Crypt2 DataFlex Reference Documentation

Crypt2

Chilkat encryption component.

Object Creation

Handle hoCrypt2
Get Create(RefClass(cComChilkatCrypt2)) to hoCrypt2

Properties

Function ComAbortCurrent Returns Boolean
Procedure Set ComAbortCurrent Boolean value

Introduced in version 9.5.0.58

When set to True, causes the currently running method to abort. Methods that always finish quickly (i.e.have no length file operations or network communications) are not affected. If no method is running, then this property is automatically reset to False when the next method is called. When the abort occurs, this property is reset to False. Both synchronous and asynchronous method calls can be aborted. (A synchronous method call could be aborted by setting this property from a separate thread.)

Function ComBCryptWorkFactor Returns Integer
Procedure Set ComBCryptWorkFactor Integer value

Introduced in version 9.5.0.65

The BCrypt work factor to be used for the BCryptHash and BCryptVerify. This is the log2 of the number of rounds of hashing to apply. For example, if the work (cost) factor is 12, then 2^12 rounds of hashing are applied. The purpose of this cost factor is to make the BCrypt computation expensive enought to prevent brute-force attacks. (Any complaints about BCrypt "not being fast enough" will be ignored.)

This property must have a value ranging from 4 to 31 inclusive.

The default value is 10.

Function ComBlockSize Returns Integer

The block-size (in bytes) of the selected encryption algorithm. For example, if the CryptAlgorithm property is set to "aes", the BlockSize property is automatically set to 16. The block-size for the ARC4 streaming encryption algorithm is 1.

Function ComByteSwapOnDecrypt Returns Boolean
Procedure Set ComByteSwapOnDecrypt Boolean value

This property is deprecated. It will be removed in a future version.

Controls whether bytes are 4321 swapped on decryption. This helps in handling byte-ordering issues with cross-platform applications.

Function ComCadesEnabled Returns Boolean
Procedure Set ComCadesEnabled Boolean value

Applies to all methods that create PKCS7 signatures. To create a CAdES-BES signature, set this property equal to True. The default value of this property is False.

CAdES BES Detached Signature

CAdES BES Attached (Opaque) Signature

Function ComCadesSigPolicyHash Returns String
Procedure Set ComCadesSigPolicyHash String value

Applies to all methods that create PKCS7 signatures. To create a CAdES-EPES signature, set the CadesEnabled property = True, and also provide values for each of the following properties: CadesSigPolicyHash, CadesSigPolicyId, and CadesSigPolicyUri. For example (in pseudo-code):

cryptObj.CadesSigPolicyId = "2.16.76.1.7.1.1.1"
cryptObj.CadesSigPolicyUri = "http://politicas.icpbrasil.gov.br/PA_AD_RB.der"
cryptObj.CadesSigPolicyHash = "rySugyKaMhiMR8Y/o5yuU2A2bF0="
Note: Do NOT use the values above. They are only provided as an example to show valid values. For example, the Policy ID is an OID. The Policy URI is a typically a URL to a DER encoded policy file, and the Policy Hash is a base64 encoded hash.

Function ComCadesSigPolicyId Returns String
Procedure Set ComCadesSigPolicyId String value

See the description for the CadesSigPolicyHash property above.

Function ComCadesSigPolicyUri Returns String
Procedure Set ComCadesSigPolicyUri String value

See the description for the CadesSigPolicyHash property above.

Function ComCharset Returns String
Procedure Set ComCharset String value

Controls the character encoding of the text encrypted, signed, hashed or compressed. This property is relevant wherever strings are used as inputs or outputs.

When working with strings, it is important to know the exact bytes that are being encrypted/hashed/signed/compressed. This is critical when interoperating with other systems. If your application is sending an encrypted string to another system that will decrypt it, you will need to know the encoding of the string that is expected on the receiving end (after decryption). If you pass Unicode data (2 byte per character) to the encryptor, subsequent decryption will reproduce the original Unicode. However, it may be that your program works with Unicode strings, but the recipient of the encrypted data works with iso-8859-1 strings. In such a case, setting the Charset property to "iso-8859-1" causes the character data to be automatically converted to the Charset before being encrypted (or compressed, or hashed, or signed). The set of valid charsets is listed below:


hex
base64
    * "hex" and "base64" are special values that allow for binary (non-text) encoded data to be passed to any method where the input data is a string.
       Rather than converting to an actual charset (such as utf-8, iso-8859-1), the binary data is decoded, and the decoded bytes are passed
        to the underlying encryptor, hashing, signing, etc.
ANSI
us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u

Using "hex" or "base64" for encoded binary data input.

Function ComCipherMode Returns String
Procedure Set ComCipherMode String value

Controls the cipher mode for block encryption algorithms (AES, Blowfish,TwoFish, DES, 3DES, RC2). Possible values are "CBC" (the default) , "ECB", "CTR", "OFB", "GCM", and "CFB". These acronyms have the following meanings:

  • CBC: Cipher Block Chaining,
  • ECB: Electronic CookBook
  • CTR: Counter Mode
  • CFB: Cipher Feedback
  • OFB: Output Feedback
  • GCM: Galois/Counter Mode

(see http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation )

Note: Prior to Chilkat v9.5.0.55, the CFB mode is only implemented for AES, Blowfish, and DES/3DES, and the CTR mode is only implemented for AES.

Starting in v9.5.0.55 CFB and OFB modes are useable with all encryption algorithms, and GCM (Galois/Counter Mode) is available with any cipher having a 16-byte block size, such as AES and Twofish. CFB, OFB, CTR, and GCM modes convert block ciphers into stream ciphers. In these modes of operation, the PaddingScheme property is unused because no padding occurs.

Function ComCompressionAlgorithm Returns String
Procedure Set ComCompressionAlgorithm String value

This property is deprecated. It will be removed in a future version.

This property is deprecated. The only possible value is "BZIP2". The compression functionality in Crypt2 is legacy and existed long before the general compression functionality that is currently offered in Chilkat.Compression. The Chilkat.Compression API should be used instead.

Function ComCryptAlgorithm Returns String
Procedure Set ComCryptAlgorithm String value

Selects the encryption algorithm for encrypting and decrypting. Possible values are: "chacha20", "pki", "aes", "blowfish", "blowfish2", "des", "3des", "rc2", "arc4", "twofish", "pbes1" and "pbes2". The "pki" encryption algorithm isn't a specific algorithm, but instead tells the component to encrypt/decrypt using public-key encryption with digital certificates. The other choices are symmetric encryption algorithms that do not involve digital certificates and public/private keys.

The original Chilkat implementation of Blowfish has a 4321 byte-swapping issue (the results are 4321 byte-swapped). The new implementation ("blowfish2") does not byte swap. This should be used for compatibility with other Blowfish software.

Password-based encryption (PBE) is selected by setting this property to "pbes1" or "pbes2". Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at https://tools.ietf.org/html/rfc2898. If PBE is used, the underlying encryption algorithm is specified by the PbesAlgorithm property. The underlying encryption (PbesAlgorithm) for PBES1 is limited to 56-bit DES or 64-bit RC2.

Note:The chacha20 algorithm is introduced in Chilkat v9.5.0.55.

ChaCha20 Encryption

Function ComDebugLogFilePath Returns String
Procedure Set ComDebugLogFilePath String value

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

Function ComEncodingMode Returns String
Procedure Set ComEncodingMode String value

Controls the encoding of binary data to a printable string for many methods. The valid modes are "Base64", "modBase64", "base64url", "Base32", "Base58", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oauth", "url_rfc1738", "url_rfc2396", "url_rfc3986", "fingerprint", or "decimal".

The "fingerprint" and"decimal" encodings are introduced in Chilkat v9.5.0.55.

The "fingerprint" encoding is a lowercase hex encoding where each hex digit is separated by a colon character. For example: 6a:de:e0:af:56:f8:0c:04:11:5b:ef:4d:49:ad:09:23

The "decimal" encoding is for converting large decimal integers to/from a big-endian binary representation. For example, the decimal string "72623859790382856" converts to the bytes 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08.

