Sample code for 30+ languages & platforms
PureBasic

RSAES-OAEP Encrypt String with AES-128 Content Encryption and SHA256

See more Encryption Examples

Encrypts a string using RSAES-OAEP with SHA256 and AES-128 content encryption to produce PKCS7 output (base64 encoded).

Note: This example requires Chilkat v9.5.0.67 or greater.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkCert.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkCrypt2.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; First build a string to be encrypted
    sb.i = CkStringBuilder::ckCreate()
    If sb.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    i.i = 1
    While i < 25
        CkStringBuilder::ckAppendInt(sb,i)
        CkStringBuilder::ckAppend(sb," the quick brown fox jumped over the lazy dog." + Chr(13) + Chr(10))
        i = i + 1
    Wend

    Debug CkStringBuilder::ckGetAsString(sb)

    ; The string to be encrypted looks like this:

    ; 1 the quick brown fox jumped over the lazy dog.
    ; 2 the quick brown fox jumped over the lazy dog.
    ; 3 the quick brown fox jumped over the lazy dog.
    ; 4 the quick brown fox jumped over the lazy dog.
    ; 5 the quick brown fox jumped over the lazy dog.
    ; 6 the quick brown fox jumped over the lazy dog.
    ; ...

    ; Load a digital certificate. 
    ; We don't need the private key for encryption.
    ; Only the public key is needed (which is included in a certificate).
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadFromFile(cert,"qa_data/rsaes-oaep/cert.pem")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkStringBuilder::ckDispose(sb)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    crypt.i = CkCrypt2::ckCreate()
    If crypt.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Tell the crypt object to use the certificate.
    CkCrypt2::ckSetEncryptCert(crypt,cert)

    ; Indicate that we want PKI encryption (i.e. public-key infrastructure)
    ; to produce a CMS message (Cryptographic Message Syntax/PKCS7),
    ; that is be created with RSAES-OAEP padding, SHA256, and AES-128 for the
    ; bulk encryption.
    CkCrypt2::setCkCryptAlgorithm(crypt, "pki")
    CkCrypt2::setCkPkcs7CryptAlg(crypt, "aes")
    CkCrypt2::setCkKeyLength(crypt, 128)
    CkCrypt2::setCkOaepHash(crypt, "sha256")
    CkCrypt2::setCkOaepPadding(crypt, 1)

    ; Also, don't forget to be specific about the character encoding (byte representation) of the
    ; string to be encrypted.
    CkCrypt2::setCkCharset(crypt, "utf-8")

    ; Now indicate that the PKCS7 output is to be returned in the base64 encoding.
    CkCrypt2::setCkEncodingMode(crypt, "base64")

    base64Pkcs7.s = CkCrypt2::ckEncryptStringENC(crypt,CkStringBuilder::ckGetAsString(sb))
    If CkCrypt2::ckLastMethodSuccess(crypt) <> 1
        Debug CkCrypt2::ckLastErrorText(crypt)
        CkStringBuilder::ckDispose(sb)
        CkCert::ckDispose(cert)
        CkCrypt2::ckDispose(crypt)
        ProcedureReturn
    EndIf

    ; Show the output
    Debug base64Pkcs7

    ; This base64 can be copy-and-pasted into the form at http://lapo.it/asn1js/
    ; to verify that all the chosen algorithms were indeed used.

    Debug "OK."


    CkStringBuilder::ckDispose(sb)
    CkCert::ckDispose(cert)
    CkCrypt2::ckDispose(crypt)


    ProcedureReturn
EndProcedure