Swift
Swift
Duplicate SQL Server ENCRYPTBYPASSPHRASE
See more Encryption Examples
Demonstrates how to duplicate SQL Server's ENCRYPTBYPASSPHRASE.Chilkat Swift Downloads
func chilkatTest() {
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// For SQL Server 2008 - SQL Server 2016 we must use TripleDES with SHA1
// For SQL Server 2017 and later, use AES256 / SHA256.
var password: String? = "tEst1234"
var encryptedHex_v1: String? = "0x010000001E8E7DCDBD4061B951999E25D18445D2305474D2D71EEE98A241C755246F58AB"
// Here's an encrypted string using AES256/SHA256
var encryptedHex_v2: String? = "0x02000000FFE880C0354780481E64EF25B6197A02E2A854A4BA9D8D9BDDFDAB27EB56537ABDA0B1D9C4D1050C91B313550DECF429"
let sbEncHex = CkoStringBuilder()!
sbEncHex.append(value: encryptedHex_v1)
// If present, we don't want the leading "0x"
if sbEncHex.starts(with: "0x", caseSensitive: false) == true {
sbEncHex.removeChars(at: 0, numChars: 2)
}
let crypt = CkoCrypt2()!
crypt.encodingMode = "hex"
// The encrypted hex string will begin with either 01000000 or 02000000
// version 1 is produced by SQL Server 2008 to SQL Server 2016, and we must use TripleDES with SHA1
// version 2 is for SQL Server 2017 and later, and uses AES256 / SHA256.
var v1: Bool = sbEncHex.starts(with: "01", caseSensitive: false)
var ivLen: Int = 0
var hashAlg: String?
if v1 == true {
crypt.cryptAlgorithm = "3des"
crypt.cipherMode = "cbc"
crypt.keyLength = 168
ivLen = 8
hashAlg = "sha1"
}
else {
crypt.cryptAlgorithm = "aes"
crypt.cipherMode = "cbc"
crypt.keyLength = 256
ivLen = 16
hashAlg = "sha256"
}
// Remove the SQL Server version info (i.e. the "01000000")
sbEncHex.removeChars(at: 0, numChars: 8)
// Get the IV part of the sbEncHex, and also remove it from the StringBuilder.
var ivHex: String? = sbEncHex.getRange(startIndex: 0, numChars: ivLen * 2, removeFlag: true)
print("IV = \(ivHex!)")
crypt.setEncodedIV(ivStr: ivHex, encoding: "hex")
let sbPassword = CkoStringBuilder()!
sbPassword.append(value: password)
var pwd_hash: String? = sbPassword.getHash(algorithm: hashAlg, encoding: "hex", charset: "utf-16")
let sbKey = CkoStringBuilder()!
sbKey.append(value: pwd_hash)
if v1 == true {
// For v1, we only want the 1st 16 bytes of the 20 byte hash.
// (remember, the hex encoding uses 2 chars per byte, so we remove the last 8 chars)
sbKey.shorten(numChars: 8)
}
print("crypt key: \(sbKey.getAsString()!)")
crypt.setEncodedKey(keyStr: sbKey.getAsString(), encoding: "hex")
// Decrypt
let bd = CkoBinData()!
bd.appendEncoded(encData: sbEncHex.getAsString(), encoding: "hex")
crypt.decryptBd(bd: bd)
// The result is composed of a header of 8 bytes which we can discard.
// The remainder is the decrypted text.
// The header we are discarding is composed of:
// Bytes 0-3: Magic number equal to 0DF0ADBA
// Bytes 4-5: Number of integrity bytes, which is 0 unless an authenticator is used. We're assuming no authenticator is used.
// Bytes 6-7: Number of plain-text bytes. We really don't need this because the CBC padding takes care of it.
// Therefore, just return the data after the 1st 8 bytes.
// Assuming the encrypted string was utf-8 text...
bd.removeChunk(offset: 0, numBytes: 8)
var plainText: String? = bd.getString(charset: "utf-8")
print("decrypted plain text: \(plainText!)")
// The output:
// IV = 1E8E7DCDBD4061B9
// crypt key: 710B9C2E61ACCC9570D4112203BD9738
// decrypted plain text: Hello world.
// ------------------------------------------------------------------------------------------
// To encrypt, do the reverse...
// Let's do v1 with TripleDES with SHA1
let encryptor = CkoCrypt2()!
encryptor.encodingMode = "hex"
encryptor.cryptAlgorithm = "3des"
encryptor.cipherMode = "cbc"
encryptor.keyLength = 168
// Generate a random 8-byte IV
let prng = CkoPrng()!
ivHex = prng.genRandom(numBytes: 8, encoding: "hex")
encryptor.setEncodedIV(ivStr: ivHex, encoding: "hex")
// The binary password is generated the same as above.
// We'll use the same password (and same binary password)
encryptor.setEncodedKey(keyStr: sbKey.getAsString(), encoding: "hex")
var plainTextLen: Int = 8
plainText = "ABCD1234"
// Encrypt the header + the plain-text.
let bdData = CkoBinData()!
bdData.appendEncoded(encData: "0DF0ADBA", encoding: "hex")
bdData.appendEncoded(encData: "0000", encoding: "hex")
bdData.appendInt2(value: plainTextLen, littleEndian: true)
print("header: \(bdData.getEncoded(encoding: "hex")!)")
bdData.appendString(str: plainText, charset: "utf-8")
encryptor.encryptBd(bd: bdData)
// Compose the result..
let sbEnc = CkoStringBuilder()!
sbEnc.append(value: "0x01000000")
sbEnc.append(value: ivHex)
sbEnc.append(value: bdData.getEncoded(encoding: "hex"))
print("result: \(sbEnc.getAsString()!)")
}