKey = loo_Crypt.AesKeyUnwrap(ls_Kek,ls_WrappedKey,ls_Encoding)
Write-Debug "unwrapped = " + ls_UnwrappedKey
Write-Debug "----"
// Use a 256-bit KEK to wrap a 256-bit AES key.
ls_Kek = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
ls_KeyData = "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F"
ls_Expected = "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21"
Write-Debug "---- Use a 256-bit KEK to wrap a 256-bit AES key."
Write-Debug "kek = " + ls_Kek
Write-Debug "keyData = " + ls_KeyData
Write-Debug "expected = " + ls_Expected
ls_WrappedKey = loo_Crypt.AesKeyWrap(ls_Kek,ls_KeyData,ls_Encoding)
Write-Debug "computed = " + ls_WrappedKey
ls_UnwrappedKey = loo_Crypt.AesKeyUnwrap(ls_Kek,ls_WrappedKey,ls_Encoding)
Write-Debug "unwrapped = " + ls_UnwrappedKey
Write-Debug "----"
// The output:
//
// ---- Use a 128-bit KEK to wrap a 128-bit AES key.
// kek = 000102030405060708090A0B0C0D0E0F
// keyData = 00112233445566778899AABBCCDDEEFF
// expected = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5
// computed = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5
// unwrapped = 00112233445566778899AABBCCDDEEFF
// ----
// ---- Use a 192-bit KEK to wrap a 128-bit AES key.
// kek = 000102030405060708090A0B0C0D0E0F1011121314151617
// keyData = 00112233445566778899AABBCCDDEEFF
// expected = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D
// computed = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D
// unwrapped = 00112233445566778899AABBCCDDEEFF
// ----
// ---- Use a 256-bit KEK to wrap a 128-bit AES key.
// kek = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
// keyData = 00112233445566778899AABBCCDDEEFF
// expected = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7
// computed = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7
// unwrapped = 00112233445566778899AABBCCDDEEFF
// ----
// ---- Use a 192-bit KEK to wrap a 192-bit AES key.
// kek = 000102030405060708090A0B0C0D0E0F1011121314151617
// keyData = 00112233445566778899AABBCCDDEEFF0001020304050607
// expected = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
// computed = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
// unwrapped = 00112233445566778899AABBCCDDEEFF0001020304050607
// ----
// ---- Use a 256-bit KEK to wrap a 192-bit AES key.
// kek = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
// keyData = 00112233445566778899AABBCCDDEEFF0001020304050607
// expected = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
// computed = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
// unwrapped = 00112233445566778899AABBCCDDEEFF0001020304050607
// ----
// ---- Use a 256-bit KEK to wrap a 256-bit AES key.
// kek = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
// keyData = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
// expected = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
// computed = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
// unwrapped = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
// ----
//
destroy loo_Crypt