Binary Encodings Supported by Chilkat

Function ComFirstChunk Returns Boolean
Procedure Set ComFirstChunk Boolean value

Chilkat Crypt2 provides the ability to feed the encryption/decryption methods with chunks of data. This allows a large amount of data, or a data stream, to be fed piecemeal for encrypting or decrypting. It applies to all symmetric algorithms currently supported (AES, Blowfish, Twofish, 3DES, RC2, DES, ARC4), and all algorithms supported in the future.

The default value for both FirstChunk and LastChunk is True. This means when an Encrypt* or Decrypt* method is called, it is both the first and last chunk (i.e. it's the entire amount of data to be encrypted or decrypted).

If you wish to feed the data piecemeal, do this:

  1. Set FirstChunk = True, LastChunk = False for the first chunk of data.
  2. For all "middle" chunks (i.e. all chunks except for the final chunk) set FirstChunk = False and LastChunk = False.
  3. For the final chunk, set FirstChunk = False and LastChunk = True

There is no need to worry about feeding data according to the block size of the encryption algorithm. For example, AES has a block size of 16 bytes. Data may be fed in chunks of any size. The Chilkat Crypt2 component will buffer the data. When the final chunk is passed, the output is padded to the algorithm's block size according to the PaddingScheme.

more info about FirstChunk/LastChunk

Encrypting/decrypting a data stream.

Encrypt File in Chunks using AES CBC

Function ComHashAlgorithm Returns String
Procedure Set ComHashAlgorithm String value

Selects the hash algorithm used by methods that create hashes. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320".

Note: SHA-2 designates a set of cryptographic hash functions that includes SHA-256, SHA-384, and SHA-512. Chilkat by definition supports "SHA-2" because it supports these algorithms.

Note: The HAVAL hash algorithm is affected by two other properties: HavalRounds and KeyLength.

  • The HavalRounds may have values of 3, 4, or 5.
  • The KeyLength may have values of 128, 160, 192, 224, or 256.

Function ComHavalRounds Returns Integer
Procedure Set ComHavalRounds Integer value

Applies to the HAVAL hash algorithm only and must be set to the integer value 3, 4, or 5. The default value is 3.

Function ComIncludeCertChain Returns Boolean
Procedure Set ComIncludeCertChain Boolean value

Only applies when creating digital signatures. If True (the default), then additional certificates (if any) in the chain of authentication are included in the PKCS7 digital signature.

Function ComInitialCount Returns Integer
Procedure Set ComInitialCount Integer value

Introduced in version 9.5.0.55

The initial counter for the ChaCha20 encryption algorithm. The default value is 0.

Function ComIterationCount Returns Integer
Procedure Set ComIterationCount Integer value

Iteration count to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

The purpose of the iteration count is to increase the computation required to encrypt and decrypt. A larger iteration count makes cracking via exhaustive search more difficult. The default value is 1024.

Function ComIV Returns Variant
Procedure Set ComIV Variant value

The initialization vector to be used with symmetric encryption algorithms (AES, Blowfish, Twofish, etc.). If left unset, no initialization vector is used.

Function ComKeyLength Returns Integer
Procedure Set ComKeyLength Integer value

The key length in bits for symmetric encryption algorithms. The default value is 256.

Function ComLastBinaryResult Returns Variant

Introduced in version 9.5.0.52

The binary data returned by the last (binary data returning) method called. Only available if Chilkat.Global.KeepBinaryResult is set to True. This provides a means for obtaining large varbinary results in the SQL Server environment (where limitations exist in getting large amounts of data returned by method calls, but where temp tables can be used for binary properties).

Function ComLastChunk Returns Boolean
Procedure Set ComLastChunk Boolean value

(See the description for the FirstChunk property.)

Encrypting/decrypting a data stream.

Encrypt File in Chunks using AES CBC

Function ComLastErrorHtml Returns String

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Function ComLastErrorText Returns String

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Concept of LastErrorText

LastErrorText Standard Information

Function ComLastErrorXml Returns String

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

Function ComLastMethodSuccess Returns Boolean
Procedure Set ComLastMethodSuccess Boolean value

Introduced in version 9.5.0.52

Indicate whether the last method call succeeded or failed. A value of True indicates success, a value of False indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = True and failure = False.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to True. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

Function ComLastStringResult Returns String

Introduced in version 9.5.0.52

The string return value of the last (string returning) method called. Only available if Chilkat.Global.KeepStringResult is set to True. This provides a means for obtaining large string results in the SQL Server environment (where limitations exist in getting long strings returned by method calls, but where temp tables can be used for string properties).

Long Strings Returned by ActiveX Methods in SQL Server

Function ComLastStringResultLen Returns Integer

Introduced in version 9.5.0.53

The length, in characters, of the string contained in the LastStringResult property.

Function ComMacAlgorithm Returns String
Procedure Set ComMacAlgorithm String value

Introduced in version 9.5.0.55

Selects the MAC algorithm to be used for any of the Mac methods, such as MacStringENC, MacBytes, etc. The default value is "hmac". Possible values are "hmac" and "poly1305".

Poly1305 MAC

Demonstrates HMAC SHA256

Function ComNumSignerCerts Returns Integer

This property is set when a digital signature is verified. It contains the number of signer certificates. Each signing certificate can be retrieved by calling the GetSignerCert method, passing an index from 0 to NumSignerCerts-1.

Extract PKCS7 Signature Digest

Verify Opaque Signature and Retrieve Signing Certificates

Function ComOaepHash Returns String
Procedure Set ComOaepHash String value

Introduced in version 9.5.0.67

Selects the hash algorithm for use within OAEP padding when encrypting using "pki" with RSAES-OAEP. The valid choices are "sha1", "sha256", "sha384", "sha512",

RSAES-OAEP Encrypt String with AES-128 Content Encryption and SHA256

Function ComOaepMgfHash Returns String
Procedure Set ComOaepMgfHash String value

Introduced in version 9.5.0.71

Selects the MGF hash algorithm for use within OAEP padding when encrypting using "pki" with RSAES-OAEP. The valid choices are "sha1", "sha256", "sha384", "sha512", The default is "sha1".

Function ComOaepPadding Returns Boolean
Procedure Set ComOaepPadding Boolean value

Introduced in version 9.5.0.67

Selects the RSA encryption scheme when encrypting using "pki" (with a certificate and private key). The default value is False, which selects RSAES_PKCS1-V1_5. If set to True, then RSAES_OAEP is used.

RSAES-OAEP Encrypt String with AES-128 Content Encryption and SHA256

Function ComPaddingScheme Returns Integer
Procedure Set ComPaddingScheme Integer value

The padding scheme used by block encryption algorithms such as AES (Rijndael), Blowfish, Twofish, RC2, DES, 3DES, etc. Block encryption algorithms pad encrypted data to a multiple of algorithm's block size. The default value of this property is 0.

Possible values are:

0 = RFC 1423 padding scheme: Each padding byte is set to the number of padding bytes. If the data is already a multiple of algorithm's block size bytes, an extra block is appended each having a value equal to the block size. (for example, if the algorithm's block size is 16, then 16 bytes having the value 0x10 are added.). (This is also known as PKCS5 padding: PKCS #5 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added. )

1 = FIPS81 (Federal Information Processing Standards 81) where the last byte contains the number of padding bytes, including itself, and the other padding bytes are set to random values.

2 = Each padding byte is set to a random value. The decryptor must know how many bytes are in the original unencrypted data.

3 = Pad with NULLs. (If already a multiple of the algorithm's block size, no padding is added).

4 = Pad with SPACE chars(0x20). (If already a multiple of algorithm's block size, no padding is added).

Function ComPbesAlgorithm Returns String
Procedure Set ComPbesAlgorithm String value

If the CryptAlgorithm property is set to "pbes1" or "pbes2", this property specifies the underlying encryption algorithm to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

Function ComPbesPassword Returns String
Procedure Set ComPbesPassword String value

The password to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

Function ComPkcs7CryptAlg Returns String
Procedure Set ComPkcs7CryptAlg String value

When the CryptAlgorithm property is "PKI" to select PKCS7 public-key encryption, this selects the underlying symmetric encryption algorithm. Possible values are: "aes", "des", "3des", and "rc2". The default value is "aes".

