DECRYPT Function

Decrypts a string that was previously encrypted with the ENCRYPT function.

Syntax

DECRYPT(string, key, method)

Syntax Elements

string An expression that evaluates to the string to be decrypted. string can be a plain or an encrypted text string.

key An expression that evaluates to a string containing the decryption key. When using method 1 (see method), this can be a null string (""). The key used for decryption must be the same as that used for encryption.

method An expression that evaluates to an integer specifying one of the following encryption methods:

0 A general purpose network encryption/decryption scheme. It can be used for encoding or decoding sensitive data which is to be transferred outside of the machine. It uses only the last character of key.

1 A simple rotation algorithm that affects only the alphabetic characters A-Z and a-z. These letters are rotated right 13 places. This is an algorithm sometimes called ROT13. It is easily breakable, but it is good for scrambling textual material for online data. Method 1 does not use key, but it must be present even as a null string ("").

2 XOR.MOD11 algorithm that uses only the last character of key. This algorithm uses the key as a seed, which has its five low-order bits XOR'd with each character in string. After each XOR, the seed is incremented by one.

3 A one-to-one exclusive OR between the string in string and an infinite garbage string generated through a Fibonacci algorithm. This method uses the entire key (key).

4 Decrypts using a key from the REK file. key must be the item-id of a key item.

5 Uses either Data Encryption Standard (DES) encryption with the Cipher Block Chaining (CBC) algorithm or Triple DES. key must be a dynamic array where the first attribute is 1 for DES:CBC or 2 for Triple DES, and the second attribute is the encryption key (8-character for DES:CBC, or a 16-character for Triple DES).

6 Uses the standard Base64 encoding algorithm to decode the supplied string. Method 6 does not use key, but it must be present even as a null string ("").

7 It will return a null value as decrypting a digest is not possible.

8 Provides access to the openSSL ciphers such as AES-128-CBC, AES-192-CBC, AES-256-CBC, DES-CBC and DES-EDE3-CBC. The cipher, key (in hex) and initialisation vector (in hex) are passed as an attribute separated list in the key parameter. The passed string is binary (as returned from a corresponding ENCRYPT). The returned data is binary so care must be taken to process values such as character 255 that may occur in the result.

The method used for decryption must be the same as that used for encryption.

Return Value

The decrypted string.

If method 4 is specified, and the user does not have permission to use the specified key item or if the specified key item does not exist, string is returned unchanged.

Comment

If a string has been encrypted more than once, you must decrypt the string in the reverse order to that used for encryption.

Example 1

EN1 = ENCRYPT("EXAMPLE", "BC", 0)
EN2 = ENCRYPT(EN1, "", 1)
.
.
DE1 = DECRYPT(EN2, "", 1)
DE2 = DECRYPT(DE1, "BC", 0)

Sets DE2 to the string "EXAMPLE".

Example 2

DIGEST = OCONV("DE1AB4F1DF9FA6831C3CF59ABEA09200","MCXA")
IV = OCONV("16 characters!?#","MCAX")
KEY = OCONV("Thirty Two character secret key!","MCAX")
CIPHER = "AES-256-CBC"
MSG = DECRYPT(DIGEST,CIPHER:@AM:KEY:@AM:IV,8)
PRINT MSG

Displays HELLO WORLD

Sets MSG to the result of applying the AES-256-AES cipher to decrypt the digest (DIGEST) using a secret key (KEY) and an initialisation vector (IV) and then displays the result. The digest is originally in hexadecimal so is converted to a binary string before being passed to the DECRYPT function.

Product:	RealityVersion 15.4
Help revision:	Revision 0
Help topic:	DECRYPT Function (DataBasic)
File name:	dbasic_ref03+DECRYPT_F.htm