Crypt2 Delphi DLL Reference Documentation

Crypt2

Current Version: 10.0.0

Chilkat encryption component.

Create/Dispose

var
myObject: HCkCrypt2;

begin
myObject := CkCrypt2_Create();

// ...

CkCrypt2_Dispose(myObject);
end;
function CkCrypt2_Create: HCkCrypt2; stdcall;

Creates an instance of the HCkCrypt2 object and returns a handle (i.e. a Pointer). The handle is passed in the 1st argument for the functions listed on this page.

procedure CkCrypt2_Dispose(handle: HCkCrypt2); stdcall;

Objects created by calling CkCrypt2_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function.

Properties

AbortCurrent
function CkCrypt2_getAbortCurrent(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putAbortCurrent(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;
Introduced in version 9.5.0.58

When set to True, causes the currently running method to abort. Methods that always finish quickly (i.e.have no length file operations or network communications) are not affected. If no method is running, then this property is automatically reset to False when the next method is called. When the abort occurs, this property is reset to False. Both synchronous and asynchronous method calls can be aborted. (A synchronous method call could be aborted by setting this property from a separate thread.)

top
BCryptWorkFactor
function CkCrypt2_getBCryptWorkFactor(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putBCryptWorkFactor(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;
Introduced in version 9.5.0.65

The BCrypt work factor to be used for the BCryptHash and BCryptVerify. This is the log2 of the number of rounds of hashing to apply. For example, if the work (cost) factor is 12, then 2^12 rounds of hashing are applied. The purpose of this cost factor is to make the BCrypt computation expensive enought to prevent brute-force attacks. (Any complaints about BCrypt "not being fast enough" will be ignored.)

This property must have a value ranging from 4 to 31 inclusive.

The default value is 10.

top
BlockSize
function CkCrypt2_getBlockSize(objHandle: HCkCrypt2): Integer; stdcall;

The block-size (in bytes) of the selected encryption algorithm. For example, if the CryptAlgorithm property is set to "aes", the BlockSize property is automatically set to 16. The block-size for the ARC4 streaming encryption algorithm is 1.

top
CadesEnabled
function CkCrypt2_getCadesEnabled(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putCadesEnabled(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;

Applies to all methods that create PKCS7 signatures. To create a CAdES-BES signature, set this property equal to True. The default value of this property is False.

top
CadesSigPolicyHash
procedure CkCrypt2_getCadesSigPolicyHash(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCadesSigPolicyHash(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__cadesSigPolicyHash(objHandle: HCkCrypt2): PWideChar; stdcall;

This is the base64 hash of the policy document located at the CadesSigPolicyUri. You can use either the SHA256 or SHA1 hash. You may use this online tool to compute the base64 hash: Compute Base64 Hash for CaDES Signature Policy URL

Note: This property applies to all methods that create PKCS7 signatures. To create a CAdES-EPES signature, set the CadesEnabled property = True, and also provide values for each of the following properties: CadesSigPolicyHash, CadesSigPolicyId, and CadesSigPolicyUri. For example (in pseudo-code):

cryptObj.CadesSigPolicyId = "2.16.76.1.7.1.1.1"
cryptObj.CadesSigPolicyUri = "http://politicas.icpbrasil.gov.br/PA_AD_RB.der"
cryptObj.CadesSigPolicyHash = "rySugyKaMhiMR8Y/o5yuU2A2bF0="
Note: Do NOT use the values above. They are only provided as an example to show valid values. For example, the Policy ID is an OID. The Policy URI is a typically a URL to a DER encoded policy file, and the Policy Hash is a base64 encoded hash.

See the notes about PWideChar memory ownership and validity.

top
CadesSigPolicyId
procedure CkCrypt2_getCadesSigPolicyId(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCadesSigPolicyId(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__cadesSigPolicyId(objHandle: HCkCrypt2): PWideChar; stdcall;

See the description for the CadesSigPolicyHash property above.

See the notes about PWideChar memory ownership and validity.

top
CadesSigPolicyUri
procedure CkCrypt2_getCadesSigPolicyUri(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCadesSigPolicyUri(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__cadesSigPolicyUri(objHandle: HCkCrypt2): PWideChar; stdcall;

See the description for the CadesSigPolicyHash property above.

See the notes about PWideChar memory ownership and validity.

top
Charset
procedure CkCrypt2_getCharset(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCharset(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__charset(objHandle: HCkCrypt2): PWideChar; stdcall;

Controls the character encoding of the text encrypted, signed, hashed or compressed. This property is relevant wherever strings are used as inputs or outputs.

This property defaults to the ANSI charset of the computer. For example, the default ANSI code page on Windows computers in the USA and Western Europe would be "windows-1252".

When working with strings, it is important to know the exact bytes that are being encrypted/hashed/signed/compressed. This is critical when interoperating with other systems. If your application is sending an encrypted string to another system that will decrypt it, you will need to know the encoding of the string that is expected on the receiving end (after decryption). If you pass Unicode data (2 byte per character) to the encryptor, subsequent decryption will reproduce the original Unicode. However, it may be that your program works with Unicode strings, but the recipient of the encrypted data works with iso-8859-1 strings. In such a case, setting the Charset property to "iso-8859-1" causes the character data to be automatically converted to the Charset before being encrypted (or compressed, or hashed, or signed). The set of valid charsets is listed below:

<font size="2" face="MS Sans Serif">
hex
base64
    * "hex" and "base64" are special values that allow for binary (non-text) encoded data to be passed to any method where the input data is a string.
       Rather than converting to an actual charset (such as utf-8, iso-8859-1), the binary data is decoded, and the decoded bytes are passed
        to the underlying encryptor, hashing, signing, etc.
ANSI
us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u

See the notes about PWideChar memory ownership and validity.

top
CipherMode
procedure CkCrypt2_getCipherMode(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCipherMode(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__cipherMode(objHandle: HCkCrypt2): PWideChar; stdcall;

Controls the cipher mode for block encryption algorithms (AES, Blowfish,TwoFish, DES, 3DES, RC2). Possible values are "CBC" (the default) , "ECB", "CTR", "OFB", "GCM", and "CFB". These acronyms have the following meanings:

  • CBC: Cipher Block Chaining,
  • ECB: Electronic CookBook
  • CTR: Counter Mode
  • CFB: Cipher Feedback
  • OFB: Output Feedback
  • GCM: Galois/Counter Mode
  • XTS: AES-XTS (starting in Chilkat v9.5.0.91)

(see http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation )

Note: Prior to Chilkat v9.5.0.55, the CFB mode is only implemented for AES, Blowfish, and DES/3DES, and the CTR mode is only implemented for AES.

Starting in v9.5.0.55 CFB and OFB modes are useable with all encryption algorithms, and GCM (Galois/Counter Mode) is available with any cipher having a 16-byte block size, such as AES and Twofish. CFB, OFB, CTR, and GCM modes convert block ciphers into stream ciphers. In these modes of operation, the PaddingScheme property is unused because no padding occurs.

Starting in v9.5.0.91 Chilkat supports AES-XTS mode. XTS mode additionally uses a tweak key and tweak value, which are set via the XtsSetEncodedTweakKey, XtsSetEncodedTweakValue, and XtsSetDataUnitNumber. (The latter two functions provide alternative means of setting the tweak value.) Note: Chilkat fully supports AES-XTS mode with ciphertext-stealing, which means it will correctly encrypt/decrypt data with size not divisible by the block size (i.e. divisible by 16 bytes).

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
CmsOptions
procedure CkCrypt2_getCmsOptions(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCmsOptions(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__cmsOptions(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.78

A JSON string for controlling extra CMS (PKCS7) signature and validation options.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
CryptAlgorithm
procedure CkCrypt2_getCryptAlgorithm(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putCryptAlgorithm(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__cryptAlgorithm(objHandle: HCkCrypt2): PWideChar; stdcall;

Selects the encryption algorithm for encrypting and decrypting. Possible values are: "chacha20", "pki", "aes", "blowfish2", "des", "3des", "rc2", "arc4", "twofish", "pbes1" and "pbes2". The "pki" encryption algorithm isn't a specific algorithm, but instead tells the component to encrypt/decrypt using public-key encryption with digital certificates. The other choices are symmetric encryption algorithms that do not involve digital certificates and public/private keys.

The default value is "aes"

The original Chilkat implementation of Blowfish (in 2004) has a 4321 byte-swapping issue (the results are 4321 byte-swapped). The newer implementation (in 2006 and named "blowfish2") does not byte swap. This should be used for compatibility with other Blowfish software. If an application needs to decrypt something encrypted with the old 4321 byte-swapped blowfish, set the property to "blowfish_old".

Password-based encryption (PBE) is selected by setting this property to "pbes1" or "pbes2". Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at https://tools.ietf.org/html/rfc2898. If PBE is used, the underlying encryption algorithm is specified by the PbesAlgorithm property. The underlying encryption (PbesAlgorithm) for PBES1 is limited to 56-bit DES or 64-bit RC2.

Note:The chacha20 algorithm is introduced in Chilkat v9.5.0.55.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
DebugLogFilePath
procedure CkCrypt2_getDebugLogFilePath(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putDebugLogFilePath(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__debugLogFilePath(objHandle: HCkCrypt2): PWideChar; stdcall;

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncodingMode
procedure CkCrypt2_getEncodingMode(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putEncodingMode(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__encodingMode(objHandle: HCkCrypt2): PWideChar; stdcall;

Controls the encoding of binary data to a printable string for many methods. The valid modes are "Base64", "modBase64", "base64url", "Base32", "Base58", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oauth", "url_rfc1738", "url_rfc2396", "url_rfc3986", "fingerprint", or "decimal".

The default value is "base64"

The "fingerprint" and"decimal" encodings are introduced in Chilkat v9.5.0.55.

The "fingerprint" encoding is a lowercase hex encoding where each hex digit is separated by a colon character. For example: 6a:de:e0:af:56:f8:0c:04:11:5b:ef:4d:49:ad:09:23

The "decimal" encoding is for converting large decimal integers to/from a big-endian binary representation. For example, the decimal string "72623859790382856" converts to the bytes 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
FirstChunk
function CkCrypt2_getFirstChunk(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putFirstChunk(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;

Chilkat Crypt2 provides the ability to feed the encryption/decryption methods with chunks of data. This allows a large amount of data, or a data stream, to be fed piecemeal for encrypting or decrypting. It applies to all symmetric algorithms currently supported (AES, Blowfish, Twofish, 3DES, RC2, DES, ARC4), and all algorithms supported in the future.

The default value for both FirstChunk and LastChunk is True. This means when an Encrypt* or Decrypt* method is called, it is both the first and last chunk (i.e. it's the entire amount of data to be encrypted or decrypted).

If you wish to feed the data piecemeal, do this:

  1. Set FirstChunk = True, LastChunk = False for the first chunk of data.
  2. For all "middle" chunks (i.e. all chunks except for the final chunk) set FirstChunk = False and LastChunk = False.
  3. For the final chunk, set FirstChunk = False and LastChunk = True

There is no need to worry about feeding data according to the block size of the encryption algorithm. For example, AES has a block size of 16 bytes. Data may be fed in chunks of any size. The Chilkat Crypt2 component will buffer the data. When the final chunk is passed, the output is padded to the algorithm's block size according to the PaddingScheme.

top
HashAlgorithm
procedure CkCrypt2_getHashAlgorithm(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putHashAlgorithm(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__hashAlgorithm(objHandle: HCkCrypt2): PWideChar; stdcall;

Selects the hash algorithm used by methods that create hashes. The valid choices are "sha1", "sha256", "sha384", "sha512", "sha3-224", "sha3-256", "sha3-384", "sha3-512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320".

Note: SHA-2 designates a set of cryptographic hash functions that includes SHA-256, SHA-384, and SHA-512. Chilkat by definition supports "SHA-2" because it supports these algorithms.

The default value is "sha1".

Note: The HAVAL hash algorithm is affected by two other properties: HavalRounds and KeyLength.

  • The HavalRounds may have values of 3, 4, or 5.
  • The KeyLength may have values of 128, 160, 192, 224, or 256.

Note: The "sha3-224", "sha3-256", "sha3-384", "sha3-512" algorithms are added in Chilkat v9.5.0.83.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
HavalRounds
function CkCrypt2_getHavalRounds(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putHavalRounds(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;

Applies to the HAVAL hash algorithm only and must be set to the integer value 3, 4, or 5. The default value is 3.

top
HeartbeatMs
function CkCrypt2_getHeartbeatMs(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putHeartbeatMs(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;

The number of milliseconds between each AbortCheck event callback. The AbortCheck callback allows an application to abort some methods call prior to completion. If HeartbeatMs is 0 (the default), no AbortCheck event callbacks will fire.

The methods with event callbacks are: CkDecryptFile, CkEncryptFile, HashFile, and HashFileENC.

top
IncludeCertChain
function CkCrypt2_getIncludeCertChain(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putIncludeCertChain(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;

Only applies when creating digital signatures. If True (the default), then additional certificates (if any) in the chain of authentication are included in the PKCS7 digital signature.

top
InitialCount
function CkCrypt2_getInitialCount(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putInitialCount(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;
Introduced in version 9.5.0.55

The initial counter for the ChaCha20 encryption algorithm. The default value is 0.

top
IterationCount
function CkCrypt2_getIterationCount(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putIterationCount(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;

Iteration count to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

The purpose of the iteration count is to increase the computation required to encrypt and decrypt. A larger iteration count makes cracking via exhaustive search more difficult. The default value is 1024.

top
IV
procedure CkCrypt2_getIV(objHandle: HCkCrypt2; outPropVal: HCkByteData); stdcall;
procedure CkCrypt2_putIV(objHandle: HCkCrypt2; newPropVal: HCkByteData); stdcall;

The initialization vector to be used with symmetric encryption algorithms (AES, Blowfish, Twofish, etc.). If left unset, no initialization vector is used.

More Information and Examples
top
KeyLength
function CkCrypt2_getKeyLength(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putKeyLength(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;

The key length in bits for symmetric encryption algorithms. The default value is 256.

top
LastChunk
function CkCrypt2_getLastChunk(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putLastChunk(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;

(See the description for the FirstChunk property.)

top
LastErrorHtml
procedure CkCrypt2_getLastErrorHtml(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
function CkCrypt2__lastErrorHtml(objHandle: HCkCrypt2): PWideChar; stdcall;

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

See the notes about PWideChar memory ownership and validity.

top
LastErrorText
procedure CkCrypt2_getLastErrorText(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
function CkCrypt2__lastErrorText(objHandle: HCkCrypt2): PWideChar; stdcall;

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

See the notes about PWideChar memory ownership and validity.

top
LastErrorXml
procedure CkCrypt2_getLastErrorXml(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
function CkCrypt2__lastErrorXml(objHandle: HCkCrypt2): PWideChar; stdcall;

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

See the notes about PWideChar memory ownership and validity.

top
LastMethodSuccess
function CkCrypt2_getLastMethodSuccess(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putLastMethodSuccess(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;

Indicate whether the last method call succeeded or failed. A value of True indicates success, a value of False indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = True and failure = False.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to True. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

top
MacAlgorithm
procedure CkCrypt2_getMacAlgorithm(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putMacAlgorithm(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__macAlgorithm(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.55

Selects the MAC algorithm to be used for any of the Mac methods, such as MacStringENC, MacBytes, etc. The default value is "hmac". Possible values are "hmac" and "poly1305".

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
NumSignerCerts
function CkCrypt2_getNumSignerCerts(objHandle: HCkCrypt2): Integer; stdcall;

This property is set when a digital signature is verified. It contains the number of signer certificates. Each signing certificate can be retrieved by calling the GetSignerCert method, passing an index from 0 to NumSignerCerts-1.

top
OaepHash
procedure CkCrypt2_getOaepHash(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putOaepHash(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__oaepHash(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.67

Selects the hash algorithm for use within OAEP padding when encrypting using "pki" with RSAES-OAEP. The valid choices are "sha1", "sha256", "sha384", "sha512",

The default value is "sha256"

See the notes about PWideChar memory ownership and validity.

top
OaepMgfHash
procedure CkCrypt2_getOaepMgfHash(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putOaepMgfHash(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__oaepMgfHash(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.71

Selects the MGF hash algorithm for use within OAEP padding when encrypting using "pki" with RSAES-OAEP. The valid choices are "sha1", "sha256", "sha384", "sha512", The default is "sha1".

See the notes about PWideChar memory ownership and validity.

top
OaepPadding
function CkCrypt2_getOaepPadding(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putOaepPadding(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;
Introduced in version 9.5.0.67

Selects the RSA encryption scheme when encrypting using "pki" (with a certificate and private key). The default value is False, which selects RSAES_PKCS1-V1_5. If set to True, then RSAES_OAEP is used.

top
PaddingScheme
function CkCrypt2_getPaddingScheme(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putPaddingScheme(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;

The padding scheme used by block encryption algorithms such as AES (Rijndael), Blowfish, Twofish, RC2, DES, 3DES, etc. Block encryption algorithms pad encrypted data to a multiple of algorithm's block size. The default value of this property is 0.

Possible values are:

0 = RFC 1423 padding scheme: Each padding byte is set to the number of padding bytes. If the data is already a multiple of algorithm's block size bytes, an extra block is appended each having a value equal to the block size. (for example, if the algorithm's block size is 16, then 16 bytes having the value 0x10 are added.). (This is also known as PKCS5 padding: PKCS #5 padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added. )

1 = FIPS81 (Federal Information Processing Standards 81) where the last byte contains the number of padding bytes, including itself, and the other padding bytes are set to random values.

2 = Each padding byte is set to a random value. The decryptor must know how many bytes are in the original unencrypted data.

3 = Pad with NULLs. (If already a multiple of the algorithm's block size, no padding is added).

4 = Pad with SPACE chars(0x20). (If already a multiple of algorithm's block size, no padding is added).

More Information and Examples
top
PbesAlgorithm
procedure CkCrypt2_getPbesAlgorithm(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putPbesAlgorithm(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__pbesAlgorithm(objHandle: HCkCrypt2): PWideChar; stdcall;

If the CryptAlgorithm property is set to "pbes1" or "pbes2", this property specifies the underlying encryption algorithm to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

See the notes about PWideChar memory ownership and validity.

top
PbesPassword
procedure CkCrypt2_getPbesPassword(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putPbesPassword(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__pbesPassword(objHandle: HCkCrypt2): PWideChar; stdcall;

The password to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

See the notes about PWideChar memory ownership and validity.

top
Pkcs7CryptAlg
procedure CkCrypt2_getPkcs7CryptAlg(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putPkcs7CryptAlg(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__pkcs7CryptAlg(objHandle: HCkCrypt2): PWideChar; stdcall;

When the CryptAlgorithm property is "PKI" to select PKCS7 public-key encryption, this selects the underlying symmetric encryption algorithm. Possible values are: "aes", "des", "3des", and "rc2". The default value is "aes".

See the notes about PWideChar memory ownership and validity.

top
Rc2EffectiveKeyLength
function CkCrypt2_getRc2EffectiveKeyLength(objHandle: HCkCrypt2): Integer; stdcall;
procedure CkCrypt2_putRc2EffectiveKeyLength(objHandle: HCkCrypt2; newPropVal: Integer); stdcall;

The effective key length (in bits) for the RC2 encryption algorithm. When RC2 is used, both the KeyLength and Rc2EffectiveKeyLength properties should be set. For RC2, both should be between 8 and 1024 (inclusive).

The default value is 128

top
Salt
procedure CkCrypt2_getSalt(objHandle: HCkCrypt2; outPropVal: HCkByteData); stdcall;
procedure CkCrypt2_putSalt(objHandle: HCkCrypt2; newPropVal: HCkByteData); stdcall;

The salt to be used with password-based encryption (PBE). Password-based encryption is defined in the PKCS5 Password-Based Cryptography Standard at http://www.rsa.com/rsalabs/node.asp?id=2127

To clarify: This property is used in encryption when the CryptAlgorithm is set to "pbes1" or "pbes2". Also note that it is not used by the Pbkdf1 or Pbkdf2 methods, as the salt is passed in an argument to those methods.

top
SecretKey
procedure CkCrypt2_getSecretKey(objHandle: HCkCrypt2; outPropVal: HCkByteData); stdcall;
procedure CkCrypt2_putSecretKey(objHandle: HCkCrypt2; newPropVal: HCkByteData); stdcall;

The binary secret key used for symmetric encryption (Aes, Blowfish, Twofish, ChaCha20, ARC4, 3DES, RC2, etc.). The secret key must be identical for decryption to succeed. The length in bytes of the SecretKey must equal the KeyLength/8.

More Information and Examples
top
SigningAlg
procedure CkCrypt2_getSigningAlg(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putSigningAlg(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__signingAlg(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.67

This property selects the signature algorithm for the OpaqueSign*, Sign*, and CreateDetachedSignature, CreateP7M, and CreateP7S methods. The default value is "PKCS1-v1_5". This can be set to "RSASSA-PSS" (or simply "pss") to use the RSASSA-PSS signature scheme.

Note: This property only applies when the private key is an RSA private key. It does not apply for ECC or DSA private keys.

See the notes about PWideChar memory ownership and validity.

top
SigningAttributes
procedure CkCrypt2_getSigningAttributes(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putSigningAttributes(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__signingAttributes(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.75

Contains JSON to specify the authenticated (signed) attributes or unauthenticated (unsigned) attributes that are to be included in CMS signatures. The default value is:

{
    "contentType": 1,
    "signingTime": 1,
    "messageDigest": 1
}

Other possible values that can be added are:

  • signingCertificateV2
  • signingCertificate
  • sMIMECapabilities
  • microsoftRecipientInfo
  • encrypKeyPref
  • cmsAlgorithmProtection
Contact Chilkat ([email protected]) about other signed/unsigned attributes that may be needed for CAdES signatures.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
UncommonOptions
procedure CkCrypt2_getUncommonOptions(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putUncommonOptions(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__uncommonOptions(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.83

This is a catch-all property to be used for uncommon needs. This property defaults to the empty string and should typically remain empty.

Can be set to a list of the following comma separated keywords:

  • "UseConstructedOctets" - Introduced in v9.5.0.83. When creating opaque CMS signatures (signatures that embed the data being signed), will use the "constructed octets" form of the ASN.1 that holds the data. This is to satify some validators that are brittle/fragile/picky and require a particular format, such as for the ICP-Brazil Digital Signature Standard.

See the notes about PWideChar memory ownership and validity.

top
UuFilename
procedure CkCrypt2_getUuFilename(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putUuFilename(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__uuFilename(objHandle: HCkCrypt2): PWideChar; stdcall;

When UU encoding, this is the filename to be embedded in UU encoded output. The default is "file.dat". When UU decoding, this is the filename found in the UU encoded input.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
UuMode
procedure CkCrypt2_getUuMode(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
procedure CkCrypt2_putUuMode(objHandle: HCkCrypt2; newPropVal: PWideChar); stdcall;
function CkCrypt2__uuMode(objHandle: HCkCrypt2): PWideChar; stdcall;

When UU encoding, this is the file permissions mode to be embedded in UU encoded output. The default is "644". When UU decoding, this property is set to the mode found in the UU encoded input.

See the notes about PWideChar memory ownership and validity.

top
VerboseLogging
function CkCrypt2_getVerboseLogging(objHandle: HCkCrypt2): wordbool; stdcall;
procedure CkCrypt2_putVerboseLogging(objHandle: HCkCrypt2; newPropVal: wordbool); stdcall;

If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

top
Version
procedure CkCrypt2_getVersion(objHandle: HCkCrypt2; outPropVal: HCkString); stdcall;
function CkCrypt2__version(objHandle: HCkCrypt2): PWideChar; stdcall;

Version of the component/library, such as "9.5.0.94"

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top

Methods

AddEncryptCert
procedure CkCrypt2_AddEncryptCert(objHandle: HCkCrypt2;
    cert: HCkCert) stdcall;

Adds a certificate to be used for public-key encryption. (To use public-key encryption with digital certificates, set the CryptAlgorithm property = "pki".) To encrypt with more than one certificate , call AddEncryptCert once per certificate.

top
AddPfxSourceData
function CkCrypt2_AddPfxSourceData(objHandle: HCkCrypt2;
    pfxBytes: HCkByteData;
    pfxPassword: PWideChar): wordbool; stdcall;

Adds a PFX to the object's internal list of sources to be searched for certificates and private keys when decrypting. Multiple PFX sources can be added by calling this method once for each. (On the Windows operating system, the registry-based certificate stores are also automatically searched, so it is commonly not required to explicitly add PFX sources.)

