It is our policy that all new versions of CryptoSys API are fully compatible with all earlier versions, no matter what contortions we end up having to do with the namespace.
Functions included for compatibilty with di_Blowfish.dll version 1:
bf_StringEnc
- see BLF_Bytes
bf_StringDec
- see BLF_Bytes
bf_FileEnc
- see BLF_File
bf_FileDec
- see BLF_File
bf_Init
- see BLF_Init
bf_BlockEnc
- see BLF_Ecb
bf_BlockDec
- see BLF_Ecb
bf_Final
- see BLF_Final
The AES functions, for consistency, all require the user to specify both the key length and the block length in bits. All combinations of 128 or 192 or 256 bits for the key length and block length are permitted. The data must be provided in sufficient length to match the key and block lengths specified.
AES_HexAES_HexModeAES_BytesAES_BytesModeAES_FileAES_FileHexAES_InitAES_InitHexAES_InitErrorAES_UpdateAES_UpdateHexAES_EcbAES_EcbHexAES_FinalRAN_Seed function, but cannot
control other seeding, mixing and hiding of the pool carried out automatically by the system.
The DES and TDEA key generators check for weak and semi-weak keys and set the parity bits
(which are subsequently ignored anyway by the DES block cipher functions!).
RAN_KeyGenerate
RAN_KeyGenHex
RAN_DESKeyGenerate
RAN_DESKeyGenHex
RAN_TDEAKeyGenerate
RAN_TDEAKeyGenHex
RAN_Seed
RAN_Test
RAN_Nonce
RAN_NonceHex
RAN_Long
AES_BytesAES_BytesModeAES_EcbAES_EcbHexAES_FileAES_FileHexAES_FinalAES_HexAES_HexModeAES_InitAES_InitErrorAES_InitHexAES_UpdateAES_UpdateHexRAN_DESKeyGenerateRAN_DESKeyGenHexRAN_KeyGenerateRAN_KeyGenHexRAN_LongRAN_NonceRAN_NonceHexRAN_SeedRAN_TDEAKeyGenerateRAN_TDEAKeyGenHexRAN_TestRNG_KeyGenerateRNG_KeyGenHexRNG_NonceRNG_NonceHexAES_Hex encrypts or decrypts data
represented as a hexadecimal string
using a key represented in hexadecimal notation.
The process is carried out in one step in Electronic Codebook (EBC) mode.
Public Declare Function AES_Hex Lib "diCryptoSys.dll"
(ByVal sOutput As String, ByVal sInput As String, ByVal sHexKey As String,
ByVal lngKeyBits As Long, ByVal lngBlockBits As Long,
ByVal bEncrypt As Boolean) As Long
lngRet = AES_Hex(sOutput, sInput, sHexKey, lngKeyBits, lngBlockBits, bEncrypt)
String of sufficient length to receive the output.String containing the input data in hexadecimal.String containing the key in hexadecimal.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
Dim sOutput As String
Dim sInput As String
Dim sHexKey As String
Dim sCorrect As String
sHexKey = "00000000000000000000000000000000"
sInput = "80000000000000000000000000000000"
sCorrect = "3AD78E726C1EC02B7EBFE92B23D9EC34"
' Set sOutput to be same length as sInput
sOutput = String(Len(sInput), " ")
Debug.Print "KY="; sHexKey
Debug.Print "PT="; sInput
' Encrypt in one-off process
lngRet = AES_Hex(sOutput, sInput, sHexKey, 128, 128, True)
Debug.Print "CT="; sOutput; lngRet
Debug.Print "OK="; sCorrect
' Now decrypt back to plain text
sInput = sOutput
lngRet = AES_Hex(sOutput, sInput, sHexKey, 128, 128, False)
Debug.Print "P'="; sOutput; lngRet
This should result in output as follows:
KY=00000000000000000000000000000000 PT=80000000000000000000000000000000 CT=3AD78E726C1EC02B7EBFE92B23D9EC34 0 OK=3AD78E726C1EC02B7EBFE92B23D9EC34 P'=80000000000000000000000000000000 0
AES_HexMode encrypts or decrypts data
represented as a hexadecimal string
using a specified mode. The key and initialisation vector
are represented as a hexadecimal string.
Public Declare Function AES_HexMode Lib "diCryptoSys.dll"
(ByVal sOutput As String, ByVal sInput As String, ByVal sHexKey As String,
ByVal lngKeyBits As Long, ByVal lngBlockBits As Long,
ByVal bEncrypt As Boolean,
ByVal sMode As String, ByVal sHexIV As String) As Long
AES_HexMode(sOutput, sInput, sHexKey,lngKeyBits, lngBlockBits, bEncrypt, sMode, sHexIV)
String of sufficient length to receive the output.String containing the input data in hexadecimal.String containing the key in hexadecimal.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.String indicating mode
to process subsequent input: either "ECB"
for Electronic Codebook mode or "CBC" for Cipher Block Chaining mode.String containing the initialisation vector (IV)
in hexadecimal.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
Dim sOutput As String
Dim sInput As String
Dim sHexKey As String
Dim sHexIV As String
Dim sCorrect As String
sHexKey = "0123456789ABCDEFF0E1D2C3B4A59687"
sHexIV = "FEDCBA9876543210FEDCBA9876543210"
' "Now is the time for all good men"
sInput = "4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E"
sCorrect = "C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177"
' Set sOutput to be same length as sInput
sOutput = String(Len(sInput), " ")
Debug.Print "KY="; sHexKey
Debug.Print "IV="; sHexIV
Debug.Print "PT="; sInput
' Encrypt in one-off process
lngRet = AES_HexMode(sOutput, sInput, sHexKey, 128, 128, True, "CBC", sHexIV)
Debug.Print "CT="; sOutput, lngRet
Debug.Print "OK="; sCorrect
' Now decrypt back to plain text
sInput = sOutput
lngRet = AES_HexMode(sOutput, sInput, sHexKey, 128, 128, False, "cbc", sHexIV)
Debug.Print "P'="; sOutput, lngRet
This should result in output as follows:
KY=0123456789ABCDEFF0E1D2C3B4A59687 IV=FEDCBA9876543210FEDCBA9876543210 PT=4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E CT=C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177 0 OK=C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177 P'=4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E 0
AES_Bytes encrypts or decrypts an array of Bytes
in one step in Electronic Codebook (EBC) mode.
Public Declare Function AES_Bytes Lib "diCryptoSys.dll"
(ByRef aResult As Byte, ByRef aData As Byte, ByVal lngDataLen As Long, ByRef aKey As Byte,
ByVal lngKeyBits As Long, ByVal lngBlockBits As Long,
ByVal bEncrypt As Boolean) As Long
lngRet = AES_Bytes(aResult(0), aData(0), lngDataLen, aKey(0), lngKeyBits, lngBlockBits, bEncrypt)
Byte array of sufficient length to receive the output.Byte array containing the input data.Long equal to length of the input data in bytes.Byte array containing the key.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
Dim sInput As String
Dim sHexKey As String
Dim sCorrect As String
Dim lngKeyLen As Long
Dim aKey() As Byte
Dim aResult() As Byte
Dim aData() As Byte
Dim lngDataLen As Long
' Define test vectors in hex
sHexKey = "00000000000000000000000000000000"
sInput = "80000000000000000000000000000000"
sCorrect = "3AD78E726C1EC02B7EBFE92B23D9EC34"
' Convert to byte arrays
lngKeyLen = Len(sHexKey) \ 2
ReDim aKey(lngKeyLen)
Call bu_HexStr2Bytes(sHexKey, aKey)
lngDataLen = Len(sInput) \ 2
ReDim aData(lngDataLen)
Call bu_HexStr2Bytes(sInput, aData)
ReDim aResult(lngDataLen)
Debug.Print "KY="; bu_Bytes2HexStr(aKey, lngKeyLen)
Debug.Print "PT="; bu_Bytes2HexStr(aData, lngDataLen)
' Encrypt in one-off process
lngRet = AES_Bytes(aResult(0), aData(0), lngDataLen, aKey(0), 128, 128, True)
Debug.Print "CT="; bu_Bytes2HexStr(aResult, lngDataLen), lngRet
Debug.Print "OK="; sCorrect
' Now decrypt back
lngRet = AES_Bytes(aData(0), aResult(0), lngDataLen, aKey(0), 128, 128, False)
Debug.Print "P'="; bu_Bytes2HexStr(aData, lngDataLen), lngRet
This should result in output as follows:
KY=00000000000000000000000000000000 PT=80000000000000000000000000000000 CT=3AD78E726C1EC02B7EBFE92B23D9EC34 0 OK=3AD78E726C1EC02B7EBFE92B23D9EC34 P'=80000000000000000000000000000000 0
AES_BytesMode encrypts or decrypts an array of Bytes
using a specified mode.
The key and IV data are in byte arrays.
Public Declare Function AES_BytesMode Lib "diCryptoSys"
(ByRef aResult As Byte, ByRef aData As Byte, ByVal lngDataLen As Long, ByRef aKey As Byte,
ByVal lngKeyBits As Long, ByVal lngBlockBits As Long, ByVal bEncrypt As Boolean,
ByVal sMode As String, ByRef aInitV As Byte) As Long
lngRet = AES_Bytes(aResult(0), aData(0), lngDataLen, aKey(0),
lngKeyBits, lngBlockBits, bEncrypt, sMode, aInitV(0))
Byte array of sufficient length to receive the output.Byte array containing the input data.Long equal to length of the input data in bytes.Byte array containing the key.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.String indicating mode
to process subsequent input: either "ECB"
for Electronic Codebook mode or "CBC" for Cipher Block Chaining mode.Byte containing the
initialisation vector (IV), or zero (0) for ECB mode.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
Dim sOutput As String
Dim sInput As String
Dim sHexKey As String
Dim sHexIV As String
Dim sCorrect As String
Dim lngKeyLen As Long
Dim aKey(15) As Byte
Dim aInitV(15) As Byte
Dim aResult() As Byte
Dim aData() As Byte
Dim lngDataLen As Long
Dim lngIVLen As Long
sInput = "Now is the time for all good men"
sCorrect = "C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177"
sHexKey = "0123456789ABCDEFF0E1D2C3B4A59687"
sHexIV = "FEDCBA9876543210FEDCBA9876543210"
' Convert to byte arrays
aData() = StrConv(sInput, vbFromUnicode)
lngDataLen = UBound(aData) + 1
ReDim aResult(lngDataLen)
lngKeyLen = bu_HexStr2Bytes(sHexKey, aKey)
lngIVLen = bu_HexStr2Bytes(sHexIV, aInitV)
Debug.Print "KY="; bu_Bytes2HexStr(aKey, lngKeyLen)
Debug.Print "IV="; bu_Bytes2HexStr(aInitV, lngIVLen)
Debug.Print "PT="; bu_Bytes2HexStr(aData, lngDataLen)
' Encrypt in one-off process
lngRet = AES_BytesMode(aResult(0), aData(0), lngDataLen, aKey(0), _
128, 128, True, "CBC", aInitV(0))
Debug.Print "CT="; bu_Bytes2HexStr(aResult, lngDataLen)
Debug.Print "OK="; sCorrect
' Now decrypt back
lngRet = AES_BytesMode(aData(0), aResult(0), lngDataLen, aKey(0), _
128, 128, False, "cbc", aInitV(0))
sOutput = StrConv(aData(), vbUnicode)
Debug.Print "P'="; sOutput
This should result in output as follows:
KY=0123456789ABCDEFF0E1D2C3B4A59687 IV=FEDCBA9876543210FEDCBA9876543210 PT=4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E CT=C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177 OK=C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177 P'=Now is the time for all good men
AES_FileHex encrypts or decrypts a file
using a specified mode. The key and initialisation vector
are passed as hexadecimal strings.
Public Declare Function AES_FileHex Lib "diCryptoSys.dll"
(ByVal sFileOut As String, ByVal sFileIn As String,
ByVal sHexKey As String, ByVal lngKeyBits As Long, ByVal lngBlockBits As Long,
ByVal bEncrypt As Boolean, ByVal sMode As String, ByVal sHexIV As String) As Long
lngRet = AES_FileHex(sFileOut, sFileIn, sHexKey, bEncrypt, lngKeyBits, lngBlockBits, sMode, sHexIV)
String with the full path name of the output
file to be created.String with the full path name of the input file
to be processed.String containing the key in hexadecimal.Boolean direction flag:
set as True to encrypt or False
to decrypt.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.String indicating mode
to process subsequent input: either "ECB"
for Electronic Codebook mode or "CBC" for Cipher Block Chaining mode.String containing the initialisation vector (IV)
in hexadecimal.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
lngRet = AES_FileHex("bigfile.cbc", "bigfile.dat", _
"fedcba9876543210fedcba9876543210", 128, 128, True, _
"CBC", "0123456789abcdef0123456789abcdef")
AES_File encrypts or decrypts a file
using a specified mode. The key and initialisation vector
are passed as arrays of bytes.
