Chilkat HOME Android™ Classic ASP C C++ C# Mono C# .NET Core C# C# UWP/WinRT DataFlex Delphi ActiveX Delphi DLL Visual FoxPro Java Lianja MFC Objective-C Perl PHP ActiveX PHP Extension PowerBuilder PowerShell PureBasic CkPython Chilkat2-Python Ruby SQL Server Swift 2 Swift 3/4 Tcl Unicode C Unicode C++ Visual Basic 6.0 VB.NET VB.NET UWP/WinRT VBScript Xojo Plugin Node.js Excel Go
(Tcl) AES CTR Mode Encryption
Demonstrates how to encrypt using AES CTR mode.
CTR mode is special in a few ways:
(1) Padding doesn't apply. Normally, a block encryption algorithm (AES, Blowfish, DES, RC2, etc.) emit encrypted output that is a multiple of the block size (16 bytes for AES as an example). With CTR mode, the number of bytes output is exactly equal to the number of bytes input, so no padding/unpadding is required. The PaddingScheme property does not apply for counter mode.
(2) CTR mode increments a counter for each subsequent block encrypted. For example, if an application encrypted the string "1234567890" twenty times in a row, using the same instance of the Chilkat Crypt2 object, then each iteration's result would be different. This is because the counter is being incremented. The decrypting application would need to decrypt in exactly the same manner. The 1st decrypt should begin with a new instance of a Crypt2 object so that it's counter is at the initial value of 0.
It would be a mistake to encrypt 20 strings using an instance of the Crypt2 object, and then attempt to decrypt with the same Crypt2 object. To decrypt successfully, the app would need to instantiate a new Crypt2 object and then decrypt, so that the counters match.
load ./chilkat.dll # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set crypt [new_CkCrypt2] # AES is also known as Rijndael. CkCrypt2_put_CryptAlgorithm $crypt "aes" # CipherMode may be "ctr", "cfb", "ecb" or "cbc" CkCrypt2_put_CipherMode $crypt "ctr" # KeyLength may be 128, 192, 256 CkCrypt2_put_KeyLength $crypt 256 # Counter mode emits the exact number of bytes input, and therefore # padding is not used. The PaddingScheme property does not apply with CTR mode. # EncodingMode specifies the encoding of the output for # encryption, and the input for decryption. # It may be "hex", "url", "base64", "quoted-printable", or many other choices. CkCrypt2_put_EncodingMode $crypt "hex" # An initialization vector (nonce) is required if using CTR mode. # The length of the IV is equal to the algorithm's block size. # It is NOT equal to the length of the key. set ivHex "000102030405060708090A0B0C0D0E0F" CkCrypt2_SetEncodedIV $crypt $ivHex "hex" # The secret key must equal the size of the key. For # 256-bit encryption, the binary secret key is 32 bytes. # For 128-bit encryption, the binary secret key is 16 bytes. set keyHex "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F" CkCrypt2_SetEncodedKey $crypt $keyHex "hex" # Encrypt a string... # The input string is 44 ANSI characters (i.e. 44 bytes), so # the output should be 48 bytes (a multiple of 16). # Because the output is a hex string, it should # be 96 characters long (2 chars per byte). set encStr [CkCrypt2_encryptStringENC $crypt "The quick red fox jumps over the sleeping dog."] puts "$encStr" set decrypt [new_CkCrypt2] CkCrypt2_put_CryptAlgorithm $decrypt "aes" CkCrypt2_put_CipherMode $decrypt "ctr" CkCrypt2_put_KeyLength $decrypt 256 CkCrypt2_put_EncodingMode $decrypt "hex" CkCrypt2_SetEncodedIV $decrypt $ivHex "hex" CkCrypt2_SetEncodedKey $decrypt $keyHex "hex" # Now decrypt: set decStr [CkCrypt2_decryptStringENC $decrypt $encStr] puts "$decStr" delete_CkCrypt2 $crypt delete_CkCrypt2 $decrypt
© 2000-2019 Chilkat Software, Inc. All Rights Reserved.