The pfxBytes contains the bytes of a PFX file (also known as PKCS12 or .p12).

Returns True for success, False for failure.

top
AddPfxSourceFile
function CkCrypt2_AddPfxSourceFile(objHandle: HCkCrypt2;
    pfxFilePath: PWideChar;
    pfxPassword: PWideChar): wordbool; stdcall;

Adds a PFX file to the object's internal list of sources to be searched for certificates and private keys when decrypting. Multiple PFX files can be added by calling this method once for each. (On the Windows operating system, the registry-based certificate stores are also automatically searched, so it is commonly not required to explicitly add PFX sources.)

The pfxFilePath contains the bytes of a PFX file (also known as PKCS12 or .p12).

Returns True for success, False for failure.

top
AddSigningCert
function CkCrypt2_AddSigningCert(objHandle: HCkCrypt2;
    cert: HCkCert): wordbool; stdcall;
Introduced in version 9.5.0.83

Adds a certificate to be used for signing. To sign with more than one certificate, call AddSigningCert once per certificate.

Note: This method was added in v9.5.0.83. The SetSigningCert and SetSigningCert2 methods are used to set the signing certificate for signatures with one signer.

Returns True for success, False for failure.

top
AesKeyUnwrap
function CkCrypt2_AesKeyUnwrap(objHandle: HCkCrypt2;
    kek: PWideChar;
    wrappedKeyData: PWideChar;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__aesKeyUnwrap(objHandle: HCkCrypt2;
    kek: PWideChar;
    wrappedKeyData: PWideChar;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.66

Implements the AES Key Wrap Algorithm (RFC 3394) for unwrapping. The kek is the Key Encryption Key (the AES key used to unwrap the wrappedKeyData). The arguments and return value are binary encoded strings using the encoding specified by encoding (which can be "base64", "hex", "base64url", etc.) The full list of supported encodings is available at the link below.

The kek should be an AES key of 16 bytes, 24 bytes, or 32 bytes (i.e. 128-bits, 192- bits, or 256-bits). For example, if passed as a hex string, then the kek should be 32 chars in length, 48 chars, or 64 chars (because each byte is represented as 2 chars in hex).

The wrappedKeyData contains the data to be unwrapped. The result, if decoded, is 8 bytes less than the wrapped key data. For example, if a 256-bit AES key (32 bytes) is wrapped, the size of the wrapped key data is 40 bytes. Unwrapping restores it to the original 32 bytes.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
AesKeyUnwrapWithPadding
function CkCrypt2_AesKeyUnwrapWithPadding(objHandle: HCkCrypt2;
    kek: PWideChar;
    wrappedKeyData: PWideChar;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__aesKeyUnwrapWithPadding(objHandle: HCkCrypt2;
    kek: PWideChar;
    wrappedKeyData: PWideChar;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.96

Implements the AES Key Wrap with Padding Algorithm (RFC 5649) for unwrapping. The kek is the Key Encryption Key (the AES key used to unwrap the wrappedKeyData). The arguments and return value are binary encoded strings using the encoding specified by encoding (which can be "base64", "hex", "base64url", etc.)

The kek should be an AES key of 16 bytes, 24 bytes, or 32 bytes (i.e. 128-bits, 192- bits, or 256-bits). For example, if passed as a hex string, then the kek should be 32 chars in length, 48 chars, or 64 chars (because each byte is represented as 2 chars in hex).

The wrappedKeyData contains the data to be unwrapped.

The unwrapped key is returned as an encoded string (using the encoding specified in encoding).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
AesKeyWrap
function CkCrypt2_AesKeyWrap(objHandle: HCkCrypt2;
    kek: PWideChar;
    keyData: PWideChar;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__aesKeyWrap(objHandle: HCkCrypt2;
    kek: PWideChar;
    keyData: PWideChar;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.66

Implements the AES Key Wrap Algorithm (RFC 3394). The kek is the Key Encryption Key (the AES key used to encrypt the keyData). The arguments and return value are binary encoded strings using the encoding specified by encoding (which can be "base64", "hex", "base64url", etc.) The full list of supported encodings is available at the link below.

The kek should be an AES key of 16 bytes, 24 bytes, or 32 bytes (i.e. 128-bits, 192- bits, or 256-bits). For example, if passed as a hex string, then the kek should be 32 chars in length, 48 chars, or 64 chars (because each byte is represented as 2 chars in hex).

The keyData contains the data to be key wrapped. It must be a multiple of 64-bits in length. In other words, if the keyData is decoded to binary, it should be a number of bytes that is a multiple of 8.

The return string, if decoded to binary bytes, is equal to the size of the key data + 8 additional bytes.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
AesKeyWrapWithPadding
function CkCrypt2_AesKeyWrapWithPadding(objHandle: HCkCrypt2;
    kek: PWideChar;
    keyData: PWideChar;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__aesKeyWrapWithPadding(objHandle: HCkCrypt2;
    kek: PWideChar;
    keyData: PWideChar;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.96

Implements the AES Key Wrap with Padding Algorithm (RFC 5649). The kek is the Key Encryption Key (the AES key used to encrypt the keyData). The arguments and return value are binary encoded strings using the encoding specified by encoding (which can be "base64", "hex", "base64url", etc.)

The kek should be an AES key of 16 bytes, 24 bytes, or 32 bytes (i.e. 128-bits, 192- bits, or 256-bits). For example, if passed as a hex string, then the kek should be 32 chars in length, 48 chars, or 64 chars (because each byte is represented as 2 chars in hex).

The keyData contains the data to be key wrapped.

Returns the wrapped key using the encoding specified in encoding.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
BCryptHash
function CkCrypt2_BCryptHash(objHandle: HCkCrypt2;
    password: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__bCryptHash(objHandle: HCkCrypt2;
    password: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.65

Computes and returns a bcrypt hash of the password. The number of rounds of hashing is determined by the BCryptWorkFactor property.

Starting in v9.5.0.76, if the password is prefixed with "$2b$" then the output will use the $2b version of bcrypt. For example, to create a "$2b$" bcrypt has for the password "secret", pass in the string "$2b$secret" for password.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
BCryptVerify
function CkCrypt2_BCryptVerify(objHandle: HCkCrypt2;
    password: PWideChar;
    bcryptHash: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.65

Verifies the password against a previously computed BCrypt hash. Returns True if the password matches the bcryptHash. Returns False if the password does not match.

Returns True for success, False for failure.

top
BytesToString
function CkCrypt2_BytesToString(objHandle: HCkCrypt2;
    inData: HCkByteData;
    charset: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__bytesToString(objHandle: HCkCrypt2;
    inData: HCkByteData;
    charset: PWideChar): PWideChar; stdcall;

Utility method to convert bytes to a string -- interpreting the bytes according to the charset specified.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
ByteSwap4321
function CkCrypt2_ByteSwap4321(objHandle: HCkCrypt2;
    data: HCkByteData;
    outBytes: HCkByteData): wordbool; stdcall;

Convenience method for byte swapping between little-endian byte ordering and big-endian byte ordering.

Returns True for success, False for failure.

top
CkDecryptFile
function CkCrypt2_CkDecryptFile(objHandle: HCkCrypt2;
    srcFile: PWideChar;
    destFile: PWideChar): wordbool; stdcall;

File-to-file decryption. There is no limit to the size of the file that can be decrypted because the component will operate in streaming mode internally.

Returns True for success, False for failure.

More Information and Examples
top
CkDecryptFileAsync (1)
function CkCrypt2_CkDecryptFileAsync(objHandle: HCkCrypt2;
    srcFile: PWideChar;
    destFile: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the CkDecryptFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
CkEncryptFile
function CkCrypt2_CkEncryptFile(objHandle: HCkCrypt2;
    srcFile: PWideChar;
    destFile: PWideChar): wordbool; stdcall;

File-to-file encryption. There is no limit to the size of the file that can be encrypted because the component will operate in streaming mode internally.

Returns True for success, False for failure.

top
CkEncryptFileAsync (1)
function CkCrypt2_CkEncryptFileAsync(objHandle: HCkCrypt2;
    srcFile: PWideChar;
    destFile: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the CkEncryptFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
ClearEncryptCerts
procedure CkCrypt2_ClearEncryptCerts(objHandle: HCkCrypt2) stdcall;

Clears the internal list of digital certificates to be used for public-key encryption.

top
ClearSigningCerts
procedure CkCrypt2_ClearSigningCerts(objHandle: HCkCrypt2) stdcall;
Introduced in version 9.5.0.83

Clears the set of certificates to be used in signing.

Returns True for success, False for failure.

top
CompressBytes
function CkCrypt2_CompressBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Bzip2 compresses a byte array and returns the compressed bytes.

This is a legacy method that should not be used in new development. It will not be marked as deprecated or removed from future APIs because existing applications may have data already compressed using this method.

The output of this method includes an 8-byte header composed of a 4-byte magic number (0xB394A7E1) and the 4-byte length of the uncompressed data.

Returns True for success, False for failure.

top
CompressBytesENC
function CkCrypt2_CompressBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__compressBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

Same as CompressBytes, except an encoded string is returned. The output encoding is specified by the EncodingMode property.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
CompressString
function CkCrypt2_CompressString(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Compresses a string and returns the compressed bytes. Prior to compressing, the string is converted to a byte representation such as utf-8, utf-16, etc. as determined by the Charset property. Otherwise, this method is the same as the CompressBytes method.

Returns True for success, False for failure.

top
CompressStringENC
function CkCrypt2_CompressStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__compressStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

Compresses a string and returns the encoded compressed bytes. Prior to compressing, the string is converted to a byte representation such as utf-8, utf-16, etc. as determined by the Charset property. The output encoding is specified by the EncodingMode property. Otherwise, this method is the same as the CompressBytes method.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
CoSign
function CkCrypt2_CoSign(objHandle: HCkCrypt2;
    bdIn: HCkBinData;
    cert: HCkCert;
    bdOut: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.89

Co-sign's an existing CMS signature. bdIn contains the existing CMS signature. If successful, cert is the output co-signed CMS signature.

Returns True for success, False for failure.

More Information and Examples
top
CrcBytes
function CkCrypt2_CrcBytes(objHandle: HCkCrypt2;
    crcAlg: PWideChar;
    byteData: HCkByteData): LongWord; stdcall;
Introduced in version 9.5.0.38

Calculates a CRC for in-memory byte data. To compute the CRC used in the Zip file format, pass "CRC-32" (or CRC32, case insensitive) for the crcAlg. (The crcAlg argument provides the flexibility to add additional CRC algorithms on an as-needed basis in the future.)

Starting in v9.5.0.88, crc8 can be computed by passing "CRC8" in crcAlg.

top
CrcFile
function CkCrypt2_CrcFile(objHandle: HCkCrypt2;
    crcAlg: PWideChar;
    path: PWideChar): LongWord; stdcall;
Introduced in version 9.5.0.38

Calculates a CRC for the contents of a file. To compute the CRC used in the Zip file format, pass "CRC-32" for the crcAlg. (The crcAlg argument provides the flexibility to add additional CRC algorithms on an as-needed basis in the future.) A value of 0 is returned if the file is unable to be read. Given that there is a 1 in 4 billion chance of having an actual CRC of 0, an application might choose to react to a 0 return value by testing to see if the file can be opened and read.

Starting in v9.5.0.88, crc8 can be computed by passing "CRC8" in crcAlg.

top
CrcFileAsync (1)
function CkCrypt2_CrcFileAsync(objHandle: HCkCrypt2;
    crcAlg: PWideChar;
    path: PWideChar): HCkTask; stdcall;
Introduced in version 9.5.0.38

Creates an asynchronous task to call the CrcFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
CreateDetachedSignature
function CkCrypt2_CreateDetachedSignature(objHandle: HCkCrypt2;
    inFilePath: PWideChar;
    sigFilePath: PWideChar): wordbool; stdcall;

Digitally signs a file and writes the digital signature to a separate output file (a PKCS#7 signature file). The input file (inFilePath) is unmodified. A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.

This method is equivalent to CreateP7S. The CreateP7S method was added to clarify the format of the signature file that is created.

Returns True for success, False for failure.

top
CreateP7M
function CkCrypt2_CreateP7M(objHandle: HCkCrypt2;
    inFilename: PWideChar;
    p7mPath: PWideChar): wordbool; stdcall;

Digitally signs a file and creates a .p7m (PKCS #7 Message) file that contains both the signature and original file content. The input file (inFilename) is unmodified. A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.

To sign with a particular hash algorithm, set the HashAlgorithm property. Valid hash algorithms for signing are "sha256", "sha1", "sha384", "sha512", "md5", and "md2".

Note: The CreateP7M method creates an opaque signature. To do the same thing entirely in memory, your application would call any of the OpaqueSign* methods, such as OpaqueSignBd, OpaqueSignString, OpaqueSignStringENC, etc.

Returns True for success, False for failure.

top
CreateP7MAsync (1)
function CkCrypt2_CreateP7MAsync(objHandle: HCkCrypt2;
    inFilename: PWideChar;
    p7mPath: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the CreateP7M method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
CreateP7S
function CkCrypt2_CreateP7S(objHandle: HCkCrypt2;
    inFilename: PWideChar;
    p7sPath: PWideChar): wordbool; stdcall;

Digitally signs a file and creates a .p7s (PKCS #7 Signature) signature file. The input file (inFilename) is unmodified. The output file (p7sPath) contains only the signature and not the original data. A certificate for signing must be specified by calling SetSigningCert or SetSigningCert2 prior to calling this method.

To sign with a particular hash algorithm, set the HashAlgorithm property. Valid hash algorithms for signing are "sha256", "sha1", "sha384", "sha512", "md5", and "md2".

Note: The CreateP7S method creates a detached signature. To do the same thing entirely in memory, your application would call any of the Sign* methods, such as SignBdENC, SignString, SignStringENC, SignSbENC, etc.

Returns True for success, False for failure.

More Information and Examples
top
CreateP7SAsync (1)
function CkCrypt2_CreateP7SAsync(objHandle: HCkCrypt2;
    inFilename: PWideChar;
    p7sPath: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the CreateP7S method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
Decode
function CkCrypt2_Decode(objHandle: HCkCrypt2;
    str: PWideChar;
    encoding: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Decode binary data from an encoded string. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

Returns True for success, False for failure.

top
DecodeString
function CkCrypt2_DecodeString(objHandle: HCkCrypt2;
    inStr: PWideChar;
    charset: PWideChar;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__decodeString(objHandle: HCkCrypt2;
    inStr: PWideChar;
    charset: PWideChar;
    encoding: PWideChar): PWideChar; stdcall;

Decodes from an encoding back to the original string. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
DecryptBd
function CkCrypt2_DecryptBd(objHandle: HCkCrypt2;
    bd: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.67

In-place decrypts the contents of bd. The minimal set of properties that should be set before decrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV.

Returns True for success, False for failure.

top
DecryptBytes
function CkCrypt2_DecryptBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Decrypts a byte array and returns the unencrypted byte array. The property settings used when encrypting the data must match the settings when decrypting. Specifically, the CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns True for success, False for failure.

top
DecryptBytes2
function CkCrypt2_DecryptBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as DecryptBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
DecryptBytesENC
function CkCrypt2_DecryptBytesENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Decrypts string-encoded encrypted data and returns the unencrypted byte array. Data encrypted with EncryptBytesENC can be decrypted with this method. The property settings used when encrypting the data must match the settings when decrypting. Specifically, the EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns True for success, False for failure.

More Information and Examples
top
DecryptEncoded
function CkCrypt2_DecryptEncoded(objHandle: HCkCrypt2;
    encodedEncryptedData: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__decryptEncoded(objHandle: HCkCrypt2;
    encodedEncryptedData: PWideChar): PWideChar; stdcall;

Encrypted data is passed to this method as an encoded string (base64, hex, etc.). This method first decodes the input data according to the EncodingMode property setting. It then decrypts and re-encodes using the EncodingMode setting, and returns the decrypted data in encoded string form.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
DecryptSb
function CkCrypt2_DecryptSb(objHandle: HCkCrypt2;
    bdIn: HCkBinData;
    sbOut: HCkStringBuilder): wordbool; stdcall;
Introduced in version 9.5.0.67

Decrypts the contents of bdIn to sbOut. The decrypted string is appended to sbOut. The minimal set of properties that should be set before ecrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV.

Returns True for success, False for failure.

More Information and Examples
top
DecryptSecureENC
function CkCrypt2_DecryptSecureENC(objHandle: HCkCrypt2;
    cipherText: PWideChar;
    secureStr: HCkSecureString): wordbool; stdcall;
Introduced in version 9.5.0.71

Identical to DecryptStringENC, except the decrypts the cipherText and appends the decrypted string to the secureStr.

Returns True for success, False for failure.

More Information and Examples
top
DecryptStream
function CkCrypt2_DecryptStream(objHandle: HCkCrypt2;
    strm: HCkStream): wordbool; stdcall;
Introduced in version 9.5.0.56

Decrypts a stream. Internally, the strm's source is read, decrypted, and the decrypted data written to the strm's sink. It does this in streaming fashion. Extremely large or even infinite streams can be decrypted with stable ungrowing memory usage.

Returns True for success, False for failure.

top
DecryptStreamAsync (1)
function CkCrypt2_DecryptStreamAsync(objHandle: HCkCrypt2;
    strm: HCkStream): HCkTask; stdcall;
Introduced in version 9.5.0.56

Creates an asynchronous task to call the DecryptStream method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
DecryptString
function CkCrypt2_DecryptString(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__decryptString(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

The reverse of EncryptString.

Decrypts encrypted byte data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
DecryptStringENC
function CkCrypt2_DecryptStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__decryptStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

The reverse of EncryptStringENC.

Decrypts string-encoded encrypted data and returns the original string. The property settings used when encrypting the string must match the settings when decrypting. Specifically, the Charset, EncodingMode, CryptAlgorithm, CipherMode, PaddingScheme, KeyLength, IV, and SecretKey properties must match.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
Encode
function CkCrypt2_Encode(objHandle: HCkCrypt2;
    byteData: HCkByteData;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encode(objHandle: HCkCrypt2;
    byteData: HCkByteData;
    encoding: PWideChar): PWideChar; stdcall;

Encode binary data to base64, hex, quoted-printable, or URL-encoding. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable" (or "qp"), "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
EncodeBytes
function CkCrypt2_EncodeBytes(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encodeBytes(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    encoding: PWideChar): PWideChar; stdcall;

Encode binary data to base64, hex, quoted-printable, or URL-encoding. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding).

The pByteData points to the bytes to be encoded. The szByteData specifies the number of bytes to encode.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncodeInt
function CkCrypt2_EncodeInt(objHandle: HCkCrypt2;
    value: Integer;
    numBytes: Integer;
    littleEndian: wordbool;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encodeInt(objHandle: HCkCrypt2;
    value: Integer;
    numBytes: Integer;
    littleEndian: wordbool;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.77

Encodes an integer to N bytes and returns in the specified encoding. If littleEndian is True, then little endian byte ordering is used. Otherwise big-endian byte order is used.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncodeString
function CkCrypt2_EncodeString(objHandle: HCkCrypt2;
    strToEncode: PWideChar;
    charsetName: PWideChar;
    toEncodingName: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encodeString(objHandle: HCkCrypt2;
    strToEncode: PWideChar;
    charsetName: PWideChar;
    toEncodingName: PWideChar): PWideChar; stdcall;

Encodes a string. The toEncodingName can be set to any of the following strings: "base64", "hex", "quoted-printable", "url", "base32", "Q", "B", "url_rc1738", "url_rfc2396", "url_rfc3986", "url_oauth", "uu", "modBase64", or "html" (for HTML entity encoding). The charsetName is important, and usually you'll want to specify "ansi". For example, if the string "ABC" is to be encoded to "hex" using ANSI, the result will be "414243". However, if "unicode" is used, the result is "410042004300".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncryptBd
function CkCrypt2_EncryptBd(objHandle: HCkCrypt2;
    bd: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.67

In-place encrypts the contents of bd. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise the result is garbled data.

Returns True for success, False for failure.

top
EncryptBytes
function CkCrypt2_EncryptBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Encrypts a byte array. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned.

Returns True for success, False for failure.

top
EncryptBytes2
function CkCrypt2_EncryptBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as EncryptBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
EncryptBytesENC
function CkCrypt2_EncryptBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encryptBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

Encrypts a byte array and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The encoding of the string that is returned is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncryptEncoded
function CkCrypt2_EncryptEncoded(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encryptEncoded(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

The input string is first decoded according to the encoding algorithm specified by the EncodingMode property (such as base64, hex, etc.) It is then encrypted according to the encryption algorithm specified by CryptAlgorithm. The resulting encrypted data is encoded (using EncodingMode) and returned.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncryptSb
function CkCrypt2_EncryptSb(objHandle: HCkCrypt2;
    sbIn: HCkStringBuilder;
    bdOut: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.67

Encrypts the contents of sbIn to bdOut. The minimal set of properties that should be set before ecrypting are: CryptAlgorithm, SecretKey. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV.

Returns True for success, False for failure.

More Information and Examples
top
EncryptSecureENC
function CkCrypt2_EncryptSecureENC(objHandle: HCkCrypt2;
    secureStr: HCkSecureString;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encryptSecureENC(objHandle: HCkCrypt2;
    secureStr: HCkSecureString): PWideChar; stdcall;
Introduced in version 9.5.0.71

Identical to EncryptStringENC, except the clear-text contained within the secureStr is encrypted and returned.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
EncryptStream
function CkCrypt2_EncryptStream(objHandle: HCkCrypt2;
    strm: HCkStream): wordbool; stdcall;
Introduced in version 9.5.0.56

Encrypts a stream. Internally, the strm's source is read, encrypted, and the encrypted data written to the strm's sink. It does this in streaming fashion. Extremely large or even infinite streams can be encrypted with stable ungrowing memory usage.

Returns True for success, False for failure.

More Information and Examples
top
EncryptStreamAsync (1)
function CkCrypt2_EncryptStreamAsync(objHandle: HCkCrypt2;
    strm: HCkStream): HCkTask; stdcall;
Introduced in version 9.5.0.56

Creates an asynchronous task to call the EncryptStream method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
EncryptString
function CkCrypt2_EncryptString(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Encrypts a string and returns the encrypted data as a byte array. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting, all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. The complete list of possible charsets is listed here:

<font size="2" face="MS Sans Serif">
us-ascii
unicode
unicodefffe
iso-8859-1
iso-8859-2
iso-8859-3
iso-8859-4
iso-8859-5
iso-8859-6
iso-8859-7
iso-8859-8
iso-8859-9
iso-8859-13
iso-8859-15
windows-874
windows-1250
windows-1251
windows-1252
windows-1253
windows-1254
windows-1255
windows-1256
windows-1257
windows-1258
utf-7
utf-8
utf-32
utf-32be
shift_jis
gb2312
ks_c_5601-1987
big5
iso-2022-jp
iso-2022-kr
euc-jp
euc-kr
macintosh
x-mac-japanese
x-mac-chinesetrad
x-mac-korean
x-mac-arabic
x-mac-hebrew
x-mac-greek
x-mac-cyrillic
x-mac-chinesesimp
x-mac-romanian
x-mac-ukrainian
x-mac-thai
x-mac-ce
x-mac-icelandic
x-mac-turkish
x-mac-croatian
asmo-708
dos-720
dos-862
ibm037
ibm437
ibm500
ibm737
ibm775
ibm850
ibm852
ibm855
ibm857
ibm00858
ibm860
ibm861
ibm863
ibm864
ibm865
cp866
ibm869
ibm870
cp875
koi8-r
koi8-u
</font>

Returns True for success, False for failure.

More Information and Examples
top
EncryptStringENC
function CkCrypt2_EncryptStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__encryptStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

Encrypts a string and returns the encrypted data as an encoded (printable) string. The minimal set of properties that should be set before encrypting are: CryptAlgorithm, SecretKey, Charset, and EncodingMode. Other properties that control encryption are: CipherMode, PaddingScheme, KeyLength, IV. When decrypting (with DecryptStringENC), all property settings must match otherwise garbled data is returned. The Charset property controls the exact bytes that get encrypted. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings, thus the input string is Unicode. If Unicode is to be encrypted (i.e. 2 bytes per character) then set the Charset property to "Unicode". To implicitly convert the string to another charset before the encryption is applied, set the Charset property to something else, such as "iso-8859-1", "Shift_JIS", "big5", "windows-1252", etc. (Refer to EncryptString for the complete list of charsets.)

The EncodingMode property controls the encoding of the string that is returned. It can be set to "Base64", "QP", or "Hex".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
GenEncodedSecretKey
function CkCrypt2_GenEncodedSecretKey(objHandle: HCkCrypt2;
    password: PWideChar;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__genEncodedSecretKey(objHandle: HCkCrypt2;
    password: PWideChar;
    encoding: PWideChar): PWideChar; stdcall;

Important: In the v9.5.0.49 release, a bug involving this method was introduced: The encoding is ignored and instead the encoding used is the current value of the EncodingMode property. The workaround is to make sure the EncodingMode property is set to the value of the desired output encoding. This problem will be fixed in v9.5.0.50.

Identical to the GenerateSecretKey method, except it returns the binary secret key as a string encoded according to encoding, which may be "base64", "hex", "url", etc. Please see the documentation for GenerateSecretKey for more information.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
GenerateSecretKey
function CkCrypt2_GenerateSecretKey(objHandle: HCkCrypt2;
    password: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Hashes a string to a byte array that has the same number of bits as the current value of the KeyLength property. For example, if KeyLength is equal to 128 bits, then a 16-byte array is returned. This can be used to set the SecretKey property. In order to decrypt, the SecretKey must match exactly. To use "password-based" encryption, the password is passed to this method to generate a binary secret key that can then be assigned to the SecretKey property.

IMPORTANT: If you are trying to decrypt something encrypted by another party such that the other party provided you with the secret key, DO NOT use this method. This method is for transforming an arbitrary-length password into a binary secret key of the proper length. Please see this Chilkat blog post: Getting Started with AES Decryption

Returns True for success, False for failure.

top
GenerateUuid
function CkCrypt2_GenerateUuid(objHandle: HCkCrypt2;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__generateUuid(objHandle: HCkCrypt2): PWideChar; stdcall;
Introduced in version 9.5.0.55

Generates a random UUID string having standard UUID format, such as "de305d54-75b4-431b-adb2-eb6b9e546014".

Note: This generates a "version 4 UUID" using random byte values. See RFC 4122.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
GenRandomBytesENC
function CkCrypt2_GenRandomBytesENC(objHandle: HCkCrypt2;
    numBytes: Integer;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__genRandomBytesENC(objHandle: HCkCrypt2;
    numBytes: Integer): PWideChar; stdcall;

Generates numBytes random bytes and returns them as an encoded string. The encoding, such as base64, hex, etc. is controlled by the EncodingMode property.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
GetDecryptCert
function CkCrypt2_GetDecryptCert(objHandle: HCkCrypt2): HCkCert; stdcall;
Introduced in version 9.5.0.46

Returns the last certificate used for public-key decryption.

Returns nil on failure

top
GetEncodedAad
function CkCrypt2_GetEncodedAad(objHandle: HCkCrypt2;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__getEncodedAad(objHandle: HCkCrypt2;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.55

Returns the authenticated additional data as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

The Aad is used when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
GetEncodedAuthTag
function CkCrypt2_GetEncodedAuthTag(objHandle: HCkCrypt2;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__getEncodedAuthTag(objHandle: HCkCrypt2;
    encoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.55

Returns the authentication tag as an encoded string. The encoding argument may be set to any of the following strings: "base64", "hex", "quoted-printable", or "url". The authentication tag is an output of authenticated encryption modes such as GCM when encrypting. When GCM mode decrypting, the authenticate tag is set by the application and is the expected result.

The authenticated tag plays a role when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric block ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
GetEncodedIV
function CkCrypt2_GetEncodedIV(objHandle: HCkCrypt2;
    encoding: PWideChar;
    outIV: HCkString): wordbool; stdcall;
function CkCrypt2__getEncodedIV(objHandle: HCkCrypt2;
    encoding: PWideChar): PWideChar; stdcall;

Returns the initialization vector as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
GetEncodedKey
function CkCrypt2_GetEncodedKey(objHandle: HCkCrypt2;
    encoding: PWideChar;
    outKey: HCkString): wordbool; stdcall;
function CkCrypt2__getEncodedKey(objHandle: HCkCrypt2;
    encoding: PWideChar): PWideChar; stdcall;

Returns the secret key as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
GetEncodedSalt
function CkCrypt2_GetEncodedSalt(objHandle: HCkCrypt2;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__getEncodedSalt(objHandle: HCkCrypt2;
    encoding: PWideChar): PWideChar; stdcall;

Returns the password-based encryption (PBE) salt bytes as an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
GetLastCert
function CkCrypt2_GetLastCert(objHandle: HCkCrypt2): HCkCert; stdcall;

Returns the last certificate used when verifying a signature. This method is deprecated. Applications should instead call GetSignerCert with an index of 0.

Returns nil on failure

top
GetSignatureSigningTimeStr
function CkCrypt2_GetSignatureSigningTimeStr(objHandle: HCkCrypt2;
    index: Integer;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__getSignatureSigningTimeStr(objHandle: HCkCrypt2;
    index: Integer): PWideChar; stdcall;

This method retrieves the signing time of the Nth certificate used in a digital signature, after verification. The first certificate's signing time is at index index 0. The NumSignerCerts property indicates the total number of signing certificates (typically, only one is used).

Note: Before retrieving the signing time for a certificate, use the HasSignatureSigningTime method to check its availability. Skip indices without a signing time.

The signing time is returned in RFC822 string format.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
GetSignedAttributes
function CkCrypt2_GetSignedAttributes(objHandle: HCkCrypt2;
    signerIndex: Integer;
    pkcs7Der: HCkBinData;
    sbJson: HCkStringBuilder): wordbool; stdcall;
Introduced in version 9.5.0.75

Extracts the signed (authenticated) attributes for the Nth signer. In most cases, a signature has only one signer, and the signerIndex should equal 0 to specify the 1st (and only) signer.

The binary PKCS7 is passed in pkcs7Der. On success, the sbJson will contain the signed attributes in JSON format.

Sample JSON output:

{
  "signedAttributes": [
    {
      "oid": "1.2.840.113549.1.9.3",
      "name": "Content Type"
    },
    {
      "oid": "1.2.840.113549.1.9.5",
      "name": "Signing Time"
    },
    {
      "oid": "1.2.840.113549.1.9.4",
      "name": "Message Digest"
    },
    {
      "oid": "1.2.840.113549.1.9.16.2.47",
      "name": "Signing Certificate V2"
    }
  ]
}

Returns True for success, False for failure.

top
GetSignerCert
function CkCrypt2_GetSignerCert(objHandle: HCkCrypt2;
    index: Integer): HCkCert; stdcall;

Gets the Nth certificate used for signing. This method can be called after verifying a digital signature to get the signer certs. The 1st certificate is at index 0. The NumSignerCerts property contains the total number of signing certificates. (Typically, a single certificate is used in creating a digital signature.)

Returns nil on failure

top
GetSignerCertChain
function CkCrypt2_GetSignerCertChain(objHandle: HCkCrypt2;
    index: Integer): HCkCertChain; stdcall;
Introduced in version 9.5.0.40

Returns the full certificate chain for the Nth certificate used to for signing. Indexing begins at 0.

Returns nil on failure

top
HashBdENC
function CkCrypt2_HashBdENC(objHandle: HCkCrypt2;
    bd: HCkBinData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__hashBdENC(objHandle: HCkCrypt2;
    bd: HCkBinData): PWideChar; stdcall;
Introduced in version 9.5.0.66

Hashes the the bytes contained in bd and returns the hash as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
HashBeginBytes
function CkCrypt2_HashBeginBytes(objHandle: HCkCrypt2;
    data: HCkByteData): wordbool; stdcall;

Begin hashing a byte stream. Call this method to hash the 1st chunk. Additional chunks are hashed by calling HashMoreBytes 0 or more times followed by a final call to HashFinal (or HashFinalENC) to retrieve the result. The hash algorithm is selected by the HashAlgorithm property setting.

Returns True for success, False for failure.

top
HashBeginBytes2
function CkCrypt2_HashBeginBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as HashBeginBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
HashBeginString
function CkCrypt2_HashBeginString(objHandle: HCkCrypt2;
    strData: PWideChar): wordbool; stdcall;

Begin hashing a text stream. Call this method to hash the 1st chunk. Additional chunks are hashed by calling HashMoreString 0 or more times followed by a final call to HashFinal (or HashFinalENC) to retrieve the result. The hash algorithm is selected by the HashAlgorithm property setting.

Returns True for success, False for failure.

top
HashBytes
function CkCrypt2_HashBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Hashes a byte array.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Returns True for success, False for failure.

top
HashBytes2
function CkCrypt2_HashBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as HashBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
HashBytesENC
function CkCrypt2_HashBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__hashBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

Hashes a byte array and returns the hash as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
HashFile
function CkCrypt2_HashFile(objHandle: HCkCrypt2;
    path: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;

Hashes a file and returns the hash bytes.

The hash algorithm is specified by the HashAlgorithm property,

Any size file may be hashed because the file is hashed internally in streaming mode (keeping memory usage low and constant).

Returns True for success, False for failure.

top
HashFileAsync (1)
function CkCrypt2_HashFileAsync(objHandle: HCkCrypt2;
    path: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the HashFile method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
HashFileENC
function CkCrypt2_HashFileENC(objHandle: HCkCrypt2;
    path: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__hashFileENC(objHandle: HCkCrypt2;
    path: PWideChar): PWideChar; stdcall;

Hashes a file and returns the hash as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

Any size file is supported because the file is hashed internally in streaming mode (keeping memory usage low and constant).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
HashFileENCAsync (1)
function CkCrypt2_HashFileENCAsync(objHandle: HCkCrypt2;
    path: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the HashFileENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
HashFinal
function CkCrypt2_HashFinal(objHandle: HCkCrypt2;
    outBytes: HCkByteData): wordbool; stdcall;

Finalizes a multi-step hash computation and returns the hash bytes.

Returns True for success, False for failure.

top
HashFinalENC
function CkCrypt2_HashFinalENC(objHandle: HCkCrypt2;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__hashFinalENC(objHandle: HCkCrypt2): PWideChar; stdcall;

Finalizes a multi-step hash computation and returns the hash bytes encoded according to the EncodingMode property setting.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
HashMoreBytes
function CkCrypt2_HashMoreBytes(objHandle: HCkCrypt2;
    data: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

Adds more bytes to the hash currently under computation. (See HashBeginBytes)

Returns True for success, False for failure.

top
HashMoreBytes2
function CkCrypt2_HashMoreBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as HashMoreBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
HashMoreString
function CkCrypt2_HashMoreString(objHandle: HCkCrypt2;
    strData: PWideChar): wordbool; stdcall;

Adds more text to the hash currently under computation. (See HashBeginString)

Returns True for success, False for failure.

top
HashString
function CkCrypt2_HashString(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Hashes a string and returns a binary hash. The hash algorithm is specified by the HashAlgorithm property,

The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list fo supported charsets is listed in the EncryptString method description.

IMPORTANT: Hash algorithms hash bytes. Changing the bytes passed to a hash algorithm changes the result. A character (i.e. a visible glyph) can have different byte representations. The byte representation is defined by the Charset. For example, 'A' in us-ascii is a single byte 0x41, whereas in utf-16 it is 2 bytes (0x41 0x00). The byte representation should be explicitly specified, otherwise unexpected results may occur.

Returns True for success, False for failure.

top
HashStringENC
function CkCrypt2_HashStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__hashStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

Hashes a string and returns the hash bytes as an encoded string.

The hash algorithm is specified by the HashAlgorithm property, The encoding is controlled by the EncodingMode property, which can be set to "base64", "hex", "base64url", or any of the encodings listed at the link below.

The Charset property controls the character encoding of the string that is hashed. Languages such as VB.NET, C#, and Visual Basic work with Unicode strings. If it is desired to hash Unicode directly (2 bytes/char) then set the Charset property to "Unicode". To implicitly convert to another charset before hashing, set the Charset property to the desired charset. For example, if Charset is set to "iso-8859-1", the input string is first implicitly converted to iso-8859-1 (1 byte per character) before hashing. The full list of supported charsets is listed in the EncryptString method description.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
HasSignatureSigningTime
function CkCrypt2_HasSignatureSigningTime(objHandle: HCkCrypt2;
    index: Integer): wordbool; stdcall;

This method can be called after a digital signature has been verified by one of the Verify* methods. Returns True if a signing time for the Nth certificate is available and can be retrieved by either the GetSignatureSigningTime or GetSignatureSigningTimeStr methods.

top
Hotp
function CkCrypt2_Hotp(objHandle: HCkCrypt2;
    secret: PWideChar;
    secretEnc: PWideChar;
    counterHex: PWideChar;
    numDigits: Integer;
    truncOffset: Integer;
    hashAlg: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__hotp(objHandle: HCkCrypt2;
    secret: PWideChar;
    secretEnc: PWideChar;
    counterHex: PWideChar;
    numDigits: Integer;
    truncOffset: Integer;
    hashAlg: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.77

Implements RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm. The arguments to this method are:

  • secret: The shared secret in an enocded representation such as base64, hex, ascii, etc.
  • secretEnc: The encoding of the shared secret, such as "base64"
  • counterHex: The 8-byte counter in hexidecimal format.
  • numDigits: The number of decimal digits to return.
  • truncOffset: Normally set this to -1 for dynamic truncation. Otherwise can be set in the range 0..15.
  • hashAlg: Normally set to "sha1". Can be set to other hash algorithms such as "sha256", "sha512", etc.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
InflateBytes
function CkCrypt2_InflateBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Decompresses data that was compressed with CompressBytes.

This is a legacy method that should not be used in new development. It will not be marked as deprecated or removed from future APIs because existing applications may have data already compressed using CompressBytes.

This method expects the input to begin with an 8-byte header composed of a 4-byte magic number (0xB394A7E1) and the 4-byte length of the uncompressed data.

Returns True for success, False for failure.

top
InflateBytesENC
function CkCrypt2_InflateBytesENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

The opposite of CompressBytesENC. The EncodingMode and CompressionAlgorithm properties should match what was used when compressing.

Returns True for success, False for failure.

More Information and Examples
top
InflateString
function CkCrypt2_InflateString(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__inflateString(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

The opposite of CompressString. The Charset and CompressionAlgorithm properties should match what was used when compressing.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
InflateStringENC
function CkCrypt2_InflateStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__inflateStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

The opposite of CompressStringENC. The Charset, EncodingMode, and CompressionAlgorithm properties should match what was used when compressing.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
LastJsonData
function CkCrypt2_LastJsonData(objHandle: HCkCrypt2): HCkJsonObject; stdcall;
Introduced in version 9.5.0.70

Provides information about what transpired in the last method called. For many methods, there is no information. For some methods, details about what transpired can be obtained via LastJsonData. For example, after calling a method to verify a signature, the LastJsonData will return JSON with details about the algorithms used for signature verification.

Returns nil on failure

More Information and Examples
top
LoadTaskCaller
function CkCrypt2_LoadTaskCaller(objHandle: HCkCrypt2;
    task: HCkTask): wordbool; stdcall;
Introduced in version 9.5.0.80

Loads the caller of the task's async method.

Returns True for success, False for failure.

top
MacBdENC
function CkCrypt2_MacBdENC(objHandle: HCkCrypt2;
    bd: HCkBinData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__macBdENC(objHandle: HCkCrypt2;
    bd: HCkBinData): PWideChar; stdcall;
Introduced in version 9.5.0.66

Computes a Message Authentication Code on the bytes contained in bd, using the MAC algorithm specified in the MacAlgorithm property. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
MacBytes
function CkCrypt2_MacBytes(objHandle: HCkCrypt2;
    inBytes: HCkByteData;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.55

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property.

Returns True for success, False for failure.

More Information and Examples
top
MacBytes2
function CkCrypt2_MacBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as MacBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
MacBytesENC
function CkCrypt2_MacBytesENC(objHandle: HCkCrypt2;
    inBytes: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__macBytesENC(objHandle: HCkCrypt2;
    inBytes: HCkByteData): PWideChar; stdcall;

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
MacString
function CkCrypt2_MacString(objHandle: HCkCrypt2;
    inText: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.55

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property.

Returns True for success, False for failure.

More Information and Examples
top
MacStringENC
function CkCrypt2_MacStringENC(objHandle: HCkCrypt2;
    inText: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__macStringENC(objHandle: HCkCrypt2;
    inText: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.55

Computes a Message Authentication Code using the MAC algorithm specified in the MacAlgorithm property. The result is encoded to a string using the encoding (base64, hex, etc.) specified by the EncodingMode property.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
MySqlAesDecrypt
function CkCrypt2_MySqlAesDecrypt(objHandle: HCkCrypt2;
    strEncryptedHex: PWideChar;
    strPassword: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__mySqlAesDecrypt(objHandle: HCkCrypt2;
    strEncryptedHex: PWideChar;
    strPassword: PWideChar): PWideChar; stdcall;

Matches MySQL's AES_DECRYPT function. strEncryptedHex is a hex-encoded string of the AES encrypted data. The return value is the original unencrypted string.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
MySqlAesEncrypt
function CkCrypt2_MySqlAesEncrypt(objHandle: HCkCrypt2;
    strData: PWideChar;
    strPassword: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__mySqlAesEncrypt(objHandle: HCkCrypt2;
    strData: PWideChar;
    strPassword: PWideChar): PWideChar; stdcall;

Matches MySQL's AES_ENCRYPT function. The return value is a hex-encoded string of the encrypted data. The equivalent call in MySQL would look like this: HEX(AES_ENCRYPT('The quick brown fox jumps over the lazy dog','password'))

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
OpaqueSignBd
function CkCrypt2_OpaqueSignBd(objHandle: HCkCrypt2;
    bd: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.67

In-place signs the contents of bd. The contents of bd is replaced with the PKCS7/CMS format signature that embeds the data that was signed.

Returns True for success, False for failure.

top
OpaqueSignBdAsync (1)
function CkCrypt2_OpaqueSignBdAsync(objHandle: HCkCrypt2;
    bd: HCkBinData): HCkTask; stdcall;
Introduced in version 9.5.0.67

Creates an asynchronous task to call the OpaqueSignBd method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
OpaqueSignBytes
function CkCrypt2_OpaqueSignBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Digitally signs a byte array and returns a PKCS7/CMS format signature. This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method.

Returns True for success, False for failure.

top
OpaqueSignBytesAsync (1)
function CkCrypt2_OpaqueSignBytesAsync(objHandle: HCkCrypt2;
    data: HCkByteData): HCkTask; stdcall;

Creates an asynchronous task to call the OpaqueSignBytes method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
OpaqueSignBytes2
function CkCrypt2_OpaqueSignBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as OpaqueSignBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
OpaqueSignBytesENC
function CkCrypt2_OpaqueSignBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__opaqueSignBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

Digitally signs a byte array and returns a PKCS7/CMS format signature in encoded string format (such as Base64 or hex). This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP","Hex", etc. (See the EncodingMode property.)

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
OpaqueSignBytesENCAsync (1)
function CkCrypt2_OpaqueSignBytesENCAsync(objHandle: HCkCrypt2;
    data: HCkByteData): HCkTask; stdcall;

Creates an asynchronous task to call the OpaqueSignBytesENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
OpaqueSignString
function CkCrypt2_OpaqueSignString(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Digitally signs a string and returns a PKCS7/CMS format signature. This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

Returns True for success, False for failure.

More Information and Examples
top
OpaqueSignStringAsync (1)
function CkCrypt2_OpaqueSignStringAsync(objHandle: HCkCrypt2;
    str: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the OpaqueSignString method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
OpaqueSignStringENC
function CkCrypt2_OpaqueSignStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__opaqueSignStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

Digitally signs a string and returns a PKCS7/CMS format signature in encoded string format (such as base64 or hex). This is a signature that contains both the original data as well as the signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

The EncodingMode property controls the output encoding, which can be "Base64", "QP","Hex", etc. (See the EncodingMode property.)

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
OpaqueSignStringENCAsync (1)
function CkCrypt2_OpaqueSignStringENCAsync(objHandle: HCkCrypt2;
    str: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the OpaqueSignStringENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
OpaqueVerifyBd
function CkCrypt2_OpaqueVerifyBd(objHandle: HCkCrypt2;
    bd: HCkBinData): wordbool; stdcall;
Introduced in version 9.5.0.67

In-place verifies and unwraps the PKCS7/CMS contents of bd. If the signature is verified, the contents of bd will be replaced with the original data, and the method returns True. If the signature is not verified, then the contents of bd remain unchanged and the method returns False.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

top
OpaqueVerifyBytes
function CkCrypt2_OpaqueVerifyBytes(objHandle: HCkCrypt2;
    p7s: HCkByteData;
    outOriginal: HCkByteData): wordbool; stdcall;

Verifies an opaque signature and returns the original data. If the signature verification fails, the returned data will be 0 bytes in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

top
OpaqueVerifyBytes2
function CkCrypt2_OpaqueVerifyBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as OpaqueVerifyBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
OpaqueVerifyBytesENC
function CkCrypt2_OpaqueVerifyBytesENC(objHandle: HCkCrypt2;
    p7s: PWideChar;
    outOriginal: HCkByteData): wordbool; stdcall;

Verifies an opaque signature (encoded in string form) and returns the original data. If the signature verification fails, the returned data will be 0 bytes in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

More Information and Examples
top
OpaqueVerifyString
function CkCrypt2_OpaqueVerifyString(objHandle: HCkCrypt2;
    p7s: HCkByteData;
    outOriginal: HCkString): wordbool; stdcall;
function CkCrypt2__opaqueVerifyString(objHandle: HCkCrypt2;
    p7s: HCkByteData): PWideChar; stdcall;

Verifies an opaque signature and returns the original string. If the signature verification fails, the returned string will be 0 characters in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
OpaqueVerifyStringENC
function CkCrypt2_OpaqueVerifyStringENC(objHandle: HCkCrypt2;
    p7s: PWideChar;
    outOriginal: HCkString): wordbool; stdcall;
function CkCrypt2__opaqueVerifyStringENC(objHandle: HCkCrypt2;
    p7s: PWideChar): PWideChar; stdcall;

Verifies an opaque signature (encoded in string form) and returns the original data string. If the signature verification fails, the returned string will be 0 characters in length.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
Pbkdf1
function CkCrypt2_Pbkdf1(objHandle: HCkCrypt2;
    password: PWideChar;
    charset: PWideChar;
    hashAlg: PWideChar;
    salt: PWideChar;
    iterationCount: Integer;
    outputKeyBitLen: Integer;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__pbkdf1(objHandle: HCkCrypt2;
    password: PWideChar;
    charset: PWideChar;
    hashAlg: PWideChar;
    salt: PWideChar;
    iterationCount: Integer;
    outputKeyBitLen: Integer;
    encoding: PWideChar): PWideChar; stdcall;

Implements the PBKDF1 algorithm (Password Based Key Derivation Function #1). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "md5", "sha1", "md2", etc. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.

Note: Starting in version 9.5.0.47, if the charset is set to one of the keywords "hex" or "base64", then the password will be considered binary data that is hex or base64 encoded. The bytes will be decoded and used directly as a binary password.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
Pbkdf2
function CkCrypt2_Pbkdf2(objHandle: HCkCrypt2;
    password: PWideChar;
    charset: PWideChar;
    hashAlg: PWideChar;
    salt: PWideChar;
    iterationCount: Integer;
    outputKeyBitLen: Integer;
    encoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__pbkdf2(objHandle: HCkCrypt2;
    password: PWideChar;
    charset: PWideChar;
    hashAlg: PWideChar;
    salt: PWideChar;
    iterationCount: Integer;
    outputKeyBitLen: Integer;
    encoding: PWideChar): PWideChar; stdcall;

Implements the PBKDF2 algorithm (Password Based Key Derivation Function #2). The password is converted to the character encoding represented by charset before being passed (internally) to the key derivation function. The hashAlg may be "sha256", "sha384", "sha512", "md5", "sha1", "md2", or any hash algorithm listed in the HashAlgorithm property. The salt should be random data at least 8 bytes (64 bits) in length. (The GenRandomBytesENC method is good for generating a random salt value.) The iterationCount should be no less than 1000. The length (in bits) of the derived key output by this method is controlled by outputKeyBitLen. The encoding argument may be "base64", "hex", etc. It controls the encoding of the output, and the expected encoding of the salt. The derived key is returned.

Note: The PBKDF2 function (internally) utilizes a PRF that is a pseudorandom function that is a keyed HMAC. The hash algorithm specified by hashAlg determines this PRF. If hashAlg is "SHA256", then HMAC-SHA256 is used for the PRF. Likewise, if the hash function is "SHA1", then HMAC-SHA1 is used. HMAC can be used with any hash algorithm.

Note: Starting in version 9.5.0.47, if the charset is set to one of the keywords "hex" or "base64", then the password will be considered binary data that is hex or base64 encoded. The bytes will be decoded and used directly as a binary password.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
RandomizeIV
procedure CkCrypt2_RandomizeIV(objHandle: HCkCrypt2) stdcall;

Sets the initialization vector to a random value.

top
RandomizeKey
procedure CkCrypt2_RandomizeKey(objHandle: HCkCrypt2) stdcall;

Sets the secret key to a random value.

top
ReadFile
function CkCrypt2_ReadFile(objHandle: HCkCrypt2;
    filename: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;

Convenience method to read an entire file and return as a byte array.

Returns True for success, False for failure.

top
ReEncode
function CkCrypt2_ReEncode(objHandle: HCkCrypt2;
    encodedData: PWideChar;
    fromEncoding: PWideChar;
    toEncoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__reEncode(objHandle: HCkCrypt2;
    encodedData: PWideChar;
    fromEncoding: PWideChar;
    toEncoding: PWideChar): PWideChar; stdcall;

Provides a means for converting from one encoding to another (such as base64 to hex). This is helpful for programming environments where byte arrays are a real pain-in-the-***. The fromEncoding and toEncoding may be (case-insensitive) "Base64", "modBase64", "Base32", "Base58", "UU", "QP" (for quoted-printable), "URL" (for url-encoding), "Hex", "Q", "B", "url_oauth", "url_rfc1738", "url_rfc2396", and "url_rfc3986".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
SetDecryptCert
function CkCrypt2_SetDecryptCert(objHandle: HCkCrypt2;
    cert: HCkCert): wordbool; stdcall;

Sets the digital certificate to be used for decryption when the CryptAlgorithm property is set to "PKI". A private key is required for decryption. Because this method only specifies the certificate, a prerequisite is that the certificate w/ private key must have been pre-installed on the computer. Private keys are stored in the Windows Protected Store (either a user account specific store, or the system-wide store). The Chilkat component will automatically locate and find the certificate's corresponding private key from the protected store when decrypting.

Returns True for success, False for failure.

top
SetDecryptCert2
function CkCrypt2_SetDecryptCert2(objHandle: HCkCrypt2;
    cert: HCkCert;
    key: HCkPrivateKey): wordbool; stdcall;

Sets the digital certificate to be used for decryption when the CryptAlgorithm property is set to "PKI". The private key is supplied in the 2nd argument to this method, so there is no requirement that the certificate be pre-installed on a computer before decrypting (if this method is called).

Returns True for success, False for failure.

top
SetEncodedAad
function CkCrypt2_SetEncodedAad(objHandle: HCkCrypt2;
    aadStr: PWideChar;
    encoding: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.55

Sets the authenticated additional data from an encoded string. The authenticated additional data (AAD), if any, is used in authenticated encryption modes such as GCM. The aadStr argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

The Aad is used when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric ciphers that have a block size of 16 bytes, such as AES or Twofish.

Returns True for success, False for failure.

More Information and Examples
top
SetEncodedAuthTag
function CkCrypt2_SetEncodedAuthTag(objHandle: HCkCrypt2;
    authTagStr: PWideChar;
    encoding: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.55

Sets the expected authenticated tag from an encoded string. The authenticated tag is used in authenticated encryption modes such as GCM. An application would set the expected authenticated tag prior to decrypting. The authTagStr argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

The authenticated tag plays a role when the CipherMode is "gcm" (Galois/Counter Mode), which is a mode valid for symmetric block ciphers that have a block size of 16 bytes, such as AES or Twofish.

Note: You can set the authenticated tag to the special value "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" (16 0xFF bytes) to prevent Chilkat from checking the auth tag after decrypting.

Returns True for success, False for failure.

More Information and Examples
top
SetEncodedIV
procedure CkCrypt2_SetEncodedIV(objHandle: HCkCrypt2;
    ivStr: PWideChar;
    encoding: PWideChar) stdcall;

Sets the initialization vector from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

top
SetEncodedKey
procedure CkCrypt2_SetEncodedKey(objHandle: HCkCrypt2;
    keyStr: PWideChar;
    encoding: PWideChar) stdcall;

Sets the secret key from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

More Information and Examples
top
SetEncodedSalt
procedure CkCrypt2_SetEncodedSalt(objHandle: HCkCrypt2;
    saltStr: PWideChar;
    encoding: PWideChar) stdcall;

Sets the password-based encryption (PBE) salt bytes from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

top
SetEncryptCert
function CkCrypt2_SetEncryptCert(objHandle: HCkCrypt2;
    cert: HCkCert): wordbool; stdcall;

Tells the encryption library to use a specific digital certificate for public-key encryption. To encrypt with multiple certificates, call AddEncryptCert once for each certificate. (Calling this method is the equivalent of calling ClearEncryptCerts followed by AddEncryptCert.)

Returns True for success, False for failure.

top
SetIV
procedure CkCrypt2_SetIV(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord) stdcall;

Sets the initialization vector for a symmetric encryption algorithm (such as AES, BlowFish, TwoFish, DES, etc.). IV's are used in CBC mode (Cipher-Block-Chaining), but are not used in ECB mode (Electronic Cookbook). The length of the IV should equal the block size of the algorithm. (It is not equal to the key length). For AES and TwoFish, the block size (and thus IV size) is always 16 bytes. For Blowfish it's 8 bytes. For DES and 3DES it's 8 bytes.

top
SetMacKeyBytes
function CkCrypt2_SetMacKeyBytes(objHandle: HCkCrypt2;
    keyBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.55

Sets the MAC key to be used for one of the Mac methods.

Returns True for success, False for failure.

top
SetMacKeyEncoded
function CkCrypt2_SetMacKeyEncoded(objHandle: HCkCrypt2;
    key: PWideChar;
    encoding: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.55

Sets the MAC key to be used for one of the Mac methods. The encoding can be set to any of the following strings: "base64", "hex", "quoted-printable", or "url".

Returns True for success, False for failure.

More Information and Examples
top
SetMacKeyString
function CkCrypt2_SetMacKeyString(objHandle: HCkCrypt2;
    key: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.55

Sets the MAC key to be used for one of the Mac methods.

Returns True for success, False for failure.

More Information and Examples
top
SetSecretKey
procedure CkCrypt2_SetSecretKey(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord) stdcall;

Sets the value of the SecretKey property.

top
SetSecretKeyViaPassword
procedure CkCrypt2_SetSecretKeyViaPassword(objHandle: HCkCrypt2;
    password: PWideChar) stdcall;

Accepts a password string and (internally) generates a binary secret key of the appropriate bit length and sets the SecretKey property. This method should only be used if you are using Chilkat for both encryption and decryption because the password-to-secret-key algorithm would need to be identical for the decryption to match the encryption.

There is no minimum or maximum password length. The password string is transformed to a binary secret key by computing the MD5 digest (of the utf-8 password) to obtain 16 bytes. If the KeyLength is greater than 16 bytes, then the MD5 digest of the Base64 encoding of the utf-8 password is added. A max of 32 bytes of key material is generated, and this is truncated to the actual KeyLength required. The example below shows how to manually duplicate the computation.

top
SetSigningCert
function CkCrypt2_SetSigningCert(objHandle: HCkCrypt2;
    cert: HCkCert): wordbool; stdcall;

Specifies a certificate to be used when creating PKCS7 digital signatures. Signing requires both a certificate and private key. In this case, the private key is implicitly specified if the certificate originated from a PFX that contains the corresponding private key, or if on a Windows-based computer where the certificate and corresponding private key are pre-installed. (If a PFX file is used, it is provided via the AddPfxSourceFile or AddPfxSourceData methods.)

Returns True for success, False for failure.

top
SetSigningCert2
function CkCrypt2_SetSigningCert2(objHandle: HCkCrypt2;
    cert: HCkCert;
    privateKey: HCkPrivateKey): wordbool; stdcall;

Specifies a digital certificate and private key to be used for creating PKCS7 digital signatures.

Returns True for success, False for failure.

top
SetTsaHttpObj
procedure CkCrypt2_SetTsaHttpObj(objHandle: HCkCrypt2;
    http: HCkHttp) stdcall;

Sets the timestamp authority (TSA) options for cases where a CAdES-T signature is to be created. The http is used to send the requests, and it allows for connection related settings and timeouts to be set. For example, if HTTP or SOCKS proxies are required, these features can be specified on the http.

top
SetVerifyCert
function CkCrypt2_SetVerifyCert(objHandle: HCkCrypt2;
    cert: HCkCert): wordbool; stdcall;

Sets the digital certificate to be used in verifying a signature. In virtually all cases, a PKCS7 (CMS) signature already embeds the signing certificate information, and it is not necessary to explicitly call this method to specify the verification certificate. It is only needed in rare cases.

Returns True for success, False for failure.

top
SignBdENC
function CkCrypt2_SignBdENC(objHandle: HCkCrypt2;
    dataToSign: HCkBinData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__signBdENC(objHandle: HCkCrypt2;
    dataToSign: HCkBinData): PWideChar; stdcall;
Introduced in version 9.5.0.67

Digitally signs the contents of dataToSign and returns the detached digital signature in an encoded string (according to the EncodingMode property setting).

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
SignBdENCAsync (1)
function CkCrypt2_SignBdENCAsync(objHandle: HCkCrypt2;
    dataToSign: HCkBinData): HCkTask; stdcall;
Introduced in version 9.5.0.67

Creates an asynchronous task to call the SignBdENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
SignBytes
function CkCrypt2_SignBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    outData: HCkByteData): wordbool; stdcall;

Digitally signs a byte array and returns the detached digital signature. A certificate must be set by calling SetSigningCert prior to calling this method.

Returns True for success, False for failure.

top
SignBytesAsync (1)
function CkCrypt2_SignBytesAsync(objHandle: HCkCrypt2;
    data: HCkByteData): HCkTask; stdcall;

Creates an asynchronous task to call the SignBytes method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
SignBytes2
function CkCrypt2_SignBytes2(objHandle: HCkCrypt2;
    pByteData: pbyte;
    szByteData: LongWord;
    outBytes: HCkByteData): wordbool; stdcall;
Introduced in version 9.5.0.82

The same as SignBytes except the binary data is passed via a pointer and length.

Returns True for success, False for failure.

top
SignBytesENC
function CkCrypt2_SignBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__signBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData): PWideChar; stdcall;

Digitally signs a byte array and returns the detached digital signature encoded as a printable string. A certificate must be set by calling SetSigningCert prior to calling this method. The EncodingMode property controls the output encoding, which can be "Base64", "QP", or "Hex".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
SignBytesENCAsync (1)
function CkCrypt2_SignBytesENCAsync(objHandle: HCkCrypt2;
    data: HCkByteData): HCkTask; stdcall;

Creates an asynchronous task to call the SignBytesENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
SignHashENC
function CkCrypt2_SignHashENC(objHandle: HCkCrypt2;
    encodedHash: PWideChar;
    hashAlg: PWideChar;
    hashEncoding: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__signHashENC(objHandle: HCkCrypt2;
    encodedHash: PWideChar;
    hashAlg: PWideChar;
    hashEncoding: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.90

Digitally signs a hash and returns the PKCS7 detached digital signature as an encoded string. The hash to be signed is passed in encodedHash. The type of hash is passed in hashAlg, which can be "sha1", "sha256", "sha384", "sha512", etc. The hashEncoding specifies the encoding of the hash passed in encodedHash, such as "base64", "hex", etc.

A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing.

The encoding of the output string is controlled by the EncodingMode property, which can be set to "base64", "hex", etc.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
SignHashENCAsync (1)
function CkCrypt2_SignHashENCAsync(objHandle: HCkCrypt2;
    encodedHash: PWideChar;
    hashAlg: PWideChar;
    hashEncoding: PWideChar): HCkTask; stdcall;
Introduced in version 9.5.0.90

Creates an asynchronous task to call the SignHashENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
SignSbENC
function CkCrypt2_SignSbENC(objHandle: HCkCrypt2;
    sb: HCkStringBuilder;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__signSbENC(objHandle: HCkCrypt2;
    sb: HCkStringBuilder): PWideChar; stdcall;
Introduced in version 9.5.0.67

Digitally signs a the contents of sb and returns the PKCS7 detached digital signature as an encoded string according to the EncodingMode property setting.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

More Information and Examples
top
SignSbENCAsync (1)
function CkCrypt2_SignSbENCAsync(objHandle: HCkCrypt2;
    sb: HCkStringBuilder): HCkTask; stdcall;
Introduced in version 9.5.0.67

Creates an asynchronous task to call the SignSbENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
SignString
function CkCrypt2_SignString(objHandle: HCkCrypt2;
    str: PWideChar;
    outData: HCkByteData): wordbool; stdcall;

Digitally signs a string and returns the detached digital signature. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

Returns True for success, False for failure.

top
SignStringAsync (1)
function CkCrypt2_SignStringAsync(objHandle: HCkCrypt2;
    str: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the SignString method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
SignStringENC
function CkCrypt2_SignStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__signStringENC(objHandle: HCkCrypt2;
    str: PWideChar): PWideChar; stdcall;

Digitally signs a string and returns the PKCS7 detached digital signature as an encoded string. A certificate must be set by calling SetSigningCert prior to calling this method. The Charset property controls the character encoding of the string that is signed. (Languages such as VB.NET, C#, and Visual Basic work with Unicode strings.) To sign Unicode data (2 bytes per char), set the Charset property to "Unicode". To implicitly convert the string to a mutlibyte charset such as "iso-8859-1", "Shift_JIS", "utf-8", or something else, then set the Charset property to the name of the charset before signing. The complete list of charsets is listed in the EncryptString method description.

The encoding of the output string is controlled by the EncodingMode property, which can be set to "Base64", "QP", or "Hex".

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
SignStringENCAsync (1)
function CkCrypt2_SignStringENCAsync(objHandle: HCkCrypt2;
    str: PWideChar): HCkTask; stdcall;

Creates an asynchronous task to call the SignStringENC method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.

Returns nil on failure

top
StringToBytes
function CkCrypt2_StringToBytes(objHandle: HCkCrypt2;
    inStr: PWideChar;
    charset: PWideChar;
    outBytes: HCkByteData): wordbool; stdcall;

Convert a string to a byte array where the characters are encoded according to the charset specified.

Returns True for success, False for failure.

top
Totp
function CkCrypt2_Totp(objHandle: HCkCrypt2;
    secret: PWideChar;
    secretEnc: PWideChar;
    t0: PWideChar;
    tNow: PWideChar;
    tStep: Integer;
    numDigits: Integer;
    truncOffset: Integer;
    hashAlg: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__totp(objHandle: HCkCrypt2;
    secret: PWideChar;
    secretEnc: PWideChar;
    t0: PWideChar;
    tNow: PWideChar;
    tStep: Integer;
    numDigits: Integer;
    truncOffset: Integer;
    hashAlg: PWideChar): PWideChar; stdcall;
Introduced in version 9.5.0.77

Implements RFC 6238: TOTP: Time-Based One-Time Password Algorithm. The arguments to this method are:

  • secret: The shared secret in an enocded representation such as base64, hex, ascii, etc.
  • secretEnc: The encoding of the shared secret, such as "base64"
  • t0: The Unix time to start counting time steps. It is a number in decimal string form. A Unix time is the number of seconds elapsed since midnight UTC of January 1, 1970. "0" is a typical value used for this argument.
  • tNow: The current Unix time in decimal string form. To use the current system date/time, pass an empty string for this argument.
  • tStep: The time step in seconds. A typical value is 30. Note: Both client and server must pre-agree on the secret, the t0, and the tStep.
  • numDigits: The number of decimal digits to return.
  • truncOffset: Normally set this to -1 for dynamic truncation. Otherwise can be set in the range 0..15.
  • hashAlg: Normally set to "sha1". Can be set to other hash algorithms such as "sha256", "sha512", etc.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
TrimEndingWith
function CkCrypt2_TrimEndingWith(objHandle: HCkCrypt2;
    inStr: PWideChar;
    ending: PWideChar;
    outStr: HCkString): wordbool; stdcall;
function CkCrypt2__trimEndingWith(objHandle: HCkCrypt2;
    inStr: PWideChar;
    ending: PWideChar): PWideChar; stdcall;

Trim a string ending with a specific substring until the string no longer ends with that substring.

Returns True for success, False for failure.

See the notes about PWideChar memory ownership and validity.

top
UseCertVault
function CkCrypt2_UseCertVault(objHandle: HCkCrypt2;
    vault: HCkXmlCertVault): wordbool; stdcall;
Introduced in version 9.5.0.40

Adds an XML certificate vault to the object's internal list of sources to be searched for certificates and private keys when encrypting/decrypting or signing/verifying. Unlike the AddPfxSourceData and AddPfxSourceFile methods, only a single XML certificate vault can be used. If UseCertVault is called multiple times, only the last certificate vault will be used, as each call to UseCertVault will replace the certificate vault provided in previous calls.

Returns True for success, False for failure.

top
VerifyBdENC
function CkCrypt2_VerifyBdENC(objHandle: HCkCrypt2;
    data: HCkBinData;
    encodedSig: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.67

Verifies a digital signature against the original data contained in data. Returns True if the signature is verified.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

More Information and Examples
top
VerifyBytes
function CkCrypt2_VerifyBytes(objHandle: HCkCrypt2;
    data: HCkByteData;
    sig: HCkByteData): wordbool; stdcall;

Verifies a byte array against a digital signature and returns true if the byte array is unaltered.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

top
VerifyBytesENC
function CkCrypt2_VerifyBytesENC(objHandle: HCkCrypt2;
    data: HCkByteData;
    encodedSig: PWideChar): wordbool; stdcall;

Verifies a byte array against a string-encoded digital signature and returns true if the byte array is unaltered. This method can be used to verify a signature produced by SignBytesENC. The EncodingMode property must be set prior to calling to match the encoding of the digital signature string ("Base64", "QP", or "Hex").

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

More Information and Examples
top
VerifyDetachedSignature
function CkCrypt2_VerifyDetachedSignature(objHandle: HCkCrypt2;
    inFilename: PWideChar;
    p7sFilename: PWideChar): wordbool; stdcall;

Verifies a .p7s (PKCS #7 Signature) against the original file (or exact copy of it). If the inFilename has not been modified, the return value is True, otherwise it is False. This method is equivalent to VerifyP7S.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

top
VerifyP7M
function CkCrypt2_VerifyP7M(objHandle: HCkCrypt2;
    p7mPath: PWideChar;
    destPath: PWideChar): wordbool; stdcall;

Verifies a .p7m file and extracts the original file from the .p7m. Returns True if the signature is valid and the contents are unchanged. Otherwise returns False.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

top
VerifyP7S
function CkCrypt2_VerifyP7S(objHandle: HCkCrypt2;
    inFilename: PWideChar;
    p7sFilename: PWideChar): wordbool; stdcall;

Verifies a .p7s (PKCS #7 Signature) against the original file (or exact copy of it). If the inFilename has not been modified, the return value is True, otherwise it is False.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

More Information and Examples
top
VerifySbENC
function CkCrypt2_VerifySbENC(objHandle: HCkCrypt2;
    sb: HCkStringBuilder;
    encodedSig: PWideChar): wordbool; stdcall;
Introduced in version 9.5.0.67

Verifies a digital signature against the original data contained in sb. Returns True if the signature is verified.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

Returns True for success, False for failure.

More Information and Examples
top
VerifyString
function CkCrypt2_VerifyString(objHandle: HCkCrypt2;
    str: PWideChar;
    sig: HCkByteData): wordbool; stdcall;

Verifies a string against a binary digital signature and returns true if the string is unaltered. This method can be used to verify a signature produced by SignString. The Charset property must be set to the charset that was used when creating the signature.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

top
VerifyStringENC
function CkCrypt2_VerifyStringENC(objHandle: HCkCrypt2;
    str: PWideChar;
    encodedSig: PWideChar): wordbool; stdcall;

Verifies a string against a string-encoded digital signature and returns true if the string is unaltered. This method can be used to verify a signature produced by SignStringENC. The Charset and EncodingMode properties must be set to the same values that were used when creating the signature.

Note: The signer certificates can be retrieved after any Verify* method call by using the NumSignerCerts property and the GetSignerCert method.

top
WriteFile
function CkCrypt2_WriteFile(objHandle: HCkCrypt2;
    filename: PWideChar;
    fileData: HCkByteData): wordbool; stdcall;

Convenience method to write an entire byte array to a file.

Returns True for success, False for failure.

top
XtsSetDataUnitNumber
procedure CkCrypt2_XtsSetDataUnitNumber(objHandle: HCkCrypt2;
    loUint32: LongWord;
    hiUint32: LongWord) stdcall;
Introduced in version 9.5.0.91

Sets the XTS-AES mode data unit number. The data unit number is a 64-bit unsigned integer. It is passed in as two 32-bit unsigned integers representing the high and low 32-bits.

Setting the data unit number is one way of setting the tweak value. The tweak value is 16 bytes in length and can alternatively be set by calling XtsSetEncodedTweakValue.

This method sets the tweak value such that the first 8 bytes are composed of the little-endian 64-bit data unit number, followed by 8 zero bytes.

(Unfortunately, Chilkat cannot use 64-bit integers in method arguments because many older programming environments, such as ActiveX, do not support it. Chilkat must present an identical and uniform API across all programming languages.)

top
XtsSetEncodedTweakKey
procedure CkCrypt2_XtsSetEncodedTweakKey(objHandle: HCkCrypt2;
    key: PWideChar;
    encoding: PWideChar) stdcall;
Introduced in version 9.5.0.91

Sets the XTS-AES mode tweak key from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url". The tweak key should be equal in size to the encryption key. For example, to do 256-bit AES-XTS, the encryption key is 256-bits, and the tweak key is also 256-bits.

More Information and Examples
top
XtsSetEncodedTweakValue
procedure CkCrypt2_XtsSetEncodedTweakValue(objHandle: HCkCrypt2;
    tweak: PWideChar;
    encoding: PWideChar) stdcall;
Introduced in version 9.5.0.91

Sets the XTS-AES mode tweak value from an encoded string. The encoding argument can be set to any of the following strings: "base64", "hex", "quoted-printable", "ascii", or "url".

The tweak value must be 16 bytes in length. An application can set the initial tweak value by calling this method, or by calling XtsSetDataUnitNumber (but not both).

More Information and Examples
top

Events

Chilkat supports event callbacks for the Delphi DLL starting in version 9.5.0.82.

AbortCheck
function MyAbortCheck(): Integer; cdecl;
Introduced in version 9.5.0.82

Provides the opportunity for a method call to be aborted. The AbortCheck event is fired periodically based on the value of the HeartbeatMs property. If HeartbeatMs is 0, then no AbortCheck events will fire. As an example, to fire 5 AbortCheck events per second, set the HeartbeatMs property equal to 200. Return True to abort; return False to continue (not abort)

More Information and Examples
top
PercentDone
function MyPercentDone(pctDone: Integer): Integer; cdecl;
Introduced in version 9.5.0.82

Provides the percentage completed for any method that involves network communications or time-consuming processing (assuming it is a method where a percentage completion can be measured). This event is only fired when it is possible to know a percentage completion, and when it makes sense to express the operation as a percentage completed. The pctDone argument will have a value from 1 to 100. For operations (Chilkat method calls) that complete very quickly, the number of PercentDone callbacks will vary, but the final callback should have a value of 100. For long running operations, no more than one callback per percentage point will occur (for example: 1, 2, 3, ... 98, 99, 100).

The PercentDone callback counts as an AbortCheck event. For method calls that complete quickly such that PercentDone events fire, it may be that AbortCheck events don't fire because the opportunity to abort is already provided in the PercentDone callback. For time consuming operations, where the amount of time between PercentDone callbacks are long, AbortCheck callbacks may be used to allow for the operation to be aborted in a more responsive manner.

Return True to abort; return False to continue (not abort)

More Information and Examples
top
ProgressInfo
procedure MyProgressInfo(name: PWideChar; value: PWideChar) cdecl;
Introduced in version 9.5.0.82

A general name/value event that provides information about what is happening during a method call. To find out what information is available, write code to handle this event and log the name/value pairs. Most are self-explanatory.

More Information and Examples
top
TaskCompleted
procedure MyTaskCompleted(task: HCkTask) cdecl;
Introduced in version 9.5.0.82

Called in the background thread when an asynchronous task completes.

top