Public Declare Function AES_File Lib "diCryptoSys.dll"
(ByVal sFileOut As String, ByVal sFileIn As String,
ByRef aKey As Byte, ByVal lngKeyBits As Long, ByVal lngBlockBits As Long,
ByVal bEncrypt As Boolean, ByVal sMode As String, ByRef aInitV As Byte) As Long
iRet = AES_File(sFileOut, sFileIn, aKey(0), lngKeyBits, lngBlockBits, bEncrypt, sMode, aInitV(0))
String with the full path name of the output
file to be created.String with the full path name of the input file
to be processed.Byte array containing the key.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.String indicating mode
to process subsequent input: either "ECB"
for Electronic Codebook mode or "CBC" for Cipher Block Chaining mode.Byte array containing the initialisation vector (IV),
or zero (0) for ECB mode.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Const MY_PATH As String = "C:\Test\"
Dim strFileOut As String, strFileIn As String, strFileChk As String
Dim lngRet As Long
Dim aKey(15) As Byte
' Construct full path names to files
strFileIn = MY_PATH & "now.txt"
strFileOut = MY_PATH & "aesnow.enc"
strFileChk = MY_PATH & "aesnow.chk"
' Convert key to byte array
Call bu_HexStr2Bytes("0123456789ABCDEFF0E1D2C3B4A59687", aKey)
' Encrypt plaintext file to cipher
lngRet = AES_File(strFileOut, strFileIn, aKey(0), _
128, 128, True, "ECB", 0)
Debug.Print lngRet
' Now decrypt it
lngRet = AES_File(strFileChk, strFileOut, aKey(0), _
128, 128, False, "ECB", 0)
Debug.Print lngRet
AES_InitHex initialises the context with the key, direction and mode
ready for repeated
operations of the AES function.
The key and IV data are in hexadecimal format.
Public Declare Function AES_InitHex Lib "diCryptoSys.dll"
(ByVal sHexKey As String, _
ByVal lngKeyBits As Long, ByVal lngBlockBits As Long, _
ByVal bEncrypt As Boolean, _
ByVal sMode As String, ByVal sHexIV As String) As Long
hContext = AES_InitHex(sHexKey, lngKeyBits, lngBlockBits, bEncrypt, sMode, sHexIV)
String containing the key in hexadecimal
representation.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.String indicating mode
to process subsequent input: either "ECB"
for Electronic Codebook mode or "CBC" for Cipher Block Chaining mode.String containing the initialisation vector
in hexadecimal.Long: non-zero handle of the context hContext
to be used in subsequent
calls to the AES function. Returns zero if an error occurs.
AES_InitHex returns zero if an error occurs.
It is important to check that the value of hContext returned is
not equal to zero before calling a AES function.
See AES_UpdateHex.
AES_Init
AES_UpdateHex
AES_Update
AES_Final
[Back to Top]
AES_Init initialises the context with the key, direction and mode
ready for repeated
operations of the AES function.
The key and IV data are in byte arrays.
Public Declare Function AES_Init Lib "diCryptoSys.dll"
(ByRef aKey As Byte, ByVal lngKeyBits As Long, ByVal lngBlockBits As Long,
ByVal bEncrypt As Boolean, ByVal sMode As String, ByRef aInitV As Byte) As Long
hContext = AES_Init(aKey(0), lngKeyBits, lngBlockBits, bEncrypt, sMode, aInitV(0))
Byte array containing the key.Long specifying the number of
bits in the key. Select from 128, 192, or 256.Long specifying the number of
bits in the block. Select from 128, 192, or 256.Boolean direction flag:
set as True to encrypt or False
to decrypt.String indicating mode
to process subsequent input: either "ECB"
for Electronic Codebook mode or "CBC" for Cipher Block Chaining mode.Byte array containing the initialisation vector,
or zero (0) for ECB mode.Long: non-zero handle of the context hContext
to be used in subsequent
calls to the AES function. Returns zero if an error occurs.
AES_Init returns zero if an error occurs.
It is important to check that the value of hContext returned is
not equal to zero before calling a AES function.
See AES_Update.
AES_InitHex
AES_UpdateHex
AES_Update
AES_Final
[Back to Top]
AES_InitError returns the error code after an unsuccessful call to
AES_Init or AES_InitHex.
Public Declare Function AES_InitError Lib "diCryptoSys.dll"
() As Long
lngRet = AES_InitError()
None
Long: Returns the error code from the last call to
AES_Init or AES_InitHex.
AES_UpdateHex carries out the AES transformation function on a hexadecimal string
according to the direction
and mode set up by an earlier call to AES_Init
or AES_InitHex.
Public Declare Function AES_UpdateHex Lib "diCryptoSys.dll"
(ByVal hContext As Long, ByVal sHexString As String) As Long
lngRet = AES_UpdateHex(hContext, sHexString)
Long handle to the AES context set up by an earlier call to
AES_Init or AES_InitHex.String containing input in hexadecimal format
to be processed by the AES function and to receive the output.
Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
Dim hContext As Long
Dim sBlock As String
Dim sHexKey As String
Dim sInitV As String
Dim sNext As String
Dim sLast As String
Dim sCorrect As String
Dim j As Integer
sBlock = "204F17E2444381F6114FF53934C0BCD3"
sHexKey = "8A05FC5E095AF4848A08D328D3688E3D"
sInitV = "8A05FC5E095AF4848A08D328D3688E3D"
sCorrect = "192D9B3AA10BB2F7846CCBA0085C657A"
Debug.Print "AES Monte Carlo CBC Mode Encrypt:"
Debug.Print "KY="; sHexKey
Debug.Print "IV="; sInitV
Debug.Print "PT="; sBlock
hContext = AES_InitHex(sHexKey, 128, 128, True, "CBC", sInitV)
If hContext = 0 Then
MsgBox "Failed to set context", vbCritical
Exit Function
End If
' Do 10,000 times
sNext = sBlock
For j = 0 To 9999
sBlock = sNext
lngRet = AES_UpdateHex(hContext, sBlock)
If j = 0 Then
sNext = sInitV
Else
sNext = sLast
End If
sLast = sBlock
Next
Debug.Print "CT="; sBlock
Debug.Print "OK="; sCorrect
lngRet = AES_Final(hContext)
This should result in output as follows:
AES Monte Carlo CBC Mode Encrypt: KY=8A05FC5E095AF4848A08D328D3688E3D IV=8A05FC5E095AF4848A08D328D3688E3D PT=204F17E2444381F6114FF53934C0BCD3 CT=192D9B3AA10BB2F7846CCBA0085C657A OK=192D9B3AA10BB2F7846CCBA0085C657A
AES_Init
AES_InitHex
AES_Update
AES_Final
[Back to Top]
AES_Update carries out the AES transformation function on a byte array
according to the direction
and mode set up by an earlier call to AES_Init
or AES_InitHex.
Public Declare Function AES_Update Lib "diCryptoSys.dll"
(ByVal hContext As Long, ByRef aData As Byte, ByVal lngDataLen As Long) As Long
lngRet = AES_Update(hContext, aData(0), lngDataLen)
Long handle to the AES context set up by an earlier call to
AES_Init or AES_InitHex.Byte array containing the input
to be processed by the AES function and to receive the output.Long containing length of the data in bytes.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim lngRet As Long
Dim sOutput As String
Dim sInput As String
Dim sHexKey As String
Dim sHexIV As String
Dim sCorrect As String
Dim lngKeyLen As Long
Dim aKey(15) As Byte
Dim aData(15) As Byte
Dim lngDataLen As Long
Dim aInitV(15) As Byte
Dim lngIVLen As Long
Dim hContext As Long
Dim i As Integer
sHexKey = "0123456789ABCDEFF0E1D2C3B4A59687"
sHexIV = "FEDCBA9876543210FEDCBA9876543210"
sInput = "Now is the time for all good men"
sCorrect = "C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177"
' Convert to byte arrays
lngKeyLen = bu_HexStr2Bytes(sHexKey, aKey)
lngIVLen = bu_HexStr2Bytes(sHexIV, aInitV)
Debug.Print "KY="; bu_Bytes2HexStr(aKey, lngKeyLen)
Debug.Print "IV="; bu_Bytes2HexStr(aInitV, lngIVLen)
' Initialise context
hContext = AES_Init(aKey(0), 128, 128, True, "CBC", aInitV(0))
If hContext = 0 Then
MsgBox "Unable to create context"
Exit Function
End If
' Encrypt string in blocks of 16 bytes (128 bits)
sOutput = ""
lngDataLen = 16
For i = 0 To (Len(sInput) \ lngDataLen) - 1
' Get next block
Call bu_String2Bytes(Mid(sInput, i * lngDataLen + 1, lngDataLen), aData)
Debug.Print "PT="; bu_Bytes2String(aData, lngDataLen)
lngRet = AES_Update(hContext, aData(0), lngDataLen)
Debug.Print "CT="; bu_Bytes2HexStr(aData, lngDataLen), lngRet
' Append to output string
sOutput = sOutput & bu_Bytes2String(aData, lngDataLen)
Next
' Show result
Debug.Print "CT="; bu_Str2Hex(sOutput)
Debug.Print "OK="; sCorrect
lngRet = AES_Final(hContext)
' Now decrypt
sInput = sOutput
sOutput = ""
hContext = AES_Init(aKey(0), 128, 128, False, "CBC", aInitV(0))
For i = 0 To (Len(sInput) \ lngDataLen) - 1
' Get next block
Call bu_String2Bytes(Mid(sInput, i * lngDataLen + 1, lngDataLen), aData)
Debug.Print "CT="; bu_Bytes2HexStr(aData, lngDataLen)
lngRet = AES_Update(hContext, aData(0), lngDataLen)
Debug.Print "PT="; bu_Bytes2HexStr(aData, lngDataLen), lngRet
' Append to output string
sOutput = sOutput & bu_Bytes2String(aData, lngDataLen)
Next
' Show result
Debug.Print "P'="; bu_Str2Hex(sOutput)
Debug.Print "P'="; sOutput
lngRet = AES_Final(hContext)
This should result in output as follows:
KY=0123456789ABCDEFF0E1D2C3B4A59687 IV=FEDCBA9876543210FEDCBA9876543210 PT=Now is the time CT=C3153108A8DD340C0BCB1DFE8D25D232 0 PT=for all good men CT=0EE0E66BD2BB4A313FB75C5638E9E177 0 CT=C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177 OK=C3153108A8DD340C0BCB1DFE8D25D2320EE0E66BD2BB4A313FB75C5638E9E177 CT=C3153108A8DD340C0BCB1DFE8D25D232 PT=4E6F77206973207468652074696D6520 0 CT=0EE0E66BD2BB4A313FB75C5638E9E177 PT=666F7220616C6C20676F6F64206D656E 0 P'=4E6F77206973207468652074696D6520666F7220616C6C20676F6F64206D656E P'=Now is the time for all good men
AES_Init
AES_InitHex
AES_UpdateHex
AES_Final
[Back to Top]
AES_Final closes and clears the AES context.
Public Declare Function AES_Final Lib "diCryptoSys.dll"
(ByVal hContext As Long) As Long
lngRet = AES_Final(hContext)
Long containing the handle to the AES context.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
See the examples in
AES_UpdateHex
and AES_Update.
AES_Init
AES_InitHex
AES_UpdateHex
AES_Update
[Back to Top]
AES_Ecb carries out the block cipher transormation function in ECB mode
on a byte array
using the key schedule set up by an earlier call to AES_Init
or AES_InitHex.
The user can set the direction of encryption independently.
Public Declare Function AES_Ecb Lib "diCryptoSys.dll"
(ByVal hContext As Long, ByRef aData As Byte, ByVal lngDataLen As Long,
ByVal bEncrypt As Boolean) As Long
lngRet = AES_Ecb(hContext, aData(0), lngDataLen, bEncrypt)
Long handle to the AES context set up by an earlier call to
AES_Init or AES_InitHex.Byte array containing the input
to be processed by the AES function and to receive the output.Long containing length of the data in bytes.Boolean direction flag:
set as True to encrypt or False
to decrypt.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
AES_Ecb only uses the key schedule;
it does not affect subsequent calls to AES_Update.
The input array aData
should be a multiple of the block length in bytes
(i.e. a multiple of 16, 24 or 32 bytes depending on the block length specified).
