I need to use CryptoSys PKI Pro to encrypt some data like the following PHP code
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv);
I have my AES-256 key encoded in base64 as "G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE="
(but please don't tell anyone!).
This page gives examples showing how to do this using CryptoSys PKI Pro in both C# and VBA languages, plus a reference example in PHP.
Notes | C# code | VBA code | Example output | PHP code | Contact us
openssl_encrypt
function is already encoded in base64
(if you want raw binary output, use the OPENSSL_RAW_DATA
option).
// PHP: $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); // PHP: $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv); // PHP is very permissive about using strings and binary byte arrays interchangeably. // C# is not. Raw encryption operations must be done using byte arrays for all parameters, // including the plain text. byte[] iv, encrypted, key; string textToEncrypt, encryptedStr; // Given 256-bit key encoded in base64 and text to encrypt... key = Cnv.FromBase64("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE="); textToEncrypt = "Hello world! This my secret message."; // Generate a random IV of the correct length iv = Rng.Bytes(Cipher.BlockBytes(CipherAlgorithm.Aes256)); Console.WriteLine("BASE64(IV)={0}", Cnv.ToBase64(iv)); // Carry out the encryption with all input in binary form // (Note we explicitly convert the text input string type to byte array, and the output is also a byte array) encrypted = Cipher.Encrypt(System.Text.Encoding.Default.GetBytes(textToEncrypt), key, iv, CipherAlgorithm.Aes256, Mode.CBC, Padding.Pkcs5); // In PHP, the default output is already encoded in base64, so we need to encode encryptedStr = Cnv.ToBase64(encrypted); Console.WriteLine("encrypted output={0}", encryptedStr); // PART 2. DECRYPT - do the reverse key = Cnv.FromBase64("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE="); byte[] decrypted = Cipher.Decrypt(Cnv.FromBase64(encryptedStr), key, iv, CipherAlgorithm.Aes256, Mode.CBC, Padding.Pkcs5); Console.WriteLine("decrypted output='{0}'", System.Text.Encoding.Default.GetString(decrypted));
' Uses wrapper functions in `basCrPKIWrappers.bas` v20.0.2 2020-11-09 Dim textToEncrypt As String Dim key() As Byte Dim iv() As Byte Dim encrypted() As Byte Dim encryptedStr As String ' Given 256-bit key encoded in base64 key = cnvBytesFromB64Str("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=") ' and text in a normal string textToEncrypt = "Hello world! This my secret message." ' Operate like PHP and generate a random IV of correct length ' PHP: $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); ' Then encrypt with output encoded in default base64 (note arguments are all binary) ' PHP: $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv)); ' Generate a random IV of correct length iv = rngBytes(PKI_BLK_AES_BYTES) Debug.Print "BASE64(IV)=" & cnvB64StrFromBytes(iv) ' Do the business, all arguments in binary, output in binary. encrypted = cipherEncryptBytes(StrConv(textToEncrypt, vbFromUnicode), key, iv, "aes-256-cbc", 0) ' Encode in base64 to match PHP default behaviour encryptedStr = cnvB64StrFromBytes(encrypted) Debug.Print "encrypted output=" & encryptedStr ' PART 2. DECRYPT - do the reverse Dim decrypted() As Byte key = cnvBytesFromB64Str("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=") decrypted = cipherDecryptBytes(cnvBytesFromB64Str(encryptedStr), key, iv, "aes-256-cbc", 0) ' Decode byte array to ASCII Debug.Print "decrypted output='" & StrConv(decrypted, vbUnicode) & "'"
The wrapper functions for VBA are available at the page VBA/VB6 wrapper functions introduced v20.0.1.
Note that cipherEncryptBytes
and cipherDecryptBytes
no longer need the "2" at the end.
Be aware that the output will different each time because of the random IV (this is by design). To check your code is correct, use a fixed IV to test.
BASE64(IV)=cJrccDraCqm7rQXdOsS8Zg== encrypted output=p+aQDK8isX68i+PPl4uhsYW2sJFR40a+nbnj29wd2TN1mnvWmiI4EU12CsRWlEp0 decrypted output='Hello world! This my secret message.'
You will need to pass the IV to the recipient as well as the ciphertext.
For reference, the example above in hexadecimal encoding is:
KEY=1B41CF4C4EB528243E0989F7BE8A8C9459D712DA5AA30EA0603A9A686495CEE1 IV=709ADC703ADA0AA9BBAD05DD3AC4BC66 CT=A7E6900CAF22B17EBC8BE3CF978BA1B185B6B09151E346BE9DB9E3DBDC1DD933759A7BD69A2238114D760AC456944A74
<?php echo "<pre>\n"; $key = base64_decode("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE="); $textToEncrypt = "Hello world! This my secret message."; $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); echo "BASE64(IV)=" . base64_encode($iv) . "\n"; $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv); echo "encrypted output=" . $encrypted . "\n"; // PART 2. DECRYPT - do the reverse $decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv); echo "decrypted output=" . $decrypted . "\n"; echo "\n" . "Reference test with fixed IV" . "\n"; $iv = base64_decode("cJrccDraCqm7rQXdOsS8Zg=="); echo "BASE64(IV)=" . base64_encode($iv) . "\n"; $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv); echo "encrypted output=" . $encrypted . "\n"; echo "expected output =" . "p+aQDK8isX68i+PPl4uhsYW2sJFR40a+nbnj29wd2TN1mnvWmiI4EU12CsRWlEp0" . "\n"; $decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv); echo "decrypted output=" . $decrypted . "\n"; echo "</pre>\n"; ?>
To contact us or comment on this page, please send us a message.
This page last updated 11 November 2020