Full Version: Aes Cipher Block Chaining Encrypt / Decrypt
UtterAccess Forums > Microsoft® Access > Access Forms
I have searched both this forum and google for a VBA only (no dlls) AES cipher block chaining encrypt / decrypt code with the following parameters:

Sub AES(Text As String, Key As String, Encrypt As Boolean)

but nothing seems available.

The closest I’ve come is the code (Attached) but it requires sections removing like the hard coded password and the parameters and their code need changing to what I need as stated above.

Can anyone help me with these changes?
Hello DanielPineault and thank you for your reply.

I had seen them and they don't do what i have asked for in this post.

The first one has no working example, the second has an example but not as good as mine here and not with the correct parameters either so would rather get this one working as I posted here and the third one uses ChilkatCrypt2 infact all his examples are along those lines.
Patrick, I don't know where you got that code and without documentation, we might be steering you wrong.

If you need encryption in VBA, and you need to be able to use string, consider using blowfish? There are helper function so that you can just decrypt/crypt strings directly if you want.

Hello BananaRepublic and thank you for your reply.

> without documentation, we might be steering you wrong.

Unfortunately there is no documentation, I was hoping someone with advanced VBA skills or knowledge of algorithms or both would be able to make these changes, any changes could be helpful.

> If you need encryption in VBA, and you need to be able to use string, consider using blowfish

Blowfish was the direct predecessor to Twofish. Twofish was Bruce Schneier's entry into the competition that produced AES. It was judged as inferior to an entry named Rijndael, which was what became AES.

I really am look to get this AES code working or for an example someone may already have done.
Patricia, the problem is that you actually don't need someone with advanced VBA skills. What you do need is someone who actually understand the cryptography and the math behind it; otherwise you won't know if this is a valid cipher. If you find a way to test the produced cipher text can be correctly de-crypted back into plain text without giving you garage by some other software then you can verify.

This is what I can guess from the parameters:

1) sPlain = the plain text that you want to encrypt
2) sPass = the password / key you want to use
3) sNonce As String = the salt. You should be generating a random string like "$#2#VDFDADW" or whatever and storing it aside the cipher text. It is used together with the password to decrypt
4) isEncode = This is hard one. My best guess is to indicate it's Unicode but I'm not 100% sure. You need to verify that with some other software that will decrypt the AES and see what value you need to set.

Oh an important note I forgot to emphasize regarding the nonce/salt. The whole point of this is to thwart dictionary attack so for each plaintext you want to encrypt, you must generate a entirely new nonce. You should not be reusing nonce but you do need to reuse the same password that was used to encrypt the cipher text back into plain text. Since you store the nonce with the cipher text (perhaps as a 2nd column in a table for example), there is no need for user to enter the nonce themselves (neither should they be).
BananaRepublic thank you for your comments, your explanation of the parameters has led me to think maybe I could use the code almost as it is?

Can you explain why the sPass has been hard coded in the sub

If sPass = "" Then sPass = "password"

And do you understand enough to remove all instances of this hard coding from the sub?

Can you then provide an example of calling the sub to encrypt a string?

And then how to decrypt it?
Patricia, it's not really hard-coding but more like defaulting - meaning that if you didn't pass in anything, it defaults the sPass to value of "password" (obviously very weak key). I am assuming it is there so that there is no error arising from passing in empty string to the sPass.

Also, I think I'm wrong on isEncode parameter initially - looking at the code, when isEncode = true, we call sbox but when it's not true, we call sboxinv, which i read as "inverse of sbox" so therefore, to encrypt, isEncode = true, and to decrypt, isDecode=false.
You may wish to review https://github.com/steveno/VBA-scripts/tree/master/enc_hash which appears to be a complete VB project built upon this function to see how it is implemented.
DanielPineault I have seen this example also but it's coded for use with a file so would need even more work than my version here.
BananaRepublic would then just removing this one line

If sPass = "" Then sPass = "password"

remove all instances of the 'defaulting'?

> and to decrypt, isDecode=false

I didn't know there was a isDecode?
Sure but I wouldn't, actually. I am assuming that it is a bad thing™ to send in "" (even by accident).

So I'd change that line to:

If Len(sPass) = 0 Then Err.Raise vbObjectError, "AES", "Invalid argument for sPass"

That will help you verify that the code is used correctly and not have any defaults.

No, I mistyped; isEncode, not isDecode.
BananaRepublic OK so I think I understand so far, we're saying the line could be removed requiring the value to be entered as a parameter and your recoding prevents a possible error from occurring.

> No, I mistyped; isEncode, not isDecode

I was afraid you might say that because I tried isEncode=False to decrypt and it didn’t return the original string but some different encrypted string?
Bummer. I guess you are missing the decrypt procedure then. Many time, they provide 2 procedure separately, one to encrypt, other to decrypt.
This is a "lo-fi" version of UA. To view the full version with more information, formatting and images, please click here.