The %encrypt() function encrypts a string. The appropriate OpenSSL libraries must be present to use this function. See your platform-specific System Administration Guide for details.
code = %encrypt(params, inputstring, outputstring, &outputstring length)
| code | Return code representing the result of the function. |
| params | A dynamic array containing the following information: |
| Algorithm (Supported algorithms are Crypto$Algorithm$AES128 and Crypto$Algorithm$AES256). | |
| Length of input string. | |
| Size of output buffer. | |
| Clear text key (must be 16 bytes long for AES128 and 32 bytes long for AES256). If the clear text key is null, the default key will be used. | |
| inputstring | Input string. |
| outputstring | Output string. |
| outputstring length | Length of the encrypted string. |
This function returns an integer to the code variable as follows:
| 0 | Success |
| -1 | Error |
| -2 | Invalid keysize (must be 16 bytes for AES128 and 32 bytes for AES256) |
| -3 | Output buffer too small. The output string buffer must be pre-allocated. For AES128, the size must be a minimum of twice the size of the input buffer for the %encrypt() function to work. For AES256, the size must be the size of the input buffer rounded up to the next multiple of 32 with at least one extra 32-byte block. The return parameter outputstring length denotes the actual length of the encrypted string. |
| -4 | Encryption libraries are not loaded. |
The following example illustrates encrypting and decrypting a user-provided string using AES128:
* encryptAES128Test
*
open 'sqldemo,customers,' to file then
read item from file,"1" then
dataItem = item<6>
call encryptAES128.sub(dataItem,errMsg) ;* now do the encryption
if errMsg = "" then
writev dataItem on file,"1",6
end else
crt errMsg
end
end
end
end
*
* End of source
subroutine encryptAES128.sub(dataItem,errMsg)
include dm,bp,includes crypto.inc
*
* Key must be 16 characters long
key = "1234567890123456"'l%16'
*
* now do the encryption
dataLen = len(dataItem)*2
char encrItem[ dataLen ]
cryptoParams = ""
cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES128
cryptoParams< Crypto$P$inputlength > = Len(dataItem)
cryptoParams< Crypto$P$outputLength > = dataLen
cryptoParams< Crypto$P$ClearKey > = key
encryptedLen = 0
gp.result = %Encrypt(cryptoParams, dataItem, encrItem, &encryptedLen)
if gp.result < 0 then
errMsg = "Encryption failed: " : gp.result
end else
dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding
errMsg = ""
end
*
return
*
* End of source
* decryptAES128Test
*
open 'sqldemo,customers,' to file then
read item from file,"1" then
dataItem = item<6>
call decryptAES128.sub(dataItem,errMsg) ;* now do the decryption
if errMsg = "" then
writev dataItem on file,"1",6
end else
crt errMsg
end
end
end
end
*
* End of source
subroutine decryptAES128.sub(dataItem,errMsg)
include dm,bp,includes crypto.inc
*
* Key must be 16 characters long
key = "1234567890123456"'l%16'
encrItem = dataItem
encryptedLen = len(encrItem)
* now do the decryption
char decrItem[Len(encrItem)]
cryptoParams = ""
cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES128
cryptoParams< Crypto$P$inputLength > = encryptedLen
cryptoParams< Crypto$P$outputLength > = Len(decrItem)
cryptoParams< Crypto$P$ClearKey > = key
decryptedLen = 0
*
gp.result = %Decrypt(cryptoParams, encrItem, decrItem, &decryptedLen)
if gp.result < 0 then
errMsg = "Decryption failed: " : gp.result
end else
dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding
errMsg = ""
end
*
dataItem = decrItem
*
return
*
* End of source
The following example illustrates encrypting and decrypting a user-provided string using AES256 (D3 versions 10.3.4 and later):
* encryptAES256Test
*
open 'sqldemo,customers,' to file then
read item from file,"1" then
dataItem = item<6>
call encryptAES256.sub(dataItem,errMsg) ;* now do the encryption
if errMsg = "" then
writev dataItem on file,"1",6
end else
crt errMsg
end
end
end
end
*
* End of source
subroutine encryptAES256.sub(dataItem,errMsg)
include dm,bp,includes crypto.inc
*
* Key must be 32 characters long
key = "12345678901234567890123456789012"'l%32'
*
* now do the encryption
dataLen = (int(len(dataItem)/32)+2)*32
char encrItem[ dataLen ]
cryptoParams = ""
cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES256
cryptoParams< Crypto$P$inputlength > = Len(dataItem)
cryptoParams< Crypto$P$outputLength > = dataLen
cryptoParams< Crypto$P$ClearKey > = key
encryptedLen = 0
gp.result = %Encrypt(cryptoParams, dataItem, encrItem, &encryptedLen)
if gp.result < 0 then
errMsg = "Encryption failed: " : gp.result
end else
dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding
errMsg = ""
end
*
return
*
* End of source
* decryptAES256Test
*
open 'sqldemo,customers,' to file then
read item from file,"1" then
dataItem = item<6>
call decryptAES256.sub(dataItem,errMsg) ;* now do the decryption
if errMsg = "" then
writev dataItem on file,"1",6
end else
crt errMsg
end
end
end
end
*
* End of source
subroutine decryptAES256.sub(dataItem,errMsg)
include dm,bp,includes crypto.inc
*
* Key must be 32 characters long
key = "12345678901234567890123456789012"'l%32'
encrItem = dataItem
encryptedLen = len(encrItem)
* now do the decryption
char decrItem[Len(encrItem)]
cryptoParams = ""
cryptoParams< Crypto$P$Algorithm > = Crypto$Algorithm$AES256
cryptoParams< Crypto$P$inputLength > = encryptedLen
cryptoParams< Crypto$P$outputLength > = Len(decrItem)
cryptoParams< Crypto$P$ClearKey > = key
decryptedLen = 0
*
gp.result = %Decrypt(cryptoParams, encrItem, decrItem, &decryptedLen)
if gp.result < 0 then
errMsg = "Decryption failed: " : gp.result
end else
dataItem = encrItem[1, encryptedLen] ;* MANDATORY trim of buffer padding
errMsg = ""
end
*
dataItem = decrItem
*
return
*
* End of source