Crypt2 C Library Reference
Crypt2
Chilkat encryption C library.
Create/Dispose
HCkCrypt2 CkCrypt2_Create(void);
Creates an instance of the CkCrypt2 object and returns a handle (i.e. a "void *" pointer). The handle is passed in the 1st argument for the functions listed on this page.
void CkCrypt2_Dispose(HCkCrypt2 handle);
Objects created by calling CkCrypt2_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function.
C "Properties"
int CkCrypt2_getBlockSize(HCkCrypt2 cHandle);
The block-size (in bytes) of the selected encryption algorithm. For example, if the CryptAlgorithm property is set to "aes", the BlockSize property is automatically set to 16. The block-size for the ARC4 streaming encryption algorithm is 1.
void CkCrypt2_getCharset(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putCharset(HCkCrypt2 cHandle, const char *newVal);
Controls the character encoding of the text encrypted, signed, hashed or compressed. This property is relevant wherever strings are used as inputs or outputs. When working with strings, it is important to know the exact bytes that are being encrypted/hashed/signed/compressed. This is critical when interoperating with other systems. If your application is sending an encrypted string to another system that will decrypt it, you will need to know the encoding of the string that is expected on the receiving end (after decryption). If you pass Unicode data (2 byte per character) to the encryptor, subsequent decryption will reproduce the original Unicode. However, it may be that your program works with Unicode strings, but the recipient of the encrypted data works with iso-8859-1 strings. In such a case, setting the Charset property to "iso-8859-1" causes the character data to be automatically converted to the Charset before being encrypted (or compressed, or hashed, or signed). The set of valid charsets is listed below:
ANSI
us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u
void CkCrypt2_getCipherMode(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putCipherMode(HCkCrypt2 cHandle, const char *newVal);
Controls the cipher mode for Rijndael and Twofish encryption. Possible values are "CBC" (the default) and "ECB". CBC is an acronym for Cipher Block Chaining, ECB is an acronym for Electronic CookBook.
void CkCrypt2_getCompressionAlgorithm(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putCompressionAlgorithm(HCkCrypt2 cHandle, const char *newVal);
Selects the compression algorithm to be used. Currently, the only valid setting is "BZIP2".
void CkCrypt2_getCryptAlgorithm(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putCryptAlgorithm(HCkCrypt2 cHandle, const char *newVal);
Selects the encryption algorithm for encrypting and decrypting. Possible values are: "pki", "aes", "rijndael", "blowfish", "blowfish2", "des", "3des", "rc2", "arc4", "twofish", "pbes1" and "pbes2". The "pki" encryption algorithm isn't a specific algorithm, but instead tells the component to encrypt/decrypt using public-key encryption with digital certificates. The other choices, rijndael, blowfish, and twofish, are symmetric encryption algorithms that do not involve digital certificates and public/private keys.
The original Chilkat implementation of Blowfish has a 4321 byte-swapping issue (the results are 4321 byte-swapped). The new implementation ("blowfish2") does not byte swap. This should be used for compatibility with other Blowfish software.
Password-based encryption (PBE) is selected by setting this property to "pbes1" or "pbes2". Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127. If PBE is used, the underlying encryption algorithm is specified by the PbesAlgorithm property.
void CkCrypt2_getEncodingMode(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putEncodingMode(HCkCrypt2 cHandle, const char *newVal);
Controls the encoding of binary data to a printable string for many methods. The valid modes are "Base64", "QP" (for quoted-printable), "URL" (for url-encoding), and "Hex".
BOOL CkCrypt2_getFirstChunk(HCkCrypt2 cHandle);
void CkCrypt2_putFirstChunk(HCkCrypt2 cHandle, BOOL newVal);
Chilkat Crypt2 provides the ability to feed the encryption/decryption methods with chunks of data. This allows a large amount of data, or a data stream, to be fed piecemeal for encrypting or decrypting. It applies to all symmetric algorithms currently supported (AES, Blowfish, Twofish, 3DES, RC2, DES, ARC4), and all algorithms supported in the future.
The default value for both FirstChunk and LastChunk is true — meaning that when you call an Encrypt* or Decrypt* method, it is both the first and last chunk (i.e. it’s the entire amount of data to be encrypted or decrypted).
If you wish to feed the data piecemeal, do this:
- Set FirstChunk = true, LastChunk = false for the first chunk of data.
- For all “middle” chunks (i.e. all chunks except for the final chunk) set FirstChunk = false and LastChunk = false.
- For the final chunk, set FirstChunk = false and LastChunk = true
You don’t need to worry about feeding data according to the block size of the encryption algorithm. For example, AES has a block size of 16 bytes. You may feed data in chunks of any size. The Chilkat Crypt2 component will buffer the data. When the final chunk is passed, the output is padded to the algorithm’s block size according to the PaddingScheme. more info about FirstChunk/LastChunk
void CkCrypt2_getHashAlgorithm(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putHashAlgorithm(HCkCrypt2 cHandle, const char *newVal);
Selects the hash algorithm used by methods that create hashes. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", and "haval".
long CkCrypt2_getHavalRounds(HCkCrypt2 cHandle);
void CkCrypt2_putHavalRounds(HCkCrypt2 cHandle, long newVal);
Applies to the HAVAL hash algorithm only and must be set to the integer value 3, 4, or 5. The default value is 3.
void CkCrypt2_getIV(HCkCrypt2 cHandle, HCkByteData retval);
void CkCrypt2_putIV(HCkCrypt2 cHandle, HCkByteData newVal);
The initialization vector to be used with symmetric encryption algorithms (Rijndael, Blowfish, Twofish). If left unset, no initialization vector is used.
BOOL CkCrypt2_getIncludeCertChain(HCkCrypt2 cHandle);
void CkCrypt2_putIncludeCertChain(HCkCrypt2 cHandle, BOOL newVal);
To be documented soon.
int CkCrypt2_getIterationCount(HCkCrypt2 cHandle);
void CkCrypt2_putIterationCount(HCkCrypt2 cHandle, int newVal);
Iteration count to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127
The purpose of the iteration count is to increase the computation required to encrypt and decrypt. A larger iteration count makes cracking via exhaustive search more difficult. The default value is 1024.
long CkCrypt2_getKeyLength(HCkCrypt2 cHandle);
void CkCrypt2_putKeyLength(HCkCrypt2 cHandle, long newVal);
The key length in bits for symmetric encryption algorithms. The default value is 128.
BOOL CkCrypt2_getLastChunk(HCkCrypt2 cHandle);
void CkCrypt2_putLastChunk(HCkCrypt2 cHandle, BOOL newVal);
(See the description for the FirstChunk property.)
void CkCrypt2_getLastErrorHtml(HCkCrypt2 cHandle, HCkString retval);
Error information in HTML format for the last method called.
void CkCrypt2_getLastErrorText(HCkCrypt2 cHandle, HCkString retval);
Error information in plain-text format for the last method called.
void CkCrypt2_getLastErrorXml(HCkCrypt2 cHandle, HCkString retval);
Error information in XML format for the last method called.
long CkCrypt2_getPaddingScheme(HCkCrypt2 cHandle);
void CkCrypt2_putPaddingScheme(HCkCrypt2 cHandle, long newVal);
The padding scheme used by block encryption algorithms such as AES (Rijndael), Blowfish, Twofish, RC2, DES, 3DES, etc. Block encryption algorithms pad encrypted data to a multiple of algorithm's block size. The default value of this property is 0.
Possible values are:
0 = RFC 1423 padding scheme: Each padding byte is set to the number of padding bytes. If the data is already a multiple of algorithm's block size bytes, an extra block is appended each having a value equal to the block size. (for example, if the algorithm's block size is 16, then 16 bytes having the value 0x10 are added.). (This is also known as PKCS7 padding: PKCS #7 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added. )
1 = FIPS81 (Federal Information Processing Standards 81) where the last byte contains the number of padding bytes, including itself, and the other padding bytes are set to random values.
2 = Each padding byte is set to a random value. The decryptor must know how many bytes are in the original unencrypted data.
3 = Pad with NULLs. (If already a multiple of the algorithm's block size, no padding is added).
4 = Pad with SPACE chars(0x20). (If already a multiple of algorithm's block size, no padding is added).
void CkCrypt2_getPbesAlgorithm(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putPbesAlgorithm(HCkCrypt2 cHandle, const char *newVal);
If the CryptAlgorithm property is set to "pbes1" or "pbes2", this property specifies the underlying encryption algorithm to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127
void CkCrypt2_getPbesPassword(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putPbesPassword(HCkCrypt2 cHandle, const char *newVal);
The password to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127
long CkCrypt2_getRc2EffectiveKeyLength(HCkCrypt2 cHandle);
void CkCrypt2_putRc2EffectiveKeyLength(HCkCrypt2 cHandle, long newVal);
The effective key length (in bits) for the RC2 encryption algorithm. When RC2 is used, both the KeyLength and Rc2EffectiveKeyLength properties should be set. For RC2, both should be between 8 and 1024 (inclusive).
void CkCrypt2_getSalt(HCkCrypt2 cHandle, HCkByteData retval);
void CkCrypt2_putSalt(HCkCrypt2 cHandle, HCkByteData newVal);
The salt to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127
void CkCrypt2_getSecretKey(HCkCrypt2 cHandle, HCkByteData retval);
void CkCrypt2_putSecretKey(HCkCrypt2 cHandle, HCkByteData newVal);
The binary secret key used for symmetric encryption (Rijndael, Blowfish, Twofish). The secret key must be identical for decryption to succeed. The length in bytes of the SecretKey must equal the KeyLength/8.
BOOL CkCrypt2_getUtf8(HCkCrypt2 cHandle);
void CkCrypt2_putUtf8(HCkCrypt2 cHandle, BOOL newVal);
When set to true, all "const char *" arguments are expected to be utf-8 strings. If set to false, the "const char *" arguments are expected to be ANSI strings.
void CkCrypt2_getUuFilename(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putUuFilename(HCkCrypt2 cHandle, const char *newVal);
To be documented soon...
void CkCrypt2_getUuMode(HCkCrypt2 cHandle, HCkString retval);
void CkCrypt2_putUuMode(HCkCrypt2 cHandle, const char *newVal);
To be documented soon...
BOOL CkCrypt2_getVerboseLogging(HCkCrypt2 cHandle);
void CkCrypt2_putVerboseLogging(HCkCrypt2 cHandle, BOOL newVal);
To be documented soon...
void CkCrypt2_getVersion(HCkCrypt2 cHandle, HCkString retval);
The version of the component, such as "4.0.0".
C "Methods"
void CkCrypt2_AddEncryptCert(HCkCrypt2 cHandle, HCkCert cert);
Adds a certificate to be used for public-key encryption. (To use public-key encryption with digital certificates, set the CryptAlgorithm property = "pki".) To encrypt with more than one certificate, call AddEncryptCert once per certificate.
void CkCrypt2_ByteSwap4321(HCkCrypt2 cHandle, HCkByteData inOut);
Convenience method for byte swapping between little-endian byte ordering and big-endian byte ordering.
BOOL CkCrypt2_BytesToString(HCkCrypt2 cHandle, HCkByteData inData, const char *charset, HCkString outStr);
Convert a VARIANT containing a byte array to a String.
BOOL CkCrypt2_CkDecryptFile(HCkCrypt2 cHandle, const char *inFile, const char *outFile);
File-to-file decryption. There is no limit to the size of the file that can be decrypted because the component will operate in streaming mode internally. Returns TRUE for success, FALSE for failure.
BOOL CkCrypt2_CkEncryptFile(HCkCrypt2 cHandle, const char *inFile, const char *outFile);
File-to-file encryption. There is no limit to the size of the file that can be encrypted because the component will operate in streaming mode internally. Returns TRUE for success, FALSE for failure.
void CkCrypt2_ClearEncryptCerts(HCkCrypt2 cHandle);
Clears the internal list of digital certificates to be used for public-key encryption.
BOOL CkCrypt2_CompressBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
Memory-to-memory compression. Compresses a byte array and returns a byte array of compressed data. The compression algorithm specified by the CompressionAlgorithm property is used. Currently, the only choice is "BZIP2".
BOOL CkCrypt2_CompressBytesENC(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
Same as CompressBytes, except an encoded string is returned. The encoding is controlled by the EncodingMode property, which can be set to "Base64", "QP" (for quoted-printable), or "Hex".
BOOL CkCrypt2_CompressString(HCkCrypt2 cHandle, const char *str, HCkByteData out);
Compresses a string and returns a byte array of the compressed data. For languages such as C#, VB.NET, Visual Basic 6, etc. the string input argument is Unicode. The Charset property controls the conversion of the Unicode string to a multibyte string before compression is applied. For example, if Charset is set to "iso-8859-1", then the input string argument is first converted from Unicode (2 bytes per char) to iso-8859-1 (1 byte per char) before compressing according to the CompressionAlgorithm property ("BZIP2"). If the Charset property is set to "unicode", then no character encoding conversion will happen, and the full Unicode string is compressed.
BOOL CkCrypt2_CompressStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
Compresses a string and returns an encoded string of the compressed data. For languages such as C#, VB.NET, Visual Basic 6, etc. the string input argument is Unicode. The Charset property controls the conversion of the Unicode string to a multibyte string before compression is applied. For example, if Charset is set to "iso-8859-1", then the input string argument is first converted from Unicode (2 bytes per char) to iso-8859-1 (1 byte per char) before compressing according to the CompressionAlgorithm property ("BZIP2"). If the Charset property is set to "unicode", then no character encoding conversion will happen, and the full Unicode string is compressed. Compressed data is typically binary data which is not a printable string. This method encodes the output compressed data to a printable string according to the EncodingMode property, which can be set to "Base64", "QP" (for quoted-printable), or "Hex".
BOOL CkCrypt2_CreateDetachedSignature(HCkCrypt2 cHandle, const char *inFile, const char *sigFile);
Digitally signs a file and writes the digital signature to a separate output file (a PKCS#7 signature file). The input file (inFilePath) is unmodified.
A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.
This method is equivalent to CreateP7S. The CreateP7S method was added to clarify the format of the signature file that is created. Returns TRUE for success, FALSE for failure.
BOOL CkCrypt2_CreateP7M(HCkCrypt2 cHandle, const char *inFilename, const char *p7mFilename);
Digitally signs a file and creates a .p7m (PKCS #7 Message) file that contains both the signature and original file content. The input file (ARG1) is unmodified.
A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method. Returns TRUE for success, FALSE for failure.
BOOL CkCrypt2_CreateP7S(HCkCrypt2 cHandle, const char *inFilename, const char *p7sFilename);
Digitally signs a file and creates a .p7s (PKCS #7 Signature) signature file. The input file (inFilename) is unmodified. The output file ( outP7sFilename) contains only the signature and not the original data.
A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method. Returns TRUE for success, FALSE for failure.
void CkCrypt2_Decode(HCkCrypt2 cHandle, const char *str, const char *encoding, HCkByteData bData);
Decode binary data from base64, hex, quoted-printable, or URL-encoding. The encoding argument can be any of the following strings: "base64", "hex", "url", or "quoted-printable".
BOOL CkCrypt2_DecodeString(HCkCrypt2 cHandle, const char *inStr, const char *charset, const char *encoding, HCkString outStr);
To be documented soon...
BOOL CkCrypt2_DecryptBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
Decrypts a byte array and returns the unencrypted byte array. The property settings used when encrypting the data must match the settings when decrypting. Specifically, the CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.
BOOL CkCrypt2_DecryptBytesENC(HCkCrypt2 cHandle, const char *str, HCkByteData out);
Decrypts string-encoded encrypted data and returns the unencrypted byte array. Data encrypted with EncryptBytesENC can be decrypted with this method. The property settings used when encrypting the data must match the settings when decrypting. Specifically, the EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.
BOOL CkCrypt2_DecryptEncoded(HCkCrypt2 cHandle, const char *str, HCkString outStr);
Encrypted data is passed to this method as an encoded string (base64, hex, etc.). This method first decodes the input data according to the EncodingMode property setting. It then decrypts and re-encodes using the EncodingMode setting, and returns the decrypted data in encoded string form.
BOOL CkCrypt2_DecryptString(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
The reverse of EncryptString. Decrypts encrypted byte data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.
BOOL CkCrypt2_DecryptStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
The reverse of EncryptStringENC. Decrypts string-encoded encrypted data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.
void CkCrypt2_Encode(HCkCrypt2 cHandle, HCkByteData bData, const char *encoding, HCkString str);
Encode binary data to base64, hex, quoted-printable, or URL-encoding. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
BOOL CkCrypt2_EncodeString(HCkCrypt2 cHandle, const char *inStr, const char *charset, const char *encoding, HCkString outStr);
To be documented soon...
BOOL CkCrypt2_EncryptBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
Encrypts a byte array. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned.
BOOL CkCrypt2_EncryptBytesENC(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
Encrypts a byte array and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The encoding of the string that is returned is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
BOOL CkCrypt2_EncryptEncoded(HCkCrypt2 cHandle, const char *str, HCkString outStr);
The input string is first decoded according to the encoding algorithm specified by the EncodingMode property (such as base64, hex, etc.) It is then encrypted according to the encryption algorithm specified by CryptAlgorithm. The resulting encrypted data is encoded (using EncodingMode) and returned.
BOOL CkCrypt2_EncryptString(HCkCrypt2 cHandle, const char *str, HCkByteData out);
Encrypts a string and returns the encrypted data as a byte array. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. The complete list of possible charsets is listed here:
us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u
BOOL CkCrypt2_EncryptStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
Encrypts a string and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset, and EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting (with DecryptStringENC), all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. (Refer to EncryptString for the complete list of charsets.) The EncodingMode property controls the encoding of the string that is returned. It can be set to "Base64", "QP", or "Hex".
void CkCrypt2_GenEncodedSecretKey(HCkCrypt2 cHandle, const char *password, const char *encoding, HCkString outStr);
To be documented soon.
BOOL CkCrypt2_GenRandomBytesENC(HCkCrypt2 cHandle, int numBytes, HCkString outStr);
Generates numBytes random bytes and returns them as an encoded string. The encoding, such as base64, hex, etc. is controlled by the EncodingMode property.
void CkCrypt2_GenerateSecretKey(HCkCrypt2 cHandle, const char *password, HCkByteData out);
Hashes a string to a byte array that has the same number of bits as the current value of the KeyLength property. For example, if KeyLength is equal to 128 bits, then a 16-byte array is returned. This can be used to set the SecretKey property. In order to decrypt, the SecretKey must match exactly. To use "password-based" encryption, the password is passed to this method to generate a binary secret key that can then be assigned to the SecretKey property.
void CkCrypt2_GetEncodedIV(HCkCrypt2 cHandle, const char *encoding, HCkString strIV);
Returns the initialization vector as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
void CkCrypt2_GetEncodedKey(HCkCrypt2 cHandle, const char *encoding, HCkString strKey);
Returns the secret key as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
void CkCrypt2_GetEncodedSalt(HCkCrypt2 cHandle, const char *encoding, HCkString outStr);
Returns the password-based encryption (PBE) salt bytes as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
HCkCert CkCrypt2_GetLastCert(HCkCrypt2 cHandle);
Returns the last certificate used when decrypting data or verifying a signature. This is only valid when public-key encryption is used, and does not apply to symmetric algorithms such as Rijndael, Blowfish, or Twofish.
BOOL CkCrypt2_HashBeginBytes(HCkCrypt2 cHandle, HCkByteData data);
Begin hashing a byte stream. Call this method to hash the 1st chunk. Additional chunks are hashed by calling HashMoreBytes 0 or more times followed by a final call to HashFinal (or HashFinalENC) to retrieve the result. The hash algorithm is selected by the HashAlgorithm property setting.
BOOL CkCrypt2_HashBeginString(HCkCrypt2 cHandle, const char *strData);
Begin hashing a text stream. Call this method to hash the 1st chunk. Additional chunks are hashed by calling HashMoreString 0 or more times followed by a final call to HashFinal (or HashFinalENC) to retrieve the result. The hash algorithm is selected by the HashAlgorithm property setting.
BOOL CkCrypt2_HashBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
Hashes a byte array. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval".
The HAVAL hash algorithm is affected by two other properties: HavalRounds and KeyLength.
The HavalRounds may have values of 3, 4, or 5.
The KeyLength may have values of 128, 160, 192, 224, or 256.
BOOL CkCrypt2_HashBytesENC(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
Hashes a byte array and returns an encoded (printable) string of the binary hash. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The encoding is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
BOOL CkCrypt2_HashFile(HCkCrypt2 cHandle, const char *filename, HCkByteData out);
Hashes a file. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The function returns the hash bytes. Any size file is supported because the file is hashed internally in streaming mode.
The HAVAL hash algorithm is affected by two other properties: HavalRounds and KeyLength.
The HavalRounds may have values of 3, 4, or 5.
The KeyLength may have values of 128, 160, 192, 224, or 256.
BOOL CkCrypt2_HashFileENC(HCkCrypt2 cHandle, const char *filename, HCkString out);
Hashes a file. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The function returns the hash as a string encoded according to the EncodingMode property. Any size file is supported because the file is hashed internally in streaming mode.
BOOL CkCrypt2_HashFinal(HCkCrypt2 cHandle, HCkByteData outBytes);
Finalizes a multi-step hash computation and returns the hash bytes.
BOOL CkCrypt2_HashFinalENC(HCkCrypt2 cHandle, HCkString outStr);
Finalizes a multi-step hash computation and returns the hash bytes encoded according to the EncodingMode property setting.
BOOL CkCrypt2_HashMoreBytes(HCkCrypt2 cHandle, HCkByteData data);
Adds more bytes to the hash currently under computation. (See HashBeginBytes)
BOOL CkCrypt2_HashMoreString(HCkCrypt2 cHandle, const char *strData);
Adds more text to the hash currently under computation. (See HashBeginString)
BOOL CkCrypt2_HashString(HCkCrypt2 cHandle, const char *str, HCkByteData out);
Hashes a string and returns a binary hash. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list fo supported charsets is listed in the EncryptString method description.
BOOL CkCrypt2_HashStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
Hashes a string and returns an encoded (printable) string of the binary hash. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list of supported charsets is listed in the EncryptString method description.
The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
The HAVAL hash algorithm is affected by two other properties: HavalRounds and KeyLength.
The HavalRounds may have values of 3, 4, or 5.
The KeyLength may have values of 128, 160, 192, 224, or 256.
void CkCrypt2_HmacBytes(HCkCrypt2 cHandle, HCkByteData inBytes, HCkByteData hmacOut);
Computes a keyed-Hash Message Authentication Code (HMAC or KHMAC), which is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA-1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.
The secret key is set by calling one of these methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.
The hash algorithm is specified by the HashAlgorithm property.
void CkCrypt2_HmacBytesENC(HCkCrypt2 cHandle, HCkByteData inBytes, HCkString encodedHmacOut);
Computes an HMAC using a secret key and hash algorithm. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.
The secret key is set by calling one of these methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.
The hash algorithm is specified by the HashAlgorithm property.
void CkCrypt2_HmacString(HCkCrypt2 cHandle, const char *inText, HCkByteData hmacOut);
Computes an HMAC using a secret key and hash algorithm.
The secret key is set by calling one of these methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.
The hash algorithm is specified by the HashAlgorithm property.
void CkCrypt2_HmacStringENC(HCkCrypt2 cHandle, const char *inText, HCkString encodedHmacOut);
Computes an HMAC using a secret key and hash algorithm. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.
The secret key is set by calling one of these methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.
The hash algorithm is specified by the HashAlgorithm property.
BOOL CkCrypt2_InflateBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
The opposite of CompressBytes.
BOOL CkCrypt2_InflateBytesENC(HCkCrypt2 cHandle, const char *str, HCkByteData out);
The opposite of CompressBytesENC. The EncodingMode and CompressionAlgorithm properties should match what was used when compressing.
BOOL CkCrypt2_InflateString(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
The opposite of CompressString. The Charset and CompressionAlgorithm properties should match what was used when compressing.
BOOL CkCrypt2_InflateStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
The opposite of CompressStringENC. The Charset, EncodingMode, and CompressionAlgorithm properties should match what was used when compressing.
BOOL CkCrypt2_IsUnlocked(HCkCrypt2 cHandle);
Returns true if the component is unlocked.
BOOL CkCrypt2_MySqlAesDecrypt(HCkCrypt2 cHandle, const char *strEncrypted, const char *strKey, HCkString outStr);
Matches MySQL's AES_DECRYPT function. strEncryptedHex is a hex-encoded string of the AES encrypted data. The return value is the original unencrypted string.
BOOL CkCrypt2_MySqlAesEncrypt(HCkCrypt2 cHandle, const char *strData, const char *strKey, HCkString outStr);
Matches MySQL's AES_ENCRYPT function. The return value is a hex-encoded string of the encrypted data. The equivalent call in MySQL would look like this: HEX(AES_ENCRYPT('The quick brown fox jumps over the lazy dog','password'))
BOOL CkCrypt2_OpaqueSignBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
Digitally signs a byte array and returns the opaque digital signature. A certificate must be set by calling SetSigningCert prior to calling this method.
BOOL CkCrypt2_OpaqueSignBytesENC(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
Digitally signs a byte array and returns the opaque digital signature encoded as a printable string. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP", or "Hex".
BOOL CkCrypt2_OpaqueSignString(HCkCrypt2 cHandle, const char *str, HCkByteData out);
Digitally signs a string and returns the opaque digital signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.
BOOL CkCrypt2_OpaqueSignStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
Digitally signs a string and returns the opaque digital signature as an encoded string. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description. The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
BOOL CkCrypt2_OpaqueVerifyBytes(HCkCrypt2 cHandle, HCkByteData p7s, HCkByteData original);
Verifies an opaque signature and returns the original data. If the signature verification fails, the returned data will be 0 bytes in length.
BOOL CkCrypt2_OpaqueVerifyBytesENC(HCkCrypt2 cHandle, const char *p7s, HCkByteData original);
Verifies an opaque signature (encoded in string form) and returns the original data. If the signature verification fails, the returned data will be 0 bytes in length.
BOOL CkCrypt2_OpaqueVerifyString(HCkCrypt2 cHandle, HCkByteData p7s, HCkString original);
Verifies an opaque signature and returns the original string. If the signature verification fails, the returned string will be 0 characters in length.
BOOL CkCrypt2_OpaqueVerifyStringENC(HCkCrypt2 cHandle, const char *p7s, HCkString original);
Verifies an opaque signature (encoded in string form) and returns the original data string. If the signature verification fails, the returned string will be 0 characters in length.
BOOL CkCrypt2_Pbkdf1(HCkCrypt2 cHandle, const char *password, const char *charset, const char *hashAlg, const char *salt, int iterationCount, int outputKeyBitLen, const char *encoding, HCkString outStr);
Implements the PBKDF1 algorithm (Password Based Key Derivation Function #1). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "md5", "sha1", "md2", etc. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.
BOOL CkCrypt2_Pbkdf2(HCkCrypt2 cHandle, const char *password, const char *charset, const char *hashAlg, const char *salt, int iterationCount, int outputKeyBitLen, const char *encoding, HCkString outStr);
Implements the PBKDF2 algorithm (Password Based Key Derivation Function #2). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "md5", "sha1", "md2", etc. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.
void CkCrypt2_RandomizeIV(HCkCrypt2 cHandle);
Sets the initialization vector to a random value.
void CkCrypt2_RandomizeKey(HCkCrypt2 cHandle);
Sets the secret key to a random value.
BOOL CkCrypt2_ReEncode(HCkCrypt2 cHandle, const char *data, const char *fromEncoding, const char *toEncoding, HCkString outStr);
Provides a means for converting from one encoding to another (such as base64 to hex). This is helpful for programming environments where byte arrays are a real pain-in-the-***. The fromEncoding and toEncoding may be "base64", "hex", "quoted-printable" (or "qp"), or "url".
BOOL CkCrypt2_ReadFile(HCkCrypt2 cHandle, const char *filename, HCkByteData outBytes);
Convenience method to read an entire file and return as a byte array.
BOOL CkCrypt2_SaveLastError(HCkCrypt2 cHandle, const char *filename);
Saves the last error information to an XML formatted file.
BOOL CkCrypt2_SetCSP(HCkCrypt2 cHandle, HCkCSP csp);
Allows for any Cryptographic Service Provider to be used with public-key encryption.
BOOL CkCrypt2_SetDecryptCert(HCkCrypt2 cHandle, HCkCert cert);
Sets the digital certificate to be used for decryption when the CryptAlgorithm property is set to "PKI". A private key is required for decryption. Because this method only specifies the certificate, a prerequisite is that the certificate w/ private key must have been pre-installed on the computer. Private keys are stored in the Windows Protected Store (either a user account specific store, or the system-wide store). The Chilkat component will automatically locate and find the certificate's corresponding private key from the protected store when decrypting. Returns TRUE for success, FALSE for failure.
BOOL CkCrypt2_SetDecryptCert2(HCkCrypt2 cHandle, HCkCert cert, HCkPrivateKey key);
Sets the digital certificate to be used for decryption when the CryptAlgorithm property is set to "PKI". The private key is supplied in the 2nd argument to this method, so there is no requirement that the certificate be pre-installed on a computer before decrypting (if this method is called). Returns TRUE for success, FALSE for failure.
void CkCrypt2_SetEncodedIV(HCkCrypt2 cHandle, const char *ivStr, const char *encoding);
Sets the initialization vector from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".
void CkCrypt2_SetEncodedKey(HCkCrypt2 cHandle, const char *keyStr, const char *encoding);
Sets the secret key from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".
void CkCrypt2_SetEncodedSalt(HCkCrypt2 cHandle, const char *saltStr, const char *encoding);
Sets the password-based encryption (PBE) salt bytes from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".
void CkCrypt2_SetEncryptCert(HCkCrypt2 cHandle, HCkCert cert);
Tells the encryption library to use a specific digital certificate for public-key encryption. To encrypt with multiple certificates, call AddEncryptCert once for each certificate. (Calling this method is the equivalent of calling ClearEncryptCerts followed by AddEncryptCert.)
void CkCrypt2_SetHmacKeyBytes(HCkCrypt2 cHandle, HCkByteData keyBytes);
Sets the secret key to be used for one of the HMAC methods.
void CkCrypt2_SetHmacKeyEncoded(HCkCrypt2 cHandle, const char *key, const char *encoding);
Sets the secret key to be used for one of the HMAC methods. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
void CkCrypt2_SetHmacKeyString(HCkCrypt2 cHandle, const char *key);
Sets the secret key to be used for one of the HMAC methods.
void CkCrypt2_SetIV(HCkCrypt2 cHandle, const unsigned char *ivData, int numBytes);
Sets the initialization vector for a symmetric encryption algorithm (such as AES, BlowFish, TwoFish, DES, etc.). IV's are used in CBC mode (Cipher-Block-Chaining), but are not used in ECB mode (Electronic Cookbook). The length of the IV should equal the block size of the algorithm. (It is not equal to the key length). For AES and TwoFish, the block size (and thus IV size) is always 16 bytes. For Blowfish it's 8 bytes. For DES and 3DES it's 8 bytes.
void CkCrypt2_SetSecretKey(HCkCrypt2 cHandle, const unsigned char *keyData, int numBytes);
To be documented soon.
void CkCrypt2_SetSecretKeyViaPassword(HCkCrypt2 cHandle, const char *password);
Accepts a password string and (internally) generates a binary secret key of the appropriate bit length and sets the SecretKey property. This method should only be used if you are using Chilkat for both encryption and decryption because the password-to-secret-key algorithm would need to be identical for the decryption to match the encryption.
void CkCrypt2_SetSigningCert(HCkCrypt2 cHandle, HCkCert cert);
Tells the encryption library to use a specific digital certificate for digital signature creation.
BOOL CkCrypt2_SetSigningCert2(HCkCrypt2 cHandle, HCkCert cert, HCkPrivateKey key);
To be documented soon...
void CkCrypt2_SetVerifyCert(HCkCrypt2 cHandle, HCkCert cert);
Sets the digital certificate to be used in verifying a signature.
BOOL CkCrypt2_SignBytes(HCkCrypt2 cHandle, HCkByteData bData, HCkByteData out);
Digitally signs a byte array and returns the detached digital signature. A certificate must be set by calling SetSigningCert prior to calling this method.
BOOL CkCrypt2_SignBytesENC(HCkCrypt2 cHandle, HCkByteData bData, HCkString out);
Digitally signs a byte array and returns the detached digital signature encoded as a printable string. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP", or "Hex".
BOOL CkCrypt2_SignString(HCkCrypt2 cHandle, const char *str, HCkByteData out);
Digitally signs a string and returns the detached digital signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.
BOOL CkCrypt2_SignStringENC(HCkCrypt2 cHandle, const char *str, HCkString out);
Digitally signs a string and returns the PKCS7 detached digital signature as an encoded string. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description. The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
BOOL CkCrypt2_StringToBytes(HCkCrypt2 cHandle, const char *inStr, const char *charset, HCkByteData outBytes);
Convert a String to a VARIANT containing a byte array where the characters are encoded according to the charset specified.
void CkCrypt2_TrimEndingWith(HCkCrypt2 cHandle, const char *inStr, const char *ending, HCkString outStr);
Trim a string ending with a specific substring until the string no longer ends with that substring.
BOOL CkCrypt2_UnlockComponent(HCkCrypt2 cHandle, const char *unlockCode);
Unlocks the component. This must be called once prior to calling any other method.
BOOL CkCrypt2_VerifyBytes(HCkCrypt2 cHandle, HCkByteData bData1, HCkByteData sigData);
Verifies a byte array against a digital signature and returns true if the byte array is unaltered.
BOOL CkCrypt2_VerifyBytesENC(HCkCrypt2 cHandle, HCkByteData bData, const char *encodedSig);
Verifies a byte array against a string-encoded digital signature and returns true if the byte array is unaltered. This method can be used to verify a signature produced by SignBytesENC. The EncodingMode property must be set prior to calling to match the encoding of the digital signature string ("Base64", "QP", or "Hex").
BOOL CkCrypt2_VerifyDetachedSignature(HCkCrypt2 cHandle, const char *inFile, const char *sigFile);
Verifies a .p7s (PKCS #7 Signature) against the original file (or exact copy of it). If the inFilename has not been modified, the return value is true, otherwise it is false. This method is equivalent to VerifyP7S.
BOOL CkCrypt2_VerifyP7M(HCkCrypt2 cHandle, const char *p7mFilename, const char *outFilename);
Verifies a .p7m file and extracts the original file from the .p7m. Returns true if the signature is valid and the contents are unchanged. Otherwise returns false.
BOOL CkCrypt2_VerifyP7S(HCkCrypt2 cHandle, const char *inFilename, const char *p7sFilename);
Verifies a .p7s (PKCS #7 Signature) against the original file (or exact copy of it). If the inFilename has not been modified, the return value is true, otherwise it is false.
BOOL CkCrypt2_VerifyString(HCkCrypt2 cHandle, const char *str, HCkByteData sigData);
Verifies a string against a binary digital signature and returns true if the string is unaltered. This method can be used to verify a signature produced by SignString. The Charset property must be set to the charset that was used when creating the signature.
BOOL CkCrypt2_VerifyStringENC(HCkCrypt2 cHandle, const char *str, const char *encodedSig);
Verifies a string against a string-encoded digital signature and returns true if the string is unaltered. This method can be used to verify a signature produced by SignStringENC. The Charset and EncodingMode properties must be set to the same values that were used when creating the signature.
BOOL CkCrypt2_WriteFile(HCkCrypt2 cHandle, const char *filename, HCkByteData fileData);
Convenience method to write an entire byte array to a file.
const char *CkCrypt2_bytesToString(HCkCrypt2 cHandle, HCkByteData inData, const char *charset);
Convert a VARIANT containing a byte array to a String.
const char *CkCrypt2_charset(HCkCrypt2 cHandle);
Controls the character encoding of the text encrypted, signed, hashed or compressed. This property is relevant wherever strings are used as inputs or outputs. When working with strings, it is important to know the exact bytes that are being encrypted/hashed/signed/compressed. This is critical when interoperating with other systems. If your application is sending an encrypted string to another system that will decrypt it, you will need to know the encoding of the string that is expected on the receiving end (after decryption). If you pass Unicode data (2 byte per character) to the encryptor, subsequent decryption will reproduce the original Unicode. However, it may be that your program works with Unicode strings, but the recipient of the encrypted data works with iso-8859-1 strings. In such a case, setting the Charset property to "iso-8859-1" causes the character data to be automatically converted to the Charset before being encrypted (or compressed, or hashed, or signed). The set of valid charsets is listed below:
ANSI
us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u
const char *CkCrypt2_cipherMode(HCkCrypt2 cHandle);
Controls the cipher mode for Rijndael and Twofish encryption. Possible values are "CBC" (the default) and "ECB". CBC is an acronym for Cipher Block Chaining, ECB is an acronym for Electronic CookBook.
const char *CkCrypt2_compressBytesENC(HCkCrypt2 cHandle, HCkByteData bData);
Same as CompressBytes, except an encoded string is returned. The encoding is controlled by the EncodingMode property, which can be set to "Base64", "QP" (for quoted-printable), or "Hex".
const char *CkCrypt2_compressStringENC(HCkCrypt2 cHandle, const char *str);
Compresses a string and returns an encoded string of the compressed data. For languages such as C#, VB.NET, Visual Basic 6, etc. the string input argument is Unicode. The Charset property controls the conversion of the Unicode string to a multibyte string before compression is applied. For example, if Charset is set to "iso-8859-1", then the input string argument is first converted from Unicode (2 bytes per char) to iso-8859-1 (1 byte per char) before compressing according to the CompressionAlgorithm property ("BZIP2"). If the Charset property is set to "unicode", then no character encoding conversion will happen, and the full Unicode string is compressed. Compressed data is typically binary data which is not a printable string. This method encodes the output compressed data to a printable string according to the EncodingMode property, which can be set to "Base64", "QP" (for quoted-printable), or "Hex".
const char *CkCrypt2_compressionAlgorithm(HCkCrypt2 cHandle);
Selects the compression algorithm to be used. Currently, the only valid setting is "BZIP2".
const char *CkCrypt2_cryptAlgorithm(HCkCrypt2 cHandle);
Selects the encryption algorithm for encrypting and decrypting. Possible values are: "pki", "aes", "rijndael", "blowfish", "blowfish2", "des", "3des", "rc2", "arc4", "twofish", "pbes1" and "pbes2". The "pki" encryption algorithm isn't a specific algorithm, but instead tells the component to encrypt/decrypt using public-key encryption with digital certificates. The other choices, rijndael, blowfish, and twofish, are symmetric encryption algorithms that do not involve digital certificates and public/private keys.
The original Chilkat implementation of Blowfish has a 4321 byte-swapping issue (the results are 4321 byte-swapped). The new implementation ("blowfish2") does not byte swap. This should be used for compatibility with other Blowfish software.
Password-based encryption (PBE) is selected by setting this property to "pbes1" or "pbes2". Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127. If PBE is used, the underlying encryption algorithm is specified by the PbesAlgorithm property.
const char *CkCrypt2_decodeString(HCkCrypt2 cHandle, const char *inStr, const char *charset, const char *encoding);
To be documented soon...
const char *CkCrypt2_decryptEncoded(HCkCrypt2 cHandle, const char *str);
Encrypted data is passed to this method as an encoded string (base64, hex, etc.). This method first decodes the input data according to the EncodingMode property setting. It then decrypts and re-encodes using the EncodingMode setting, and returns the decrypted data in encoded string form.
const char *CkCrypt2_decryptString(HCkCrypt2 cHandle, HCkByteData bData);
The reverse of EncryptString. Decrypts encrypted byte data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.
const char *CkCrypt2_decryptStringENC(HCkCrypt2 cHandle, const char *str);
The reverse of EncryptStringENC. Decrypts string-encoded encrypted data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.
const char *CkCrypt2_encode(HCkCrypt2 cHandle, HCkByteData bData, const char *encoding);
Encode binary data to base64, hex, quoted-printable, or URL-encoding. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
const char *CkCrypt2_encodeBytes(HCkCrypt2 cHandle, const unsigned char *byteData, int numBytes, const char *encoding);
To be documented soon...
const char *CkCrypt2_encodeBytes(HCkCrypt2 cHandle, const char *byteData, int numBytes, const char *encoding);
To be documented soon...
const char *CkCrypt2_encodeString(HCkCrypt2 cHandle, const char *inStr, const char *charset, const char *encoding);
To be documented soon...
const char *CkCrypt2_encodingMode(HCkCrypt2 cHandle);
Controls the encoding of binary data to a printable string for many methods. The valid modes are "Base64", "QP" (for quoted-printable), "URL" (for url-encoding), and "Hex".
const char *CkCrypt2_encryptBytesENC(HCkCrypt2 cHandle, HCkByteData bData);
Encrypts a byte array and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The encoding of the string that is returned is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
const char *CkCrypt2_encryptEncoded(HCkCrypt2 cHandle, const char *str);
The input string is first decoded according to the encoding algorithm specified by the EncodingMode property (such as base64, hex, etc.) It is then encrypted according to the encryption algorithm specified by CryptAlgorithm. The resulting encrypted data is encoded (using EncodingMode) and returned.
const char *CkCrypt2_encryptStringENC(HCkCrypt2 cHandle, const char *str);
Encrypts a string and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset, and EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting (with DecryptStringENC), all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. (Refer to EncryptString for the complete list of charsets.) The EncodingMode property controls the encoding of the string that is returned. It can be set to "Base64", "QP", or "Hex".
const char *CkCrypt2_genEncodedSecretKey(HCkCrypt2 cHandle, const char *password, const char *encoding);
To be documented soon.
const char *CkCrypt2_genRandomBytesENC(HCkCrypt2 cHandle, int numBytes);
Generates numBytes random bytes and returns them as an encoded string. The encoding, such as base64, hex, etc. is controlled by the EncodingMode property.
const char *CkCrypt2_getEncodedIV(HCkCrypt2 cHandle, const char *encoding);
Returns the initialization vector as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
const char *CkCrypt2_getEncodedKey(HCkCrypt2 cHandle, const char *encoding);
Returns the secret key as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
const char *CkCrypt2_getEncodedSalt(HCkCrypt2 cHandle, const char *encoding);
Returns the password-based encryption (PBE) salt bytes as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".
const char *CkCrypt2_hashAlgorithm(HCkCrypt2 cHandle);
Selects the hash algorithm used by methods that create hashes. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", and "haval".
const char *CkCrypt2_hashBytesENC(HCkCrypt2 cHandle, HCkByteData bData);
Hashes a byte array and returns an encoded (printable) string of the binary hash. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The encoding is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
const char *CkCrypt2_hashFileENC(HCkCrypt2 cHandle, const char *filename);
Hashes a file. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The function returns the hash as a string encoded according to the EncodingMode property. Any size file is supported because the file is hashed internally in streaming mode.
const char *CkCrypt2_hashFinalENC(HCkCrypt2 cHandle);
Finalizes a multi-step hash computation and returns the hash bytes encoded according to the EncodingMode property setting.
const char *CkCrypt2_hashStringENC(HCkCrypt2 cHandle, const char *str);
Hashes a string and returns an encoded (printable) string of the binary hash. The hash algorithm to be used is controlled by the HashAlgorithm property, which can be set to "sha1", "sha384", "sha512", "md2", "md5", or "haval". The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list of supported charsets is listed in the EncryptString method description.
The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
The HAVAL hash algorithm is affected by two other properties: HavalRounds and KeyLength.
The HavalRounds may have values of 3, 4, or 5.
The KeyLength may have values of 128, 160, 192, 224, or 256.
const char *CkCrypt2_hmacBytesENC(HCkCrypt2 cHandle, HCkByteData inBytes);
Computes an HMAC using a secret key and hash algorithm. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.
The secret key is set by calling one of these methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.
The hash algorithm is specified by the HashAlgorithm property.
const char *CkCrypt2_hmacStringENC(HCkCrypt2 cHandle, const char *inText);
Computes an HMAC using a secret key and hash algorithm. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.
The secret key is set by calling one of these methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.
The hash algorithm is specified by the HashAlgorithm property.
const char *CkCrypt2_inflateString(HCkCrypt2 cHandle, HCkByteData bData);
The opposite of CompressString. The Charset and CompressionAlgorithm properties should match what was used when compressing.
const char *CkCrypt2_inflateStringENC(HCkCrypt2 cHandle, const char *str);
The opposite of CompressStringENC. The Charset, EncodingMode, and CompressionAlgorithm properties should match what was used when compressing.
const char *CkCrypt2_lastErrorHtml(HCkCrypt2 cHandle);
Error information in HTML format for the last method called.
const char *CkCrypt2_lastErrorText(HCkCrypt2 cHandle);
Error information in plain-text format for the last method called.
const char *CkCrypt2_lastErrorXml(HCkCrypt2 cHandle);
Error information in XML format for the last method called.
const char *CkCrypt2_mySqlAesDecrypt(HCkCrypt2 cHandle, const char *strEncrypted, const char *strKey);
Matches MySQL's AES_DECRYPT function. strEncryptedHex is a hex-encoded string of the AES encrypted data. The return value is the original unencrypted string.
const char *CkCrypt2_mySqlAesEncrypt(HCkCrypt2 cHandle, const char *strData, const char *strKey);
Matches MySQL's AES_ENCRYPT function. The return value is a hex-encoded string of the encrypted data. The equivalent call in MySQL would look like this: HEX(AES_ENCRYPT('The quick brown fox jumps over the lazy dog','password'))
const char *CkCrypt2_opaqueSignBytesENC(HCkCrypt2 cHandle, HCkByteData bData);
Digitally signs a byte array and returns the opaque digital signature encoded as a printable string. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP", or "Hex".
const char *CkCrypt2_opaqueSignStringENC(HCkCrypt2 cHandle, const char *str);
Digitally signs a string and returns the opaque digital signature as an encoded string. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description. The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
const char *CkCrypt2_opaqueVerifyString(HCkCrypt2 cHandle, HCkByteData p7s);
Verifies an opaque signature and returns the original string. If the signature verification fails, the returned string will be 0 characters in length.
const char *CkCrypt2_opaqueVerifyStringENC(HCkCrypt2 cHandle, const char *p7s);
Verifies an opaque signature (encoded in string form) and returns the original data string. If the signature verification fails, the returned string will be 0 characters in length.
const char *CkCrypt2_pbesAlgorithm(HCkCrypt2 cHandle);
If the CryptAlgorithm property is set to "pbes1" or "pbes2", this property specifies the underlying encryption algorithm to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127
const char *CkCrypt2_pbesPassword(HCkCrypt2 cHandle);
The password to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127
const char *CkCrypt2_pbkdf1(HCkCrypt2 cHandle, const char *password, const char *charset, const char *hashAlg, const char *salt, int iterationCount, int outputKeyBitLen, const char *encoding);
Implements the PBKDF1 algorithm (Password Based Key Derivation Function #1). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "md5", "sha1", "md2", etc. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.
const char *CkCrypt2_pbkdf2(HCkCrypt2 cHandle, const char *password, const char *charset, const char *hashAlg, const char *salt, int iterationCount, int outputKeyBitLen, const char *encoding);
Implements the PBKDF2 algorithm (Password Based Key Derivation Function #2). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "md5", "sha1", "md2", etc. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.
const char *CkCrypt2_reEncode(HCkCrypt2 cHandle, const char *data, const char *fromEncoding, const char *toEncoding);
Provides a means for converting from one encoding to another (such as base64 to hex). This is helpful for programming environments where byte arrays are a real pain-in-the-***. The fromEncoding and toEncoding may be "base64", "hex", "quoted-printable" (or "qp"), or "url".
const char *CkCrypt2_signBytesENC(HCkCrypt2 cHandle, HCkByteData bData);
Digitally signs a byte array and returns the detached digital signature encoded as a printable string. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP", or "Hex".
const char *CkCrypt2_signStringENC(HCkCrypt2 cHandle, const char *str);
Digitally signs a string and returns the PKCS7 detached digital signature as an encoded string. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description. The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".
const char *CkCrypt2_trimEndingWith(HCkCrypt2 cHandle, const char *inStr, const char *ending);
Trim a string ending with a specific substring until the string no longer ends with that substring.
const char *CkCrypt2_uuFilename(HCkCrypt2 cHandle);
To be documented soon...
const char *CkCrypt2_uuMode(HCkCrypt2 cHandle);
To be documented soon...
const char *CkCrypt2_version(HCkCrypt2 cHandle);
The version of the component, such as "4.0.0".
|