Tcl
Tcl
Duplicate PHP's openssl_encrypt and openssl_random_pseudo_bytes
See more OpenSSL Examples
Demonstrates how to duplicate PHP's openssl_encrypt function. (https://www.php.net/manual/en/function.openssl-encrypt.php)Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Duplicates thw following PHP script:
# $text = "This is a test";
# $passphrase = "my password";
# $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length("AES-256-CBC"));
# $crypted = base64_encode($iv.openssl_encrypt($text, "AES-256-CBC", $passphrase, OPENSSL_RAW_DATA, $iv));
# echo $crypted;
set crypt [new_CkCrypt2]
set text "This is a test"
set passphrase "my password"
# AES is a block cipher. The IV size for any block cipher is the size of the block, which is defined by the encryption algorithm.
# For AES, the block size is always 16 bytes, regardless of key size (i.e. 128-bits, 192-bits, or 256-bits).
# Therefore, generate 16 random bytes for the IV.
CkCrypt2_put_EncodingMode $crypt "base64"
set ivBase64 [CkCrypt2_genRandomBytesENC $crypt 16]
puts "Generated IV = $ivBase64"
# Because we're doing AES-256-CBC, the key length must be 256-bits (i.e. 32 bytes).
# Given that our passphrase is a us-ascii string that can be shorter or longer than 32-bytes, we need to
# somehow transform the passphrase to a 32-byte secret key. We need to know what openssl_encrypt does.
# Here's the answer from the openssl_encrypt documentation:
#
# "If the passphrase is shorter than expected, it is silently padded with NUL characters;
# if the passphrase is longer than expected, it is silently truncated."
# OK.... so let's pad or shorten to get a 32-byte key.
set bdKey [new_CkBinData]
CkBinData_AppendString $bdKey $passphrase "utf-8"
set sz [CkBinData_get_NumBytes $bdKey]
if {$sz > 32} then {
CkBinData_RemoveChunk $bdKey 32 [expr $sz - 32]
} else {
CkBinData_Clear $bdKey
CkBinData_AppendPadded $bdKey $passphrase "utf-8" 0 32
}
# Setup for encryption.
CkCrypt2_put_CryptAlgorithm $crypt "aes"
CkCrypt2_put_KeyLength $crypt 256
CkCrypt2_SetEncodedIV $crypt $ivBase64 "base64"
CkCrypt2_SetEncodedKey $crypt [CkBinData_getEncoded $bdKey "base64"] "base64"
# Encrypt and base64 encode.
set cipherText64 [CkCrypt2_encryptStringENC $crypt $text]
# The PHP code fragment above returns the base64 encoded bytes of the IV and the encrypted text.
# So let's do that..
set bd [new_CkBinData]
CkBinData_AppendEncoded $bd $ivBase64 "base64"
CkBinData_AppendEncoded $bd $cipherText64 "base64"
set result [CkBinData_getEncoded $bd "base64"]
puts "result = $result"
# Sample output:
# dN0vS1O0cWi5BbLAAY+NTf7bs3S27xzPf11RkG47sjs=
# Now let's decrypt from the output...
# Setup for decryption.
CkCrypt2_put_CryptAlgorithm $crypt "aes"
CkCrypt2_put_KeyLength $crypt 256
CkCrypt2_SetEncodedKey $crypt [CkBinData_getEncoded $bdKey "base64"] "base64"
set bdResult [new_CkBinData]
CkBinData_AppendEncoded $bdResult $result "base64"
CkCrypt2_SetEncodedIV $crypt [CkBinData_getEncodedChunk $bdResult 0 16 "base64"] "base64"
# Remove the IV (first 16 bytes) from the result.
CkBinData_RemoveChunk $bdResult 0 16
set success [CkCrypt2_DecryptBd $crypt $bdResult]
set originalText [CkBinData_getString $bdResult "utf-8"]
puts "original text = $originalText"
delete_CkCrypt2 $crypt
delete_CkBinData $bdKey
delete_CkBinData $bd
delete_CkBinData $bdResult