The %encrypt() function encrypts a string. The appropriate OpenSSL libraries must be present to use this function. See your platform-specific System Administration Guide for details.
code = %encrypt(params, inputstring, outputstring, &outputstring length)
code | Return code representing the result of the function. |
params | A dynamic array containing the following information: |
Algorithm (Supported algorithms are Crypto$Algorithm$AES128 and Crypto$Algorithm$AES256). | |
Length of input string. | |
Size of output buffer. | |
Clear text key (must be 16 bytes long for AES128 and 32 bytes long for AES256). If the clear text key is null, the default key will be used. | |
inputstring | Input string. |
outputstring | Output string. |
outputstring length | Length of the encrypted string. |
This function returns an integer to the code variable as follows:
0 | Success |
-1 | Error |
-2 | Invalid keysize (must be 16 bytes for AES128 and 32 bytes for AES256) |
-3 | Output buffer too small. The output string buffer must be pre-allocated. For AES128, the size must be a minimum of twice the size of the input buffer for the %encrypt() function to work. For AES256, the size must be the size of the input buffer rounded up to the next multiple of 32 with at least one extra 32-byte block. The return parameter outputstring length denotes the actual length of the encrypted string. |
-4 | Encryption libraries are not loaded. |
The following example illustrates encrypting and decrypting a user-provided string using AES128:
* encryptAES128Test * open 'sqldemo,customers,' to file then read item from file,"1" then dataItem = item<6> call encryptAES128.sub(dataItem,errMsg) ;* now do the encryption if errMsg = "" then writev dataItem on file,"1",6 end else crt errMsg end end end end * * End of source subroutine encryptAES128.sub(dataItem,errMsg) include dm,bp,includes crypto.inc * * Key must be 16 characters long key = "1234567890123456"'l%16' * * now do the encryption dataLen = len(dataItem)*2 char encrItem[ dataLen ] cryptoParams = "" cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES128 cryptoParams< Crypto$P$inputlength > = Len(dataItem) cryptoParams< Crypto$P$outputLength > = dataLen cryptoParams< Crypto$P$ClearKey > = key encryptedLen = 0 gp.result = %Encrypt(cryptoParams, dataItem, encrItem, &encryptedLen) if gp.result < 0 then errMsg = "Encryption failed: " : gp.result end else dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding errMsg = "" end * return * * End of source * decryptAES128Test * open 'sqldemo,customers,' to file then read item from file,"1" then dataItem = item<6> call decryptAES128.sub(dataItem,errMsg) ;* now do the decryption if errMsg = "" then writev dataItem on file,"1",6 end else crt errMsg end end end end * * End of source subroutine decryptAES128.sub(dataItem,errMsg) include dm,bp,includes crypto.inc * * Key must be 16 characters long key = "1234567890123456"'l%16' encrItem = dataItem encryptedLen = len(encrItem) * now do the decryption char decrItem[Len(encrItem)] cryptoParams = "" cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES128 cryptoParams< Crypto$P$inputLength > = encryptedLen cryptoParams< Crypto$P$outputLength > = Len(decrItem) cryptoParams< Crypto$P$ClearKey > = key decryptedLen = 0 * gp.result = %Decrypt(cryptoParams, encrItem, decrItem, &decryptedLen) if gp.result < 0 then errMsg = "Decryption failed: " : gp.result end else dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding errMsg = "" end * dataItem = decrItem * return * * End of source
The following example illustrates encrypting and decrypting a user-provided string using AES256 (D3 versions 10.3.4 and later):
* encryptAES256Test * open 'sqldemo,customers,' to file then read item from file,"1" then dataItem = item<6> call encryptAES256.sub(dataItem,errMsg) ;* now do the encryption if errMsg = "" then writev dataItem on file,"1",6 end else crt errMsg end end end end * * End of source subroutine encryptAES256.sub(dataItem,errMsg) include dm,bp,includes crypto.inc * * Key must be 32 characters long key = "12345678901234567890123456789012"'l%32' * * now do the encryption dataLen = (int(len(dataItem)/32)+2)*32 char encrItem[ dataLen ] cryptoParams = "" cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES256 cryptoParams< Crypto$P$inputlength > = Len(dataItem) cryptoParams< Crypto$P$outputLength > = dataLen cryptoParams< Crypto$P$ClearKey > = key encryptedLen = 0 gp.result = %Encrypt(cryptoParams, dataItem, encrItem, &encryptedLen) if gp.result < 0 then errMsg = "Encryption failed: " : gp.result end else dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding errMsg = "" end * return * * End of source * decryptAES256Test * open 'sqldemo,customers,' to file then read item from file,"1" then dataItem = item<6> call decryptAES256.sub(dataItem,errMsg) ;* now do the decryption if errMsg = "" then writev dataItem on file,"1",6 end else crt errMsg end end end end * * End of source subroutine decryptAES256.sub(dataItem,errMsg) include dm,bp,includes crypto.inc * * Key must be 32 characters long key = "12345678901234567890123456789012"'l%32' encrItem = dataItem encryptedLen = len(encrItem) * now do the decryption char decrItem[Len(encrItem)] cryptoParams = "" cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES256 cryptoParams< Crypto$P$inputLength > = encryptedLen cryptoParams< Crypto$P$outputLength > = Len(decrItem) cryptoParams< Crypto$P$ClearKey > = key decryptedLen = 0 * gp.result = %Decrypt(cryptoParams, encrItem, decrItem, &decryptedLen) if gp.result < 0 then errMsg = "Decryption failed: " : gp.result end else dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding errMsg = "" end * dataItem = decrItem * return * * End of source