[VB6/VBA] Simple AES 256-bit password protected encryption

[wqweto]

Simple AES 256-bit password protected encryption

A single mdAesCtr.bas module contains an implementation of a simple to use openssl compatible AES 256-bit encryption/decryption in Counter (CTR) mode, using CNG API functions available in Win7 and later.

Sample usage

Just copy/paste mdAesCtr.bas from Source code section below to your project and will be able to strongly encrypt a user-supplied text with a custom password by calling AesEncryptString like this

encrypted = AesEncryptString(userText, password)

To decrypt the original text use AesDecryptString function with the same password like this

origText = AesDecryptString(encrypted, password)

These functions use sane defaults for salt and cipher strength that you don't have to worry about. These also encode/expect the string in encrypted in base-64 format so it can be persisted/mailed/transported as a simple string.

Advanced usage

Both string functions above use AesCryptArray worker function to encrypt/decrypt UTF-8 byte-arrays of the original strings. You can directly call AesCryptArray if you need to process binary data or need to customize AES salt and/or AES key length (strength) parameters.

Function AesCryptArray also allows calculating detached HMAC-SHA256 on the input/output data ("detached" means hashes has to be stored separately, supports both encrypt-then-MAC and MAC-then-encrypt) when used like this

AesCryptArray baEncr, ToUtf8Array("pass"), Hmac:=baHmacEncr

(See More samples section below)

Stream usage

When contents to be encrypted does not fit in (32-bit) memory you can expose private pvCryptoAesCtrInit/Terminate/Crypt functions so these can be used to implement read/process/write loop on paged original content.

Implementation

This implementation used to be based on WinZip AES-encrypted archives as implemented in ZipArchive project but now is compatible with openssl enc command when using aes-256-ctr cipher.

Source code

Code:

'--- https://gist.github.com/wqweto/42a6c1de16cc87e9bab2ac9f3c9d8510
'--- already too long to fit in 25000 characters post limit

More samples

Code:

Option Explicit

Private Sub TestEncrypt()
    Dim sPass       As String
    Dim sText       As String
    Dim sEncr       As String
    
    sPass = "password123"
    sText = "this is a test"
    sEncr = AesEncryptString(sText, sPass)
    Debug.Assert sText = AesDecryptString(sEncr, sPass)
    
    Debug.Print "Result (Base64): " & sEncr
    Debug.Print "Raw byte-array:  " & StrConv(FromBase64Array(sEncr), vbUnicode)
    Debug.Print "Decrypted:       " & AesDecryptString(sEncr, sPass)
End Sub
    
Private Sub TestHmac()
    Dim baEncr()    As Byte
    Dim baHmacEncr(0 To 31) As Byte
    Dim baHmacDecr(0 To 31) As Byte
    
    baEncr = ToUtf8Array("test message")
    baHmacEncr(0) = 0           '--- 0 -> generate hash before encrypting
    AesCryptArray baEncr, ToUtf8Array("pass"), Hmac:=baHmacEncr
    baHmacDecr(0) = 1           '--- 1 -> decrypt and generate hash after that
    AesCryptArray baEncr, ToUtf8Array("pass"), Hmac:=baHmacDecr
    Debug.Assert InStrB(1, baHmacDecr, baHmacEncr) = 1
    
    Debug.Print "baHmacDecr: " & StrConv(baHmacDecr, vbUnicode)
    Debug.Print "baHmacEncr: " & StrConv(baHmacEncr, vbUnicode)
End Sub

cheers,
</wqw>