RSAES-OAEP Encrypt String with AES-128 Content Encryption and SHA256

Function ComRc2EffectiveKeyLength Returns Integer
Procedure Set ComRc2EffectiveKeyLength Integer value

The effective key length (in bits) for the RC2 encryption algorithm. When RC2 is used, both the KeyLength and Rc2EffectiveKeyLength properties should be set. For RC2, both should be between 8 and 1024 (inclusive).

Function ComSalt Returns Variant
Procedure Set ComSalt Variant value

The salt to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

To clarify: This property is used in encryption when the CryptAlgorithm is set to "pbes1" or "pbes2". Also note that it is not used by the Pbkdf1 or Pbkdf2 methods, as the salt is passed in an argument to those methods.

Function ComSecretKey Returns Variant
Procedure Set ComSecretKey Variant value

The binary secret key used for symmetric encryption (Aes, Blowfish, Twofish, ChaCha20, ARC4, 3DES, RC2, etc.). The secret key must be identical for decryption to succeed. The length in bytes of the SecretKey must equal the KeyLength/8.

Generate Encryption Key

Function ComSigningAlg Returns String
Procedure Set ComSigningAlg String value

Introduced in version 9.5.0.67

This property selects the signature algorithm for the OpaqueSign*, Sign*, and CreateDetachedSignature, CreateP7M, and CreateP7S methods. The default value is "PKCS1-v1_5". This can be set to "RSASSA-PSS" (or simply "pss") to use the RSASSA-PSS signature scheme.

Note: This property only applies when the private key is an RSA private key. It does not apply for ECC or DSA private keys.

RSASSA-PSS Sign String to Create Base64 PCKS7 Signature

Function ComUuFilename Returns String
Procedure Set ComUuFilename String value

When UU encoding, this is the filename to be embedded in UU encoded output. The default is "file.dat". When UU decoding, this is the filename found in the UU encoded input.

UU Encoding and Decoding

Function ComUuMode Returns String
Procedure Set ComUuMode String value

When UU encoding, this is the file permissions mode to be embedded in UU encoded output. The default is "644". When UU decoding, this property is set to the mode found in the UU encoded input.

Function ComVerboseLogging Returns Boolean
Procedure Set ComVerboseLogging Boolean value

If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

Function ComVersion Returns String

Version of the component/library, such as "9.5.0.63"

Methods

Procedure ComAddEncryptCert cComChilkatCert cert

Adds a certificate to be used for public-key encryption. (To use public-key encryption with digital certificates, set the CryptAlgorithm property = "pki".) To encrypt with more than one certificate , call AddEncryptCert once per certificate.

Encrypt a file to a PKCS7 encrypted message using multiple certificates from different users

Function ComAddPfxSourceData Variant pfxBytes String pfxPassword Returns Boolean

Adds a PFX to the object's internal list of sources to be searched for certificates and private keys when decrypting. Multiple PFX sources can be added by calling this method once for each. (On the Windows operating system, the registry-based certificate stores are also automatically searched, so it is commonly not required to explicitly add PFX sources.)

The pfxBytes contains the bytes of a PFX file (also known as PKCS12 or .p12).

Returns True for success, False for failure.

Function ComAddPfxSourceFile String pfxFilePath String pfxPassword Returns Boolean

Adds a PFX file to the object's internal list of sources to be searched for certificates and private keys when decrypting. Multiple PFX files can be added by calling this method once for each. (On the Windows operating system, the registry-based certificate stores are also automatically searched, so it is commonly not required to explicitly add PFX sources.)

The pfxFilePath contains the bytes of a PFX file (also known as PKCS12 or .p12).

Returns True for success, False for failure.

Function ComAesKeyUnwrap String kek String wrappedKeyData String encoding Returns String

Introduced in version 9.5.0.66

Implements the AES Key Wrap Algorithm (RFC 3394) for unwrapping. The kek is the Key Encryption Key (the AES key used to unwrap the wrappedKeyData). The arguments and return value are binary encoded strings using the encoding specified by encoding (which can be "base64", "hex", "base64url", etc.) The full list of supported encodings is available at the link below.

The kek should be an AES key of 16 bytes, 24 bytes, or 32 bytes (i.e. 128-bits, 192- bits, or 256-bits). For example, if passed as a hex string, then the kek should be 32 chars in length, 48 chars, or 64 chars (because each byte is represented as 2 chars in hex).

The wrappedKeyData contains the data to be unwrapped. The result, if decoded, is 8 bytes less than the wrapped key data. For example, if a 256-bit AES key (32 bytes) is wrapped, the size of the wrapped key data is 40 bytes. Unwrapping restores it to the original 32 bytes.

Returns null on failure

AES Key Wrap / Unwrap

Function ComAesKeyWrap String kek String keyData String encoding Returns String

Introduced in version 9.5.0.66

Implements the AES Key Wrap Algorithm (RFC 3394). The kek is the Key Encryption Key (the AES key used to encrypt the keyData). The arguments and return value are binary encoded strings using the encoding specified by encoding (which can be "base64", "hex", "base64url", etc.) The full list of supported encodings is available at the link below.

The kek should be an AES key of 16 bytes, 24 bytes, or 32 bytes (i.e. 128-bits, 192- bits, or 256-bits). For example, if passed as a hex string, then the kek should be 32 chars in length, 48 chars, or 64 chars (because each byte is represented as 2 chars in hex).

The keyData contains the data to be key wrapped. It must be a multiple of 64-bits in length. In other words, if the keyData is decoded to binary, it should be a number of bytes that is a multiple of 8.

The return string, if decoded to binary bytes, is equal to the size of the key data + 8 additional bytes.

Returns null on failure

AES Key Wrap / Unwrap

Function ComBCryptHash String password Returns String

Introduced in version 9.5.0.65

Computes and returns a bcrypt hash of the password. The number of rounds of hashing is determined by the BCryptWorkFactor property.

Returns null on failure

BCrypt Hash a Password

Function ComBCryptVerify String password String bcryptHash Returns Boolean

Introduced in version 9.5.0.65

Verifies the password against a previously computed BCrypt hash. Returns True if the password matches the bcryptHash. Returns False if the password does not match.

Returns True for success, False for failure.

BCrypt Verify a Password (Check if Password is Correct)

Function ComBytesToString Variant inData String charset Returns String

Utility method to convert bytes to a string -- interpreting the bytes according to the charset specified.

Returns null on failure

Function ComByteSwap4321 Variant data Returns Variant

Convenience method for byte swapping between little-endian byte ordering and big-endian byte ordering.

Returns null on failure

Function ComCkDecryptFile String srcFile String destFile Returns Boolean

File-to-file decryption. There is no limit to the size of the file that can be decrypted because the component will operate in streaming mode internally.

Returns True for success, False for failure.

AES Encrypt and Decrypt a File

Function ComCkDecryptFileAsync String srcFile String destFile Returns cComChilkatTask

Creates an asynchronous task to call the CkDecryptFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Function ComCkEncryptFile String srcFile String destFile Returns Boolean

File-to-file encryption. There is no limit to the size of the file that can be encrypted because the component will operate in streaming mode internally.

Returns True for success, False for failure.

AES Encrypt and Decrypt a File

Encrypt File using X.509 Certificate using AES in CBC Mode

Function ComCkEncryptFileAsync String srcFile String destFile Returns cComChilkatTask

Creates an asynchronous task to call the CkEncryptFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Procedure ComClearEncryptCerts

Clears the internal list of digital certificates to be used for public-key encryption.

Function ComCompressBytes Variant data Returns Variant

Bzip2 compresses a byte array and returns the compressed bytes.

This is a legacy method that should not be used in new development. It will not be marked as deprecated or removed from future APIs because existing applications may have data already compressed using this method.

The output of this method includes an 8-byte header composed of a 4-byte magic number (0xB394A7E1) and the 4-byte length of the uncompressed data.

Returns null on failure

Function ComCompressBytesENC Variant data Returns String

Same as CompressBytes, except an encoded string is returned. The output encoding is specified by the EncodingMode property.

Returns null on failure

Supported Binary Encodings

Function ComCompressString String str Returns Variant

Compresses a string and returns the compressed bytes. Prior to compressing, the string is converted to a byte representation such as utf-8, utf-16, etc. as determined by the Charset property. Otherwise, this method is the same as the CompressBytes method.

Returns null on failure

Function ComCompressStringENC String str Returns String

Compresses a string and returns the encoded compressed bytes. Prior to compressing, the string is converted to a byte representation such as utf-8, utf-16, etc. as determined by the Charset property. The output encoding is specified by the EncodingMode property. Otherwise, this method is the same as the CompressBytes method.

Returns null on failure

Supported Binary Encodings

Crypt2 Compression Example

Function ComCrcBytes String crcAlg Variant byteData

Introduced in version 9.5.0.38

Calculates a CRC for in-memory byte data. To compute the CRC used in the Zip file format, pass "CRC-32" for the crcAlg. (The crcAlg argument provides the flexibility to add additional CRC algorithms on an as-needed basis in the future.)

Function ComCrcFile String crcAlg String path

Introduced in version 9.5.0.38

Calculates a CRC for the contents of a file. To compute the CRC used in the Zip file format, pass "CRC-32" for the crcAlg. (The crcAlg argument provides the flexibility to add additional CRC algorithms on an as-needed basis in the future.) A value of 0 is returned if the file is unable to be read. Given that there is a 1 in 4 billion chance of having an actual CRC of 0, an application might choose to react to a 0 return value by testing to see if the file can be opened and read.

Function ComCrcFileAsync String crcAlg String path Returns cComChilkatTask

Introduced in version 9.5.0.38

Creates an asynchronous task to call the CrcFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Function ComCreateDetachedSignature String inFilePath String sigFilePath Returns Boolean

Digitally signs a file and writes the digital signature to a separate output file (a PKCS#7 signature file). The input file (inFilePath) is unmodified. A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.

This method is equivalent to CreateP7S. The CreateP7S method was added to clarify the format of the signature file that is created.

Returns True for success, False for failure.

Function ComCreateP7M String inFilename String p7mPath Returns Boolean

Digitally signs a file and creates a .p7m (PKCS #7 Message) file that contains both the signature and original file content. The input file (inFilename) is unmodified. A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.

To sign with a particular hash algorithm, set the HashAlgorithm property. Valid hash algorithms for signing are "sha256", "sha1", "sha384", "sha512", "md5", and "md2".

Returns True for success, False for failure.

CAdES BES Attached (Opaque) Signature

Examine the Contents of a .p7m by Converting to XML

Create P7M Using Pre-Installed Windows Certificate

Function ComCreateP7S String inFilename String p7sPath Returns Boolean

Digitally signs a file and creates a .p7s (PKCS #7 Signature) signature file. The input file (inFilename) is unmodified. The output file (p7sPath) contains only the signature and not the original data. A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.

To sign with a particular hash algorithm, set the HashAlgorithm property. Valid hash algorithms for signing are "sha256", "sha1", "sha384", "sha512", "md5", and "md2".

Returns True for success, False for failure.

CAdES BES Detached Signature

Function ComDecode String str String encoding Returns Variant

Decode binary data from an encoded string. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

Returns null on failure

Function ComDecodeString String inStr String charset String encoding Returns String

Decodes from an encoding back to the original string. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

Returns null on failure

UU Encoding and Decoding

Function ComDecryptBd cComChilkatBinData bd Returns Boolean

Introduced in version 9.5.0.67

In-place decrypts the contents of bd. The minimal set of properties that should be set before decrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV.

Returns True for success, False for failure.

Example for both AES-128 and ChaCha20 to Encrypt Binary Data

RSAES-OAEP Encrypt/Decrypt Binary Data with AES-128 and SHA56

openssl enc decrypt

Function ComDecryptBytes Variant data Returns Variant

Decrypts a byte array and returns the unencrypted byte array. The property settings used when encrypting the data must match the settings when decrypting. Specifically, the CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns null on failure

Function ComDecryptBytesENC String str Returns Variant

Decrypts string-encoded encrypted data and returns the unencrypted byte array. Data encrypted with EncryptBytesENC can be decrypted with this method. The property settings used when encrypting the data must match the settings when decrypting. Specifically, the EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns null on failure

Supported Binary Encodings

Function ComDecryptEncoded String encodedEncryptedData Returns String

Encrypted data is passed to this method as an encoded string (base64, hex, etc.). This method first decodes the input data according to the EncodingMode property setting. It then decrypts and re-encodes using the EncodingMode setting, and returns the decrypted data in encoded string form.

Returns null on failure

AEAD AES 128-bit GCM

Function ComDecryptSb cComChilkatBinData bdIn cComChilkatStringBuilder sbOut Returns Boolean

Introduced in version 9.5.0.67

Decrypts the contents of bdIn to sbOut. The decrypted string is appended to sbOut. The minimal set of properties that should be set before ecrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV.

Returns True for success, False for failure.

AES and CHACHA20 Encrypt/Decrypt Text

Function ComDecryptSecureENC String cipherText cComChilkatSecureString secureStr Returns Boolean

Introduced in version 9.5.0.71

Identical to DecryptStringENC, except the decrypts the cipherText and appends the decrypted string to the secureStr.

Returns True for success, False for failure.

Encrypt / Decrypt Secure Strings

Function ComDecryptStream cComChilkatStream strm Returns Boolean

Introduced in version 9.5.0.56

Decrypts a stream. Internally, the strm's source is read, decrypted, and the decrypted data written to the strm's sink. It does this in streaming fashion. Extremely large or even infinite streams can be decrypted with stable ungrowing memory usage.

Returns True for success, False for failure.

Streaming Encryption

Function ComDecryptStreamAsync cComChilkatStream strm Returns cComChilkatTask

Introduced in version 9.5.0.56

Creates an asynchronous task to call the DecryptStream method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Function ComDecryptString Variant data Returns String

The reverse of EncryptString.

Decrypts encrypted byte data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns null on failure

Explaining the Importance of the Charset

Function ComDecryptStringENC String str Returns String

The reverse of EncryptStringENC.

Decrypts string-encoded encrypted data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns null on failure

Explaining the Importance of the Charset

Supported Binary Encodings

Function ComEncode Variant byteData String encoding Returns String

Encode binary data to base64, hex, quoted-printable, or URL-encoding. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable" (or "qp"), "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

Returns null on failure

Function ComEncodeString String strToEncode String charsetName String toEncodingName Returns String

Encodes a string. The toEncodingName can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding). The charsetName is important, and usually you'll want to specify "ansi". For example, if the string "ABC" is to be encoded to "hex" using ANSI, the result will be "414243". However, if "unicode" is used, the result is "410042004300".

Returns null on failure

Supported Binary Encodings

Function ComEncryptBd cComChilkatBinData bd Returns Boolean

Introduced in version 9.5.0.67

In-place encrypts the contents of bd. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise the result is garbled data.

Returns True for success, False for failure.

Example for both AES-128 and ChaCha20 to Encrypt Binary Data

RSAES-OAEP Encrypt/Decrypt Binary Data with AES-128 and SHA56

Function ComEncryptBytes Variant data Returns Variant

Encrypts a byte array. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned.

Returns null on failure

Function ComEncryptBytesENC Variant data Returns String

Encrypts a byte array and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The encoding of the string that is returned is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".

Returns null on failure

Supported Binary Encodings

Function ComEncryptEncoded String str Returns String

The input string is first decoded according to the encoding algorithm specified by the EncodingMode property (such as base64, hex, etc.) It is then encrypted according to the encryption algorithm specified by CryptAlgorithm. The resulting encrypted data is encoded (using EncodingMode) and returned.

Returns null on failure

AEAD AES 128-bit GCM

Function ComEncryptSb cComChilkatStringBuilder sbIn cComChilkatBinData bdOut Returns Boolean

Introduced in version 9.5.0.67

Encrypts the contents of sbIn to bdOut. The minimal set of properties that should be set before ecrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV.

Returns True for success, False for failure.

AES and CHACHA20 Encrypt/Decrypt Text

Function ComEncryptSecureENC cComChilkatSecureString secureStr Returns String

Introduced in version 9.5.0.71

Identical to EncryptStringENC, except the clear-text contained within the secureStr is encrypted and returned.

Returns null on failure

Encrypt / Decrypt Secure Strings

Function ComEncryptStream cComChilkatStream strm Returns Boolean

Introduced in version 9.5.0.56

Encrypts a stream. Internally, the strm's source is read, encrypted, and the encrypted data written to the strm's sink. It does this in streaming fashion. Extremely large or even infinite streams can be encrypted with stable ungrowing memory usage.

Returns True for success, False for failure.

Streaming Encryption

Function ComEncryptStreamAsync cComChilkatStream strm Returns cComChilkatTask

Introduced in version 9.5.0.56

Creates an asynchronous task to call the EncryptStream method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Function ComEncryptString String str Returns Variant

Encrypts a string and returns the encrypted data as a byte array. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. The complete list of possible charsets is listed here:


us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u

Returns null on failure

Explaining the Importance of the Charset

Function ComEncryptStringENC String str Returns String

Encrypts a string and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset, and EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting (with DecryptStringENC), all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. (Refer to EncryptString for the complete list of charsets.)

The EncodingMode property controls the encoding of the string that is returned. It can be set to "Base64", "QP", or "Hex".

Returns null on failure

AES Encryption Example

Blowfish Encryption Example

3DES Encryption Example

ARC4 Encryption Example

PBES1 Password-Based Encryption

PBES2 Password-Based Encryption

RC2 Encryption Example

Twofish Encryption Example

Explaining the Importance of the Charset

Supported Binary Encodings

Binary Encodings Supported by Chilkat

Function ComGenEncodedSecretKey String password String encoding Returns String

Important: In the v9.5.0.49 release, a bug involving this method was introduced: The encoding is ignored and instead the encoding used is the current value of the EncodingMode property. The workaround is to make sure the EncodingMode property is set to the value of the desired output encoding. This problem will be fixed in v9.5.0.50.

Identical to the GenerateSecretKey method, except it returns the binary secret key as a string encoded according to encoding, which may be "base64", "hex", "url", etc. Please see the documentation for GenerateSecretKey for more information.

Returns null on failure

Function ComGenerateSecretKey String password Returns Variant

Hashes a string to a byte array that has the same number of bits as the current value of the KeyLength property. For example, if KeyLength is equal to 128 bits, then a 16-byte array is returned. This can be used to set the SecretKey property. In order to decrypt, the SecretKey must match exactly. To use "password-based" encryption, the password is passed to this method to generate a binary secret key that can then be assigned to the SecretKey property.

IMPORTANT: If you are trying to decrypt something encrypted by another party such that the other party provided you with the secret key, DO NOT use this method. This method is for transforming an arbitrary-length password into a binary secret key of the proper length. Please see this Chilkat blog post: Getting Started with AES Decryption

Returns null on failure

Deriving a 256-bit AES Secret Key from a Password Using SHA256

PBKDF2 - Derive Key from Password

Function ComGenerateUuid Returns String

Introduced in version 9.5.0.55

Generates a random UUID string having standard UUID format, such as "de305d54-75b4-431b-adb2-eb6b9e546014".

Note: This generates a "version 4 UUID" using random byte values. See RFC 4122.

Returns null on failure

Generate UUID

Function ComGenRandomBytesENC Integer numBytes Returns String

Generates numBytes random bytes and returns them as an encoded string. The encoding, such as base64, hex, etc. is controlled by the EncodingMode property.

Returns null on failure

Supported Binary Encodings

Function ComGetDecryptCert Returns cComChilkatCert

Introduced in version 9.5.0.46

Returns the last certificate used for public-key decryption.

Returns null on failure

Function ComGetEncodedAad String encoding Returns String

Introduced in version 9.5.0.55

Returns the authenticated additional data as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

The Aad is used when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns null on failure

AEAD AES 128-bit GCM

Function ComGetEncodedAuthTag String encoding Returns String

Introduced in version 9.5.0.55

Returns the authentication tag as an encoded string. The encoding argument may be set to any of the following strings: "base64", "hex", "quoted-printable", or "url". The authentication tag is an output of authenticated encryption modes such as GCM when encrypting. When GCM mode decrypting, the authenticate tag is set by the application and is the expected result.

The authenticated tag plays a role when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric block ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns null on failure

AEAD AES 128-bit GCM

Function ComGetEncodedIV String encoding Returns String

Returns the initialization vector as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns null on failure

Function ComGetEncodedKey String encoding Returns String

Returns the secret key as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns null on failure

Function ComGetEncodedSalt String encoding Returns String

Returns the password-based encryption (PBE) salt bytes as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns null on failure

Function ComGetLastCert Returns cComChilkatCert

Returns the last certificate used when verifying a signature. This method is deprecated. Applications should instead call GetSignerCert with an index of 0.

Returns null on failure

Function ComGetSignatureSigningTime Integer index Returns DateTime

This method is deprecated. It will be removed in a future version.

This method can be called after a digital signature is verified to retrieve the signing time of the Nth certificate used for signing. The 1st certificate/signing time is at index 0. The NumSignerCerts property contains the total number of signing certificates. (Typically, a single certificate is used in creating a digital signature.)

Note: An application should first check to see if a signing date/time is available for the Nth certificate by calling the HasSignatureSigningTime method. The indices for which there is no signing time available should be skipped.

Function ComGetSignatureSigningTimeStr Integer index Returns String

The same as GetSignatureSigningTime, except the date/time is returned in RFC822 string format.

Returns null on failure

Function ComGetSignerCert Integer index Returns cComChilkatCert

Gets the Nth certificate used for signing. This method can be called after verifying a digital signature to get the signer certs. The 1st certificate is at index 0. The NumSignerCerts property contains the total number of signing certificates. (Typically, a single certificate is used in creating a digital signature.)

Returns null on failure

Verify Opaque Signature and Retrieve Signing Certificates

Function ComGetSignerCertChain Integer index Returns cComChilkatCertChain

Introduced in version 9.5.0.40

Returns the full certificate chain for the Nth certificate used to for signing. Indexing begins at 0.

Returns null on failure

Verify Opaque Signature and Retrieve Signing Certificates

Function ComHashBdENC cComChilkatBinData bd Returns String

Introduced in version 9.5.0.66

Hashes the the bytes contained in bd and returns the hash as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Returns null on failure

Binary Encodings Supported by Chilkat

SOAP WS-Security UsernameToken

Function ComHashBeginBytes Variant data Returns Boolean

Begin hashing a byte stream. Call this method to hash the 1st chunk. Additional chunks are hashed by calling HashMoreBytes 0 or more times followed by a final call to HashFinal (or HashFinalENC) to retrieve the result. The hash algorithm is selected by the HashAlgorithm property setting.

Returns True for success, False for failure.

Function ComHashBeginString String strData Returns Boolean

Begin hashing a text stream. Call this method to hash the 1st chunk. Additional chunks are hashed by calling HashMoreString 0 or more times followed by a final call to HashFinal (or HashFinalENC) to retrieve the result. The hash algorithm is selected by the HashAlgorithm property setting.

Returns True for success, False for failure.

Function ComHashBytes Variant data Returns Variant

Hashes a byte array.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Returns null on failure

Hash Binary Data (SHA256 and other hash algorithms)

Function ComHashBytesENC Variant data Returns String

Hashes a byte array and returns the hash as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Returns null on failure

Supported Binary Encodings

Hash Binary Data (SHA256 and other hash algorithms)

Function ComHashFile String path Returns Variant

Hashes a file and returns the hash bytes.

The hash algorithm is specified by the HashAlgorithm property,

Any size file may be hashed because the file is hashed internally in streaming mode (keeping memory usage low and constant).

Returns null on failure

Hash the Contents of a File (SHA256 and other hash algorithms)

Function ComHashFileAsync String path Returns cComChilkatTask

Creates an asynchronous task to call the HashFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Function ComHashFileENC String path Returns String

Hashes a file and returns the hash as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Any size file is supported because the file is hashed internally in streaming mode (keeping memory usage low and constant).

Returns null on failure

Compute Hash for a File (Example)

Supported Binary Encodings

Function ComHashFileENCAsync String path Returns cComChilkatTask

Creates an asynchronous task to call the HashFileENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns null on failure

How to Run an Asynchronous Task

Function ComHashFinal Returns Variant

Finalizes a multi-step hash computation and returns the hash bytes.

Returns null on failure

Function ComHashFinalENC Returns String

Finalizes a multi-step hash computation and returns the hash bytes encoded according to the EncodingMode property setting.

Returns null on failure

Supported Binary Encodings

Function ComHashMoreBytes Variant data Returns Boolean

Adds more bytes to the hash currently under computation. (See HashBeginBytes)

Returns True for success, False for failure.

Function ComHashMoreString String strData Returns Boolean

Adds more text to the hash currently under computation. (See HashBeginString)

Returns True for success, False for failure.

Function ComHashString String str Returns Variant

Hashes a string and returns a binary hash. The hash algorithm is specified by the HashAlgorithm property,

The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list fo supported charsets is listed in the EncryptString method description.

IMPORTANT: Hash algorithms hash bytes. Changing the bytes passed to a hash algorithm changes the result. A character (i.e. a visible glyph) can have different byte representations. The byte representation is defined by the Charset. For example, 'A' in us-ascii is a single byte 0x41, whereas in utf-16 it is 2 bytes (0x41 0x00). The byte representation should be explicitly specified, otherwise unexpected results may occur.

Returns null on failure

Hash the Contents of a String (SHA256 and other hash algorithms)

Function ComHashStringENC String str Returns String

Hashes a string and returns the hash bytes as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list of supported charsets is listed in the EncryptString method description.

Returns null on failure

Supported Binary Encodings

Function ComHasSignatureSigningTime Integer index Returns Boolean

This method can be called after a digital signature has been verified by one of the Verify* methods. Returns True if a signing time for the Nth certificate is available and can be retrieved by either the GetSignatureSigningTime or GetSignatureSigningTimeStr methods.

Function ComHmacBytes Variant inBytes Returns Variant

This method is deprecated. It will be removed in a future version.

Computes a keyed-Hash Message Authentication Code (HMAC or KHMAC), which is a type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message. Any iterative cryptographic hash function, such as MD5, SHA-1, SHA256, or any of the hash algorithms listed in the HashAlgorithm property, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5, HMAC-SHA-1, etc. accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key and the size of the hash output length in bits.

The secret key is set by calling one of the following methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.

The hash algorithm is specified by the HashAlgorithm property.

Note: If using Chilkat v9.5.0.55 or later, update your programs to use MacBytes instead (with the MacAlgorithm property set to "hmac").

Returns null on failure

Function ComHmacBytesENC Variant inBytes Returns String

This method is deprecated. It will be removed in a future version.

Computes an HMAC using a secret key and hash algorithm. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

The secret key is set by calling one of the following methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.

The hash algorithm is specified by the HashAlgorithm property.

Note: If using Chilkat v9.5.0.55 or later, update your programs to use MacBytesEnc instead (with the MacAlgorithm property set to "hmac").

Returns null on failure

Function ComHmacString String inText Returns Variant

This method is deprecated. It will be removed in a future version.

Computes an HMAC using a secret key and hash algorithm.

The secret key is set by calling one of the following methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.

The hash algorithm is specified by the HashAlgorithm property.

Note: If using Chilkat v9.5.0.55 or later, update your programs to use MacString instead (with the MacAlgorithm property set to "hmac").

Returns null on failure

Function ComHmacStringENC String inText Returns String

This method is deprecated. It will be removed in a future version.

Computes an HMAC using a secret key and hash algorithm. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

The secret key is set by calling one of the following methods prior to calling this method: SetHmacKeyBytes, SetHmacKeyEncoded, or SetHmacKeyString.

The hash algorithm is specified by the HashAlgorithm property.

Note: If using Chilkat v9.5.0.55 or later, update your programs to use MacStringENC instead (with the MacAlgorithm property set to "hmac").

Returns null on failure

Function ComInflateBytes Variant data Returns Variant

Decompresses data that was compressed with CompressBytes.

This is a legacy method that should not be used in new development. It will not be marked as deprecated or removed from future APIs because existing applications may have data already compressed using CompressBytes.

This method expects the input to begin with an 8-byte header composed of a 4-byte magic number (0xB394A7E1) and the 4-byte length of the uncompressed data.

Returns null on failure

Function ComInflateBytesENC String str Returns Variant

The opposite of CompressBytesENC. The EncodingMode and CompressionAlgorithm properties should match what was used when compressing.

Returns null on failure

Supported Binary Encodings

Function ComInflateString Variant data Returns String

The opposite of CompressString. The Charset and CompressionAlgorithm properties should match what was used when compressing.

Returns null on failure

Function ComInflateStringENC String str Returns String

The opposite of CompressStringENC. The Charset, EncodingMode, and CompressionAlgorithm properties should match what was used when compressing.

Returns null on failure

Crypt2 Compression Example

Function ComIsUnlocked Returns Boolean

Returns true if the component is unlocked.

Function ComLastJsonData Returns cComChilkatJsonObject

Introduced in version 9.5.0.70

Provides information about what transpired in the last method called. For many methods, there is no information. For some methods, details about what transpired can be obtained via LastJsonData. For example, after calling a method to verify a signature, the LastJsonData will return JSON with details about the algorithms used for signature verification.

Returns null on failure

Function ComMacBdENC cComChilkatBinData bd Returns String

Introduced in version 9.5.0.66

Computes a Message Authentication Code on the bytes contained in bd, using the MAC algorithm specified in the MacAlgorithm property. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

Returns null on failure

Function ComMacBytes Variant inBytes Returns Variant

Introduced in version 9.5.0.55

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property.

Returns null on failure

Demonstrates the MacBytes Method

Function ComMacBytesENC Variant inBytes Returns String

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

Returns null on failure

Demonstrates the MacBytesENC Method

Function ComMacString String inText Returns Variant

Introduced in version 9.5.0.55

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property.

Returns null on failure

Demonstrates the MacString Method

Function ComMacStringENC String inText Returns String

Introduced in version 9.5.0.55

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

Returns null on failure

Demonstrates HMAC SHA256

Function ComMySqlAesDecrypt String strEncryptedHex String strPassword Returns String

Matches MySQL's AES_DECRYPT function. strEncryptedHex is a hex-encoded string of the AES encrypted data. The return value is the original unencrypted string.

Returns null on failure

Function ComMySqlAesEncrypt String strData String strPassword Returns String

Matches MySQL's AES_ENCRYPT function. The return value is a hex-encoded string of the encrypted data. The equivalent call in MySQL would look like this: HEX(AES_ENCRYPT('The quick brown fox jumps over the lazy dog','password'))

Returns null on failure

Match MySQL AES_ENCRYPT Function

Function ComOpaqueSignBd cComChilkatBinData bd Returns Boolean

Introduced in version 9.5.0.67

In-place signs the contents of bd. The contents of bd is replaced with the PKCS7/CMS format signature that embeds the data that was signed.

Returns True for success, False for failure.

RSASSA-PSS Sign Binary Data

Function ComOpaqueSignBytes Variant data Returns Variant

Digitally signs a byte array and returns a PKCS7/CMS format signature. This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method.

Returns null on failure

Function ComOpaqueSignBytesENC Variant data Returns String

Digitally signs a byte array and returns a PKCS7/CMS format signature in encoded string format (such as Base64 or hex). This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP","Hex", etc. (See the EncodingMode property.)

Returns null on failure

Supported Binary Encodings

Function ComOpaqueSignString String str Returns Variant

Digitally signs a string and returns a PKCS7/CMS format signature. This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

Returns null on failure

Function ComOpaqueSignStringENC String str Returns String

Digitally signs a string and returns a PKCS7/CMS format signature in encoded string format (such as base64 or hex). This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

The EncodingMode property controls the output encoding, which can be "Base64", "QP","Hex", etc. (See the EncodingMode property.)

Returns null on failure

Supported Binary Encodings

Create and Verify an Opaque PKCS7/CMS Signature

Function ComOpaqueVerifyBd cComChilkatBinData bd Returns Boolean

Introduced in version 9.5.0.67

In-place verifies and unwraps the PKCS7/CMS contents of bd. If the signature is verified, the contents of bd will be replaced with the original data, and the method returns True. If the signature is not verified, then the contents of bd remain unchanged and the method returns False.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

RSASSA-PSS Sign Binary Data

Function ComOpaqueVerifyBytes Variant p7s Returns Variant

Verifies an opaque signature and returns the original data. If the signature verification fails, the returned data will be 0 bytes in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns null on failure

Function ComOpaqueVerifyBytesENC String p7s Returns Variant

Verifies an opaque signature (encoded in string form) and returns the original data. If the signature verification fails, the returned data will be 0 bytes in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns null on failure

Supported Binary Encodings

Function ComOpaqueVerifyString Variant p7s Returns String

Verifies an opaque signature and returns the original string. If the signature verification fails, the returned string will be 0 characters in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns null on failure

Function ComOpaqueVerifyStringENC String p7s Returns String

Verifies an opaque signature (encoded in string form) and returns the original data string. If the signature verification fails, the returned string will be 0 characters in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns null on failure

Supported Binary Encodings

Create and Verify an Opaque PKCS7/CMS Signature

Function ComPbkdf1 String password String charset String hashAlg String salt Integer iterationCount Integer outputKeyBitLen String encoding Returns String

Implements the PBKDF1 algorithm (Password Based Key Derivation Function #1). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "md5", "sha1", "md2", etc. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.

Note: Starting in version 9.5.0.47, if the charset is set to one of the keywords "hex" or "base64", then the password will be considered binary data that is hex or base64 encoded. The bytes will be decoded and used directly as a binary password.

Returns null on failure

PBKDF1 - Derive Key from Password

Function ComPbkdf2 String password String charset String hashAlg String salt Integer iterationCount Integer outputKeyBitLen String encoding Returns String

Implements the PBKDF2 algorithm (Password Based Key Derivation Function #2). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "sha256", "sha384", "sha512", "md5", "sha1", "md2", or any hash algorithm listed in the HashAlgorithm property. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.

Note: The PBKDF2 function (internally) utilizes a PRF that is a pseudorandom function that is a keyed HMAC. The hash algorithm specified by hashAlg determines this PRF. If hashAlg is "SHA256", then HMAC-SHA256 is used for the PRF. Likewise, if the hash function is "SHA1", then HMAC-SHA1 is used. HMAC can be used with any hash algorithm.

Note: Starting in version 9.5.0.47, if the charset is set to one of the keywords "hex" or "base64", then the password will be considered binary data that is hex or base64 encoded. The bytes will be decoded and used directly as a binary password.

Returns null on failure

PBKDF2 - Derive Key from Password

WPA Key Calculation from PassPhrase to Hex

Duplicate .NET's Rfc2898DeriveBytes Functionality

Function ComPkcs7ExtractDigest Integer signerIndex String pkcs7 Returns String

Introduced in version 9.5.0.48

Extracts the signature digest contained within a PKCS7 signature. The PKCS7 is passed in the encoding determined by the EncodingMode property (such as base64, hex, etc.) an the signature digest is returned in the same encoding.

Returns null on failure

Extract PKCS7 Signature Digest

Procedure ComRandomizeIV

Sets the initialization vector to a random value.

Procedure ComRandomizeKey

Sets the secret key to a random value.

Function ComReadFile String filename Returns Variant

Convenience method to read an entire file and return as a byte array.

Returns null on failure

Function ComReEncode String encodedData String fromEncoding String toEncoding Returns String

Provides a means for converting from one encoding to another (such as base64 to hex). This is helpful for programming environments where byte arrays are a real pain-in-the-***. The fromEncoding and toEncoding may be (case-insensitive) "Base64", "modBase64", "Base32", "Base58", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oauth", "url_rfc1738", "url_rfc2396", and "url_rfc3986".

Returns null on failure

Function ComSetCSP cComChilkatCsp csp Returns Boolean

(Only applies to the Microsoft Windows OS) Sets the Cryptographic Service Provider (CSP) to be used for PKI public-key encryption / signing, or public-key decryption / signature verification.

This is not commonly used becaues the default Microsoft CSP is typically appropriate. One instance where SetCSP is necessary is when using the Crypto-Pro CSP for the GOST R 34.10-2001 and GOST R 34.10-94 providers.

Returns True for success, False for failure.

Function ComSetDecryptCert cComChilkatCert cert Returns Boolean

Sets the digital certificate to be used for decryption when the CryptAlgorithm property is set to "PKI". A private key is required for decryption. Because this method only specifies the certificate, a prerequisite is that the certificate w/ private key must have been pre-installed on the computer. Private keys are stored in the Windows Protected Store (either a user account specific store, or the system-wide store). The Chilkat component will automatically locate and find the certificate's corresponding private key from the protected store when decrypting.

Returns True for success, False for failure.

Function ComSetDecryptCert2 cComChilkatCert cert cComPrivateKey key Returns Boolean

Sets the digital certificate to be used for decryption when the CryptAlgorithm property is set to "PKI". The private key is supplied in the 2nd argument to this method, so there is no requirement that the certificate be pre-installed on a computer before decrypting (if this method is called).

Returns True for success, False for failure.

Function ComSetEncodedAad String aadStr String encoding Returns Boolean

Introduced in version 9.5.0.55

Sets the authenticated additional data from an encoded string. The authenticated additional data (AAD), if any, is used in authenticated encryption modes such as GCM. The aadStr argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

The Aad is used when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns True for success, False for failure.

AEAD AES 128-bit GCM

Function ComSetEncodedAuthTag String authTagStr String encoding Returns Boolean

Introduced in version 9.5.0.55

Sets the expected authenticated tag from an encoded string. The authenticated tag is used in authenticated encryption modes such as GCM. An application would set the expected authenticated tag prior to decrypting. The authTagStr argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

The authenticated tag plays a role when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric block ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns True for success, False for failure.

AEAD AES 128-bit GCM

Procedure ComSetEncodedIV String ivStr String encoding

Sets the initialization vector from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

Procedure ComSetEncodedKey String keyStr String encoding

Sets the secret key from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

Generate Encryption Key

Procedure ComSetEncodedSalt String saltStr String encoding

Sets the password-based encryption (PBE) salt bytes from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

Function ComSetEncryptCert cComChilkatCert cert Returns Boolean

Tells the encryption library to use a specific digital certificate for public-key encryption. To encrypt with multiple certificates, call AddEncryptCert once for each certificate. (Calling this method is the equivalent of calling ClearEncryptCerts followed by AddEncryptCert.)

Returns True for success, False for failure.

RSAES-OAEP Encrypt String with AES-128 Content Encryption and SHA256

Procedure ComSetHmacKeyBytes Variant keyBytes

This method is deprecated. It will be removed in a future version.

Sets the HMAC key to be used for one of the HMAC methods.

Note: If using Chilkat v9.5.0.55 or later, update your programs to use SetMacKeyBytes instead.

Procedure ComSetHmacKeyEncoded String key String encoding

This method is deprecated. It will be removed in a future version.

Sets the secret key to be used for one of the HMAC methods. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Note: If using Chilkat v9.5.0.55 or later, update your programs to use SetMacKeyEncoded instead.

Procedure ComSetHmacKeyString String key

This method is deprecated. It will be removed in a future version.

Sets the MAC key to be used for one of the HMAC methods.

Note: If using Chilkat v9.5.0.55 or later, update your programs to use SetMacKeyString instead.

Demonstrates HMAC SHA256

Function ComSetMacKeyBytes Variant keyBytes Returns Boolean

Introduced in version 9.5.0.55

Sets the MAC key to be used for one of the Mac methods.

Returns True for success, False for failure.

Function ComSetMacKeyEncoded String key String encoding Returns Boolean

Introduced in version 9.5.0.55

Sets the MAC key to be used for one of the Mac methods. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns True for success, False for failure.

Poly1305 MAC

Function ComSetMacKeyString String key Returns Boolean

Introduced in version 9.5.0.55

Sets the MAC key to be used for one of the Mac methods.

Returns True for success, False for failure.

Procedure ComSetSecretKeyViaPassword String password

Accepts a password string and (internally) generates a binary secret key of the appropriate bit length and sets the SecretKey property. This method should only be used if you are using Chilkat for both encryption and decryption because the password-to-secret-key algorithm would need to be identical for the decryption to match the encryption.

There is no minimum or maximum password length. The password string is transformed to a binary secret key by computing the MD5 digest (of the utf-8 password) to obtain 16 bytes. If the KeyLength is greater than 16 bytes, then the MD5 digest of the Base64 encoding of the utf-8 password is added. A max of 32 bytes of key material is generated, and this is truncated to the actual KeyLength required. The example below shows how to manually duplicate the computation.

Manually Duplicate SetSecretKeyViaPassword

openssl enc decrypt

Function ComSetSigningCert cComChilkatCert cert Returns Boolean

Specifies a certificate to be used when creating PKCS7 digital signatures. Signing requires both a certificate and private key. In this case, the private key is implicitly specified if the certificate originated from a PFX that contains the corresponding private key, or if on a Windows-based computer where the certificate and corresponding private key are pre-installed. (If a PFX file is used, it is provided via the AddPfxSourceFile or AddPfxSourceData methods.)

Returns True for success, False for failure.

Function ComSetSigningCert2 cComChilkatCert cert cComPrivateKey privateKey Returns Boolean

Specifies a digital certificate and private key to be used for creating PKCS7 digital signatures.

Returns True for success, False for failure.

Create and Verify an Opaque PKCS7/CMS Signature

Function ComSetVerifyCert cComChilkatCert cert Returns Boolean

Sets the digital certificate to be used in verifying a signature.

Returns True for success, False for failure.

Create and Verify an Opaque PKCS7/CMS Signature

Function ComShorten Variant inData Integer numBytes Returns Variant

Chops N bytes from the end of a byte array. Accepts a Variant, which could be anything (internally) but always returns a Variant containing a byte array.

Returns null on failure

Function ComSignBdENC cComChilkatBinData dataToSign Returns String

Introduced in version 9.5.0.67

Digitally signs the contents of dataToSign and returns the detached digital signature in an encoded string (according to the EncodingMode property setting).

Returns null on failure

RSASSA-PSS Sign Binary Data

Function ComSignBytes Variant data Returns Variant

Digitally signs a byte array and returns the detached digital signature. A certificate must be set by calling SetSigningCert prior to calling this method.

Returns null on failure

Function ComSignBytesENC Variant data Returns String

Digitally signs a byte array and returns the detached digital signature encoded as a printable string. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP", or "Hex".

Returns null on failure

Supported Binary Encodings

Function ComSignSbENC cComChilkatStringBuilder sb Returns String

Introduced in version 9.5.0.67

Digitally signs a the contents of sb and returns the PKCS7 detached digital signature as an encoded string according to the EncodingMode property setting.

Returns null on failure

RSASSA-PSS Sign Text

Function ComSignString String str Returns Variant

Digitally signs a string and returns the detached digital signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

Returns null on failure

Function ComSignStringENC String str Returns String

Digitally signs a string and returns the PKCS7 detached digital signature as an encoded string. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".

Returns null on failure

Supported Binary Encodings

RSASSA-PSS Sign String to Create Base64 PCKS7 Signature

Function ComStringToBytes String inStr String charset Returns Variant

Convert a string to a byte array where the characters are encoded according to the charset specified.

Returns null on failure

Function ComTrimEndingWith String inStr String ending Returns String

Trim a string ending with a specific substring until the string no longer ends with that substring.

Returns null on failure

Function ComUnlockComponent String unlockCode Returns Boolean

Unlocks the component. This must be called once prior to calling any other method.

Returns True for success, False for failure.

Diagnosing UnlockComponent Problems

UnlockComponent LastErrorText shows exact string passed to it.

Verify UnlockComponent Success w/ Purchased Unlock Code

LastErrorText Standard Information

Function ComUseCertVault cComChilkatXmlCertVault vault Returns Boolean

Introduced in version 9.5.0.40

Adds an XML certificate vault to the object's internal list of sources to be searched for certificates and private keys when encrypting/decrypting or signing/verifying. Unlike the AddPfxSourceData and AddPfxSourceFile methods, only a single XML certificate vault can be used. If UseCertVault is called multiple times, only the last certificate vault will be used, as each call to UseCertVault will replace the certificate vault provided in previous calls.

Returns True for success, False for failure.

Function ComVerifyBdENC cComChilkatBinData data String encodedSig Returns Boolean

Introduced in version 9.5.0.67

Verifies a digital signature against the original data contained in data. Returns True if the signature is verified.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

RSASSA-PSS Sign Binary Data

Function ComVerifyBytes Variant data Variant sig Returns Boolean

Verifies a byte array against a digital signature and returns true if the byte array is unaltered.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Function ComVerifyBytesENC Variant data String encodedSig Returns Boolean

Verifies a byte array against a string-encoded digital signature and returns true if the byte array is unaltered. This method can be used to verify a signature produced by SignBytesENC. The EncodingMode property must be set prior to calling to match the encoding of the digital signature string ("Base64", "QP", or "Hex").

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Supported Binary Encodings

Function ComVerifyDetachedSignature String inFilename String p7sFilename Returns Boolean

Verifies a .p7s (PKCS #7 Signature) against the original file (or exact copy of it). If the inFilename has not been modified, the return value is True, otherwise it is False. This method is equivalent to VerifyP7S.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Function ComVerifyP7M String p7mPath String destPath Returns Boolean

Verifies a .p7m file and extracts the original file from the .p7m. Returns True if the signature is valid and the contents are unchanged. Otherwise returns False.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Extract a File from a .p7m (PKCS7 Signed-Data)

CAdES BES Attached (Opaque) Signature

Create P7M Using Pre-Installed Windows Certificate

Function ComVerifyP7S String inFilename String p7sFilename Returns Boolean

Verifies a .p7s (PKCS #7 Signature) against the original file (or exact copy of it). If the inFilename has not been modified, the return value is True, otherwise it is False.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

CAdES BES Detached Signature

Function ComVerifySbENC cComChilkatStringBuilder sb String encodedSig Returns Boolean

Introduced in version 9.5.0.67

Verifies a digital signature against the original data contained in sb. Returns True if the signature is verified.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

RSASSA-PSS Sign Text

Function ComVerifyString String str Variant sig Returns Boolean

Verifies a string against a binary digital signature and returns true if the string is unaltered. This method can be used to verify a signature produced by SignString. The Charset property must be set to the charset that was used when creating the signature.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Function ComVerifyStringENC String str String encodedSig Returns Boolean

Verifies a string against a string-encoded digital signature and returns true if the string is unaltered. This method can be used to verify a signature produced by SignStringENC. The Charset and EncodingMode properties must be set to the same values that were used when creating the signature.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Supported Binary Encodings

RSASSA-PSS Sign String to Create Base64 PCKS7 Signature

Function ComWriteFile String filename Variant fileData Returns Boolean

Convenience method to write an entire byte array to a file.

Returns True for success, False for failure.