If not, odd trailing bytes will be ignored.
Note that the output overwrites the input.
AES_Ecb independently of
AES_Update.
Dim lngRet As Long
Dim hContext As Long
Dim aKey(15) As Byte
Dim aData(15) As Byte
Dim lngDataLen As Long
Dim aInitV(15) As Byte
Dim lngKeyLen As Long
Dim nBlocks As Integer, i As Integer
Dim aECBWork(15) As Byte
' Set up key and IV arrays
' ...
hContext = AES_Init(aKey(0), 128, 128, True, "CBC", aInitV(0))
For i = 0 To nBlocks - 1
' ...
lngRet = AES_Update(hContext, aData(0), lngDataLen)
' Sneak in here and use ECB mode in both directions
lngRet = AES_Ecb(hContext, aECBWork(0), 16, True)
lngRet = AES_Ecb(hContext, aECBWork(0), 16, False)
Next
lngRet = AES_Final(hContext)
AES_EcbHex carries out the block cipher transformation function in ECB mode
on a hexadecimal string
using the key schedule set up by an earlier call to AES_Init
or AES_InitHex.
The user can set the direction of encryption independently.
Public Declare Function AES_EcbHex Lib "diCryptoSys.dll"
(ByVal hContext As Long, ByVal sHexBlock As String,
ByVal bEncrypt As Boolean) As Long
lngRet = AES_EcbHex(hContext, sHexBlock, bEncrypt)
Long handle to the AES context set up by an earlier call to
AES_Init or AES_InitHex.String containing the input
in hexadecimal characters
to be processed by the AES function and to receive the output.
Boolean direction flag:
set as True to encrypt or False
to decrypt.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
AES_EcbHex only uses the key schedule;
it does not affect subsequent calls to AES_Update.
The length of the input string sHexBlock
should be a multiple of two times the block length in bytes
(i.e. representing multiples of 16, 24 or 32 bytes).
If not, odd trailing characters will be ignored.
Valid hexadecimal characters are [0-9A-Fa-f].
Note that the output overwrites the input.
sHexBlock must be a variable that can receive the output, not a constant.
RAN_KeyGenerate creates a cipher key of specified length using
a secure random number generator.
Public Declare Function RAN_KeyGenerate Lib "diCryptoSys.dll"
(ByVal abytKey As Byte, ByVal lngKeyLen As String,
ByVal bPromptUser As Boolean) As Long
lngRet = RAN_KeyGenerate(abytKey(0), lngKeyLen, bPromptUser)
Byte array of sufficient length to receive the output.Long value of the required key length in bytes.Boolean prompt flag:
set as True to prompt user for extra random or secret information,
or False for silent operation.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytKey(0).
Dim abytKey(40) As Byte
Dim sHexKey As String
Dim lngRet As Long
Dim nKeyLen As Long
' Calculate key length
nKeyLen = UBound(abytKey) - LBound(abytKey) + 1
' Generate key with user prompt
lngRet = RAN_KeyGenerate(abytKey(0), nKeyLen, True)
' Convert byte array to hex string and show it
sHexKey = bu_Str2Hex(bu_Bytes2String(abytKey, nKeyLen))
MsgBox sHexKey, Title:="Generated key"
RAN_KeyGenHex
RAN_DESKeyGenerate
RAN_TDEAKeyGenerate
[Back to Top]
RAN_KeyGenHex creates a cipher key of specified length in hexadecimal format using
a secure random number generator.
Public Declare Function RAN_KeyGenerate Lib "diCryptoSys.dll"
(ByVal sHexKey As String, ByVal lngKeyBytes As Long, _
ByVal bPromptUser As Boolean) As Long
lngRet = RAN_KeyGenHex(sHexKey, lngKeyBytes, bPromptUser)
String of sufficient length to receive the output.Long value of the required key length in
bytes.Boolean prompt flag:
set as True to prompt user for extra random or secret information,
or False for silent operation.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim sHexKey As String
Dim lngRet As Long
Dim nKeyBytes As Long
' Set length of hex string to DOUBLE # bytes required
nKeyBytes = 16
sHexKey = String(nKeyBytes * 2, " ")
' Generate key silently
lngRet = RAN_KeyGenHex(sHexKey, nKeyBytes, False)
MsgBox sHexKey, Title:="Generated key"
RAN_DESKeyGenerate creates a random key of 8 bytes suitable
for the DES block cipher.
Public Declare Function RAN_DESKeyGenerate Lib "diCryptoSys.dll"
(ByVal abytKey As Byte,
ByVal bPromptUser As Boolean) As Long
Dim abytKey(7) As Byte
lngRet = RAN_DESKeyGenerate(abytKey(0), bPromptUser)
Byte array at least 8 bytes long.Boolean prompt flag:
set as True to prompt user for extra random information.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytKey(0). A DES key is always 8 bytes long (64 bits).
The parity bit is set. Weak and semi-weak keys are checked for and rejected.
Dim abytKey(7) As Byte
Dim sHexKey As String
Dim lngRet As Long
lngRet = RAN_DESKeyGenerate(abytKey(0), True)
sHexKey = bu_Str2Hex(bu_Bytes2String(abytKey, 8))
MsgBox sHexKey, Title:="Generated DES key"
RAN_KeyGenerate
RAN_TDEAKeyGenerate
[Back to Top]
RAN_DESKeyGenHex creates a random key of 8 bytes in hexadecimal format suitable
for the DES block cipher.
Public Declare Function RAN_DESKeyGenHex Lib "diCryptoSys.dll"
(ByVal sHexKey As String, ByVal bPromptUser As Boolean) As Long
lngRet = RAN_DESKeyGenHex(sHexKey, bPromptUser)
String of sufficient length to receive the output.Boolean prompt flag:
set as True to prompt user for extra random information.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim sHexKey As String
Dim lngRet As Long
' Set length of hex string to DOUBLE # bytes required
sHexKey = String(16, " ")
' Generate key silently
lngRet = RAN_DESKeyGenHex(sHexKey, False)
Debug.Print sHexKey
RAN_KeyGenerate
RAN_DESKeyGenerate
[Back to Top]
RAN_TDEAKeyGenerate creates a random key of 24 bytes suitable
for the Triple DES (TDEA) block cipher.
Public Declare Function RAN_TDEAKeyGenerate Lib "diCryptoSys.dll"
(ByVal abytKey As Byte,
ByVal bPromptUser As Boolean) As Long
Dim abytKey(23) As Byte
lngRet = RAN_TDEAKeyGenerate(abytKey(0), bPromptUser)
Byte array at least 24 bytes long.Boolean prompt flag:
set as True to prompt user for extra random information.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytKey(0). A TDEA key is always 24 bytes long (192 bits).
The parity bit is set. Weak and semi-weak keys are rejected.
Dim abytKey(23) As Byte
Dim sHexKey As String
Dim lngRet As Long
lngRet = RAN_TDEAKeyGenerate(abytKey(0), False)
sHexKey = bu_Str2Hex(bu_Bytes2String(abytKey, 24))
MsgBox sHexKey, Title:="Generated TDEA key"
RAN_KeyGenerate
RAN_DESKeyGenerate
[Back to Top]
RAN_TDEAKeyGenHex creates a random key of 24 bytes in hexadecimal format suitable
for the Triple-DES (TDEA) block cipher.
Public Declare Function RAN_TDEAKeyGenHex Lib "diCryptoSys.dll"
(ByVal sHexKey As String, ByVal bPromptUser As Boolean) As Long
lngRet = RAN_TDEAKeyGenHex(sHexKey, bPromptUser)
String of sufficient length to receive the output.Boolean prompt flag:
set as True to prompt user for extra random information.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
Dim sHexKey As String
Dim lngRet As Long
' Set length of hex string to DOUBLE # bytes required
sHexKey = String(48, " ")
' Generate key with prompt
lngRet = RAN_TDEAKeyGenHex(sHexKey, True)
Debug.Print sHexKey
RAN_KeyGenerate
RAN_DESKeyGenerate
[Back to Top]
RAN_Seed adds a seed to the randomness pool and causes the pool to be mixed.
The user can be prompted for random keystroke timing and mouse movement data
that will be added to the pool, or the
caller can specify an array of bytes to be added to the pool, or both.
Public Declare Function RAN_Seed Lib "diCryptoSys.dll"
(ByVal abytSeed As Byte, ByVal lngSeedLen
ByVal bPromptUser As Boolean) As Long
lngRet = RAN_Seed(abytSeed(0), lngSeedLen, bPromptUser)
Byte array containing seed values set by the caller.
Set as zero (0) for no seed data.Long specifying the length of the abytSeed
array. Set as zero for no seed data.Boolean prompt flag:
set as True to prompt user for extra random information.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytSeed(0). The value of the seed adds to
the randomness pool; it cannot directly influence the actual numbers generated by
the secure random number generator.
lngRet = RAN_Seed(vbNullString, 0, True)
This will seed the pool with the three ascii characters "abc" without prompting the user.
Dim lngRet As Long
Dim abytSeed(2) As Byte
abytSeed(0) = &61
abytSeed(1) = &62
abytSeed(2) = &63
lngRet = RAN_Seed(abytSeed(0), 3, False)
RAN_Test will carry out a "Power-up" test on the next 20,000 bits
from the random number generator according to FIPS140-2
as updated in Change Notice 1 (10 October 2001).
The results and the 20,000 bit
sample are written to a text file.
Public Declare Function RAN_Test Lib "diCryptoSys.dll"
(ByVal sFilename As String) As Long
lngRet = RAN_Test(sFilename)
String containing the full path name of a file
to be created containing the results of the test.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
sFilename does not exist, it will be created.
If it already exists, it will be overwritten without warning. If no directory path
is specified, the file will be created in the current default directory.
For more details on the test refer to section 4.9 of FIPS140-2
[FIPS140]
or see chapter 5 of Menezes [MENE].
lngRet = RAN_Test("Fips140t.txt")
Will create the results file "Fips140t.txt" in the default directory.
An example file is
FIPS140-2 test for 20000 bits (2500 bytes) at Sat Feb 15 18:28:30 2003
1. Monobits test n1 = 9909 (9725 - 10275)
Passed Monobits test.
2. Poker test X = 19.69 (2.16 - 46.17)
Passed Poker test.
3. Runs test:
Run len: 1 2 3 4 5 6+
Gaps: 2507, 1236, 679, 319, 147, 147
Blocks: 2575, 1239, 633, 290, 138, 161
Min: (2315, 1114, 527, 240, 103, 103)
Avg: (2500, 1250, 625, 312, 156, 156)
Max: (2685, 1386, 723, 384, 209, 209)
Pass: Y Y Y Y Y Y
Passed Runs test.
4. Long runs test: Gmax = 17 Bmax = 11 (26)
Passed Long Run test.
Passed FIPS140-2 test.
Test sample was:-
BFB1EF06A74AB69698ED...
RAN_Nonce returns a random nonce (number used once) as a specified-length
byte array.
Public Declare Function RAN_Nonce Lib "diCryptoSys.dll"
(ByVal ByRef abytNonce As Byte, lngNonceLen As Long) As Long
lngRet = RAN_Nonce(abytNonce(0), lngNonceLen)
Byte array to be filled with
random values.Long specifying the number of
required bytes in the nonce.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytNonce must be at least lngNonceLen bytes long.
Note the (0) in abytNonce(0). RAN_Nonce uses a different generator from the
RAN_KeyGenerate
function and is suitable when random but not necessarily unpredictable data are required.
Dim abytNonce(10) As Byte
Dim sHex As String
Dim lngRet As Long
Dim lngNonceLen As Long
lngNonceLen = UBound(abytNonce) - LBound(abytNonce) + 1
lngRet = RAN_Nonce(abytNonce(0), lngNonceLen)
' Convert to hex string
sHex = bu_Str2Hex(bu_Bytes2String(abytNonce, lngNonceLen))
MsgBox sHex, Title:="Generated nonce"
RAN_NonceHex
RAN_Long
RAN_KeyGenerate
[Back to Top]
RAN_NonceHex returns a specified-length random nonce (number used once) as a
hexadecimal string.
Public Declare Function RAN_NonceHex Lib "diCryptoSys.dll"
(ByVal sHexData As String, ByVal lngNonceLen As Long) As Long
lngRet = RAN_NonceHex(sHexData, lngNonceLen)
String array to be filled with
random values expressed in hexadecimal.Long specifying the number of
required bytes in the nonce.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
sHexData must be filled with dummy characters
to two times lngNonceLen before calling the function.
RAN_NonceHex uses a different generator from the
RAN_KeyGenerate
function and is suitable when random but not necessarily unpredictable data are required.
