1e41f4b71Sopenharmony_ci# Encryption and Decryption with an AES Symmetric Key (CBC Mode) (C/C++)
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ci
4e41f4b71Sopenharmony_ciFor details about the algorithm specifications, see [AES](crypto-sym-encrypt-decrypt-spec.md#aes).
5e41f4b71Sopenharmony_ci
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci## Adding the Dynamic Library in the CMake Script
8e41f4b71Sopenharmony_ci```txt
9e41f4b71Sopenharmony_ci   target_link_libraries(entry PUBLIC libohcrypto.so)
10e41f4b71Sopenharmony_ci```
11e41f4b71Sopenharmony_ci
12e41f4b71Sopenharmony_ci## How to Develop
13e41f4b71Sopenharmony_ci
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ci**Encryption**
16e41f4b71Sopenharmony_ci
17e41f4b71Sopenharmony_ci1. Use [OH_CryptoSymKeyGenerator_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_create) and [OH_CryptoSymKeyGenerator_Generate](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_generate) to generate a 128-bit AES symmetric key (**OH_CryptoSymKey**).
18e41f4b71Sopenharmony_ci   
19e41f4b71Sopenharmony_ci   In addition to the example in this topic, [AES](crypto-sym-key-generation-conversion-spec.md#aes) and [Randomly Generating a Symmetric Key](crypto-generate-sym-key-randomly-ndk.md) may help you better understand how to generate an AES symmetric key. Note that the input parameters in the reference documents may be different from those in the example below.
20e41f4b71Sopenharmony_ci
21e41f4b71Sopenharmony_ci2. Use [OH_CryptoSymCipher_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_create) with the string parameter **'AES128|CBC|PKCS7'** to create a **Cipher** instance. The key type is **AES128**, block cipher mode is **CBC**, and the padding mode is **PKCS7**.
22e41f4b71Sopenharmony_ci
23e41f4b71Sopenharmony_ci3. Use [OH_CryptoSymCipherParams_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_create) to create a symmetric cipher parameter instance, and use [OH_CryptoSymCipherParams_SetParams](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_setparam) to set cipher parameters.
24e41f4b71Sopenharmony_ci
25e41f4b71Sopenharmony_ci4. Use [OH_CryptoSymCipher_Init](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_init) to initialize the **Cipher** instance. Specifically, set **mode** to **CRYPTO_ENCRYPT_MODE**, and specify the key for encryption (**OH_CryptoSymKey**) and the encryption parameter instance (**OH_CryptoSymCipherParams**) corresponding to the CBC mode.
26e41f4b71Sopenharmony_ci
27e41f4b71Sopenharmony_ci5. If a small amount of data is to be encrypted, use [OH_CryptoSymCipher_Final](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_final) to generate the encrypted data. If a large amount of data is to be encrypted, you can call [OH_CryptoSymCipher_Update](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_update) multiple times to pass in the data by segment, and then use **OH_CryptoSymCipher_Final** to generate the ciphertext.
28e41f4b71Sopenharmony_ci
29e41f4b71Sopenharmony_ci6. Use [OH_CryptoSymKeyGenerator_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_destroy), [OH_CryptoSymCipher_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_destroy), and [OH_CryptoSymCipherParams_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_destroy) to destroy the instances created.
30e41f4b71Sopenharmony_ci
31e41f4b71Sopenharmony_ci
32e41f4b71Sopenharmony_ci**Decryption**
33e41f4b71Sopenharmony_ci
34e41f4b71Sopenharmony_ci
35e41f4b71Sopenharmony_ci1. Use [OH_CryptoSymCipher_Init](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_init) initializes the **Cipher** instance. Specifically, set **mode** to **CRYPTO_DECRYPT_MODE**, and specify the key for decryption (**OH_CryptoSymKey**) and the decryption parameter instance (**OH_CryptoSymCipherParams**) corresponding to the CBC mode.
36e41f4b71Sopenharmony_ci
37e41f4b71Sopenharmony_ci2. If a small amount of data is to be decrypted, use [OH_CryptoSymCipher_Final](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_final) