I need to use CryptoSys PKI Pro to encrypt some data like the following PHP code
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv);
I have my AES-256 key encoded in base64 as "G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=" (but please don't tell anyone!).
This page gives examples showing how to do this using CryptoSys PKI Pro in both C# and VBA languages, plus a reference example in PHP.
Notes | C# code | VBA code | Example output | PHP code | Contact us
openssl_encrypt function is already encoded in base64
(if you want raw binary output, use the OPENSSL_RAW_DATA option).
// PHP: $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
// PHP: $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv);
// PHP is very permissive about using strings and binary byte arrays interchangeably.
// C# is not. Raw encryption operations must be done using byte arrays for all parameters,
// including the plain text.
byte[] iv, encrypted, key;
string textToEncrypt, encryptedStr;
// Given 256-bit key encoded in base64 and text to encrypt...
key = Cnv.FromBase64("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=");
textToEncrypt = "Hello world! This my secret message.";
// Generate a random IV of the correct length
iv = Rng.Bytes(Cipher.BlockBytes(CipherAlgorithm.Aes256));
Console.WriteLine("BASE64(IV)={0}", Cnv.ToBase64(iv));
// Carry out the encryption with all input in binary form
// (Note we explicitly convert the text input string type to byte array, and the output is also a byte array)
encrypted = Cipher.Encrypt(System.Text.Encoding.Default.GetBytes(textToEncrypt), key, iv, CipherAlgorithm.Aes256, Mode.CBC, Padding.Pkcs5);
// In PHP, the default output is already encoded in base64, so we need to encode
encryptedStr = Cnv.ToBase64(encrypted);
Console.WriteLine("encrypted output={0}", encryptedStr);
// PART 2. DECRYPT - do the reverse
key = Cnv.FromBase64("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=");
byte[] decrypted = Cipher.Decrypt(Cnv.FromBase64(encryptedStr), key, iv, CipherAlgorithm.Aes256, Mode.CBC, Padding.Pkcs5);
Console.WriteLine("decrypted output='{0}'", System.Text.Encoding.Default.GetString(decrypted));
' Uses wrapper functions in `basCrPKIWrappers.bas` v20.0.2 2020-11-09
Dim textToEncrypt As String
Dim key() As Byte
Dim iv() As Byte
Dim encrypted() As Byte
Dim encryptedStr As String
' Given 256-bit key encoded in base64
key = cnvBytesFromB64Str("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=")
' and text in a normal string
textToEncrypt = "Hello world! This my secret message."
' Operate like PHP and generate a random IV of correct length
' PHP: $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
' Then encrypt with output encoded in default base64 (note arguments are all binary)
' PHP: $encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv));
' Generate a random IV of correct length
iv = rngBytes(PKI_BLK_AES_BYTES)
Debug.Print "BASE64(IV)=" & cnvB64StrFromBytes(iv)
' Do the business, all arguments in binary, output in binary.
encrypted = cipherEncryptBytes(StrConv(textToEncrypt, vbFromUnicode), key, iv, "aes-256-cbc", 0)
' Encode in base64 to match PHP default behaviour
encryptedStr = cnvB64StrFromBytes(encrypted)
Debug.Print "encrypted output=" & encryptedStr
' PART 2. DECRYPT - do the reverse
Dim decrypted() As Byte
key = cnvBytesFromB64Str("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=")
decrypted = cipherDecryptBytes(cnvBytesFromB64Str(encryptedStr), key, iv, "aes-256-cbc", 0)
' Decode byte array to ASCII
Debug.Print "decrypted output='" & StrConv(decrypted, vbUnicode) & "'"
The wrapper functions for VBA are available at the page VBA/VB6 wrapper functions introduced v20.0.1.
Note that cipherEncryptBytes and cipherDecryptBytes no longer need the "2" at the end.
Be aware that the output will different each time because of the random IV (this is by design). To check your code is correct, use a fixed IV to test.
BASE64(IV)=cJrccDraCqm7rQXdOsS8Zg== encrypted output=p+aQDK8isX68i+PPl4uhsYW2sJFR40a+nbnj29wd2TN1mnvWmiI4EU12CsRWlEp0 decrypted output='Hello world! This my secret message.'
You will need to pass the IV to the recipient as well as the ciphertext.
For reference, the example above in hexadecimal encoding is:
KEY=1B41CF4C4EB528243E0989F7BE8A8C9459D712DA5AA30EA0603A9A686495CEE1 IV=709ADC703ADA0AA9BBAD05DD3AC4BC66 CT=A7E6900CAF22B17EBC8BE3CF978BA1B185B6B09151E346BE9DB9E3DBDC1DD933759A7BD69A2238114D760AC456944A74
<?php
echo "<pre>\n";
$key = base64_decode("G0HPTE61KCQ+CYn3voqMlFnXEtpaow6gYDqaaGSVzuE=");
$textToEncrypt = "Hello world! This my secret message.";
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
echo "BASE64(IV)=" . base64_encode($iv) . "\n";
$encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv);
echo "encrypted output=" . $encrypted . "\n";
// PART 2. DECRYPT - do the reverse
$decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv);
echo "decrypted output=" . $decrypted . "\n";
echo "\n" . "Reference test with fixed IV" . "\n";
$iv = base64_decode("cJrccDraCqm7rQXdOsS8Zg==");
echo "BASE64(IV)=" . base64_encode($iv) . "\n";
$encrypted = openssl_encrypt($textToEncrypt, 'aes-256-cbc', $key, 0, $iv);
echo "encrypted output=" . $encrypted . "\n";
echo "expected output =" . "p+aQDK8isX68i+PPl4uhsYW2sJFR40a+nbnj29wd2TN1mnvWmiI4EU12CsRWlEp0" . "\n";
$decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv);
echo "decrypted output=" . $decrypted . "\n";
echo "</pre>\n";
?>
To contact us or comment on this page, please send us a message.
This page last updated 11 November 2020