Dim sHexData As String
Dim lngRet As Long
' Set hex string length to 2 x # bytes required.
sHexData = String(40, " ")
lngRet = RAN_NonceHex(sHexData, 20)
Debug.Print sHexData
RAN_Nonce
RAN_Long
RAN_KeyGenerate
[Back to Top]
RAN_Long returns a random Long number between specified limits.
Public Declare Function RAN_Long Lib "diCryptoSys.dll"
(ByVal lngLower As Long, ByVal lngUpper As Long) As Long
lngRandom = RAN_Long(lngLower, lngUpper)
Long specifying a lower limit.Long specifying an upper limit.Long: random number between lngLower and lngUpper.
RAN_Long uses the RAN_Nonce generator.
Dim i As Integer
For i = 1 To 10
Debug.Print RAN_Long(-1000000, 1000000)
Next
This will generate 8 random bits:
Dim i As Integer
For i = 1 To 8
Debug.Print RAN_Long(0, 1);
Next
Debug.Print
RNG_KeyGenerate creates a cipher key of specified length using
the FIPS-140/X9.31/X9.17-compliant random number generator.
Public Declare Function RNG_KeyGenerate
Lib "diCryptoSys.dll"
(ByRef abytKey As Byte, ByVal lngKeyLen As Long, ByVal strSeed As String,
ByRef lngCheck As Long, ByVal lngFlags As Long) As Long
lngRet = RNG_KeyGenerate(abytKey(0), lngKeyLen, strSeed, lngCheck, lngFlags)
Byte array of sufficient length to receive the output.Long value of the required key length in bytes.String containing (optional) seed characters
or zero (0) or "".Long variable that will be set by the program and used
in subsequent calls for continuous self-testing. Long flags.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytKey(0). The lngCheck parameter is set by the
function to be used as a check in continuous testing. This must be a variable, not a constant,
unless the RNG_NOCHECK flag is set.
If strSeed is empty or vbNullString, it is ignored; otherwise any non-zero
Ansi characters
in the string will be used to seed the RNG in addition to the algorithm's
own seeding.
lngFlags specifies a set of bit flags. This parameter can be combination
of the following flags:
| Flag | Value | Meaning |
|---|---|---|
RNG_DEFAULT | 0 | Default |
RNG_NOCHECK | 1 | Ignore and do not set lngCheck |
RNG_DESKEY | 2 | Set key to be a DES or 3DES key, i.e. set the parity bits and check for DES weak or semi-weak keys |
Dim abytKey() As Byte
Dim lngRet As Long
Dim nKeyLen As Long
Dim lngCheck As Long
Dim i As Integer
nKeyLen = 24
ReDim abytKey(nKeyLen - 1)
' Generate three successive 192-bit random keys with no seeding
For i = 1 To 3
lngRet = RNG_KeyGenerate(abytKey(0), nKeyLen, "", lngCheck, RNG_DEFAULT)
Debug.Print cv_HexFromBytes(abytKey), Hex(lngCheck)
Next
' Generate three more 192-bit random keys using the counter as a seed
For i = 1 To 3
lngRet = RNG_KeyGenerate(abytKey(0), nKeyLen, CStr(i), lngCheck, RNG_DEFAULT)
Debug.Print cv_HexFromBytes(abytKey), Hex(lngCheck)
Next
' Generate a random key without using continuous checking
lngRet = RNG_KeyGenerate(abytKey(0), nKeyLen, "my random chars...", 0, RNG_NOCHECK)
Debug.Print cv_HexFromBytes(abytKey), Hex(lngCheck)
' Generate a Triple DES key using the current time as a seed
lngRet = RNG_KeyGenerate(abytKey(0), nKeyLen, CStr(Now()), lngCheck, RNG_DESKEY)
Debug.Print cv_HexFromBytes(abytKey), Hex(lngCheck)
This will produce output that of the following form:
D9945E8068422C9EBF8E71B9A16BB59096063DF8D240C567 C386B181 39AF0498DD979C924A78BD95F9B32D89C91EB9401B89C75B C386B181 A03E48440A048E97A7409B5893CFB10E129E7765C45D5EC5 C386B181 0996EBF84278EF1F8A66F9C6A336575C3ABA36B271A0BF24 C386B181 35E0E91759779AE8FBC9265B98176504C49CA8BF07627B69 C386B181 90D40E9A728D877F9E2AF6827D40375C82C6350CE5FF3593 C386B181 04EA24ABA48A1C805805FD017B1269611EB2F4BDD4D20EBE C386B181 A2C4EC1F891AE00243BAD08097D6F898B06D2657B945D513 C386B181Note that the value of
lngCheck was set on the first call to the
function and is used on subsequent calls as a check. There is no
relation between the value stored in this variable and the random numbers
generated by the function. For more details see
Using the new RNG functions. You are welcome to check that
the last key generated has the correct parity bits set for a DES key.
RNG_KeyGenHex creates a cipher key of specified length in hexadecimal format using
the FIPS-140/X9.31/X9.17-compliant random number generator.
Public Declare Function RNG_KeyGenHex
Lib "diCryptoSys.dll"
(ByVal strHexKey As String, ByVal lngKeyLen As Long, ByVal strSeed As String,
ByRef lngCheck As Long, ByVal lngFlags As Long) As Long
lngRet = RNG_KeyGenHex(sHexKey, lngKeyBytes, strSeed, lngCheck, lngFlags)
String of sufficient length to receive the output.Long value of the required key length in bytes.String containing (optional) seed characters
or zero (0) or "".Long that will be set by the program and used
in subsequent calls for continuous self-testing. This must be a variable, not a constant,
unless the RNG_NOCHECK flag is set.Long flags.Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
lngCheck parameter is set by the
function to be used as a check in continuous testing.
If strSeed is empty or vbNullString, it is ignored; otherwise any non-zero
Ansi characters
in the string will be used to seed the RNG.
The lngFlags may be one
or more of the
following values:
0 RNG_DEFAULT Default.
1 RNG_NOCHECK Ignore and do not set lngCheck
2 RNG_DESKEY Set key to be a DES or 3DES key, i.e. set the
parity bit and check for DES weak or semi-weak keys.
Dim strHexKey As String
Dim lngRet As Long
Dim nKeyLen As Long
Dim lngCheck As Long
Dim i As Integer
nKeyLen = 24
' Pre-dimension hex string to be DOUBLE key length in bytes
strHexKey = String(nKeyLen * 2, " ")
' Generate three successive 192-bit random keys with no seeding
For i = 1 To 3
lngRet = RNG_KeyGenHex(strHexKey, nKeyLen, "", lngCheck, RNG_DEFAULT)
Debug.Print strHexKey, Hex(lngCheck)
Next
' Generate three more 192-bit random keys using the counter as a seed
For i = 1 To 3
lngRet = RNG_KeyGenHex(strHexKey, nKeyLen, CStr(i), lngCheck, RNG_DEFAULT)
Debug.Print strHexKey, Hex(lngCheck)
Next
' Generate a random key without using continuous checking
lngRet = RNG_KeyGenHex(strHexKey, nKeyLen, "random ya-ha", 0, RNG_NOCHECK)
Debug.Print strHexKey, Hex(lngCheck)
' Generate a Triple DES key using the current time as a seed
lngRet = RNG_KeyGenHex(strHexKey, nKeyLen, CStr(Now()), lngCheck, RNG_DESKEY)
Debug.Print strHexKey, Hex(lngCheck)
RNG_Nonce returns a random nonce (number used once) as a specified-length
byte array.
Public Declare Function RNG_Nonce Lib "diCryptoSys.dll"
(ByRef abytNonce As Byte, lngNonceLen As Long, ByVal strSeed As String) As Long
lngRet = RNG_Nonce(abytNonce(0), lngNonceLen, strSeed)
Byte array to be filled with
random values.Long specifying the number of
required bytes in the nonce.String containing (optional) seed characters
or zero (0) or "".Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
abytNonce must be at least lngNonceLen bytes long.
Note the (0) in abytNonce(0).
The characters provided in strSeed
are used as additional seeding to the nonce generator. If strSeed
is empty or vbNullString, it is not used.
RNG_Nonce uses a different generator from the
RNG_KeyGenerate
function and is suitable when random but not necessarily unpredictable data are required.
Dim abData(23) As Byte
Dim lngRet As Long
Dim lngCheck As Long
lngRet = RNG_Nonce(abData(0), 24, vbNullString)
Debug.Print lngRet; cnvHexStrFromBytes(abData)
lngRet = RNG_Nonce(abData(0), 24, "pqr")
Debug.Print lngRet; cnvHexStrFromBytes(abData)
lngRet = RNG_Nonce(abData(0), 24, "")
Debug.Print lngRet; cnvHexStrFromBytes(abData)
RNG_NonceHex
RNG_Long
RNG_KeyBytes
RNG_NonceHex returns a specified-length random nonce (number used once) as a
hexadecimal string.
Public Declare Function RNG_NonceHex Lib "diCryptoSys.dll"
(ByVal sHexData As String, ByVal lngNonceLen As Long,
ByVal strSeed As String) As Long
lngRet = RNG_NonceHex(sHexData, lngNonceLen, strSeed)
String array to be filled with
random values expressed in hexadecimal.Long specifying the number of
required bytes in the nonce.String containing (optional) seed characters
or zero (0) or "".Long: If successful, the return value is 0;
otherwise it returns a non-zero error code.
sHexData must be filled with dummy characters
to two times lngNonceLen before calling the function.
The characters provided in strSeed
are used as additional seeding to the nonce generator. If strSeed
is empty or vbNullString, it is not used.
RNG_NonceHex uses a different generator from the
RNG_KeyGenerate
function and is suitable when random but not necessarily unpredictable data are required.
Dim sHexData As String
Dim lngRet As Long
Dim nBytes as long
nBytes = 20
' Set hex string length to 2 x # bytes required.
sHexData = String(2 * nBytes, " ")
lngRet = RNG_NonceHex(sHexData, nBytes, "")
Debug.Print sHexData
RNG_Nonce
RNG_Long
RNG_KeyBytes
RNG functions are stateless and are fully-compliant with the FIPS-140
and X9.31/X9.17 requirements.
The older-style RAN functions based on Peter Gutmann's paper
have been retained both for compatibility with version 1 and because developers
may find them simpler to use.
The RNG and RAN functions are completely independent of each other.
The following table summarises the differences between the two classes of functions.
| Functionality | RNG_ KeyGenerate | RNG_ Nonce | RAN_ KeyGenerate | RAN_ Nonce |
|---|---|---|---|---|
| Fully compliant with FIPS-140-2 and ANSI X9.17/X9.31 | Yes | No | No | No |
| In CryptoSys API version 1 | No | No | Yes | Yes |
| Stateless operation, i.e. no static data | Yes | Yes | No | No |
| Option to add user-supplied seed via function parameter | Yes | Yes | Yes | No |
| Option for user prompt via GUI | No | No | Yes | No |
| Hides and moves randomness pool in memory | No | No | Yes | No |
| Automatically carries out FIPS-140 power-up test(1) | No | No | Yes | No |
| Carries out FIPS-140 continuous random number generator test | Yes | No | Yes | No |
Note (1): The FIPS-140 statistical power-up test has been withdrawn as of Change Notice 2 (December 2002).
All Visual Basic code that worked with Version 1 of
CryptoSys API will still work with Version 2,
with one exception: where
the value vbNullString has been used as a default for a
Byte IV array in ECB mode.
The change in the Declaration Statements to use specific typing means that
this will now cause a run-time error 13:
Type mismatch
This effects only the following functions and then only where ECB mode has been used:
AES_BytesModeAES_FileAES_InitBLF_BytesModeBLF_FileBLF_InitDES_BytesModeDES_FileDES_InitTDEA_BytesModeTDEA_FileTDEA_Init
The solution is to replace vbNullString with the value zero instead, for example:
' OLD METHOD - will cause a Type mismatch error
iRet = BLF_File(strFileOut, strFileIn, aKey(0), nBytes, _
True, "ECB", vbNullString) ' NO!
' CHANGE TO:
iRet = BLF_File(strFileOut, strFileIn, aKey(0), nBytes, _
True, "ECB", 0) ' OK
Note that
vbNullString is still a valid default for certain String
variables, but you could also use the empty string ("") instead.
Existing executables compiled using the old Declare Statements will still work with the new version of the DLL.
Copyright © 2001-5 D.I. Management Services Pty Limited t/a CryptoSys ABN 78 083 210 584,
Sydney, Australia.
All rights reserved.
<www.cryptosys.net>
<www.di-mgt.com.au>