Home > Language Reference > Classes > StreamCipher

InitAES Method

Sets the encoding/decoding scheme to AES.

Syntax

Public Sub InitAES(ByRef sKey As String, ByVal iKeyLen As Integer, Optional ByVal lSize As Long = 0)

Remarks

The InitAES method sets the encoding/decoding scheme to AES, and allocates the necessary internal buffers. If the object was already initialized, buffers allocated for the previous encoding scheme are freed, and any pending data are lost.

AES is a block encryption algorithm adopted as a standard by the US government. It does not run as quickly as other algorithms, but it is expected to be highly secure. Detailed information on AES can easily be found on the internet.

The algorith needs a private key, which must be specified in the sKey parameter at the time the object is initialized, and cannot be changed later. For security reasons, it is strongly advised not to store this private key in your executable, as in the following naive example:

Dim c As New StreamCipher
c.InitAES "A Private Key" ' This string can easily be found in your compiled executable

Instead, you should encrypt the key itself, and/or store it in a separate database. If the design of your application allows this, an even more secure approach would be not to store the key, but to derive it from available data. For example, you could generate a key by applying a secure hash function to the device serial number, or to any user input such as a password.

A key length is also required in the iKeyLen parameter. Note that this is not the actual size of the string specified in the sKey parameter, but the strength of the encryption. This parameter is expressed in number of bits, and can be either 128, 192 or 256. Any other value raises a runtime error.

Finally, the lSize parameter specifies the total number of bytes to be encoded or decoded, and selects the mode of operation as described below:

• If zero is passed, the StreamCipher object only performs basic AES encoding/decoding. As the algorithm can only operate on 16-byte blocks, null bytes will be appended if necessary at the end of the input stream when encoding (ie when the Flush method is called). Of course, when decoding, those extra null bytes will end up in the output stream.

• On the other hand, if you specify a data size, the StreamCipher object performs advanced AES encoding/decoding. In this mode, a header and a footer are appended to the data stream, and data integrity is checked on deciphered data. The number of bytes read or written through the stream between each call to the Flush method must exactly match the number of bytes specified in this parameter, otherwise unexpected behaviors occur.

In either mode of operation, the Flush method must always be called to finalize operations.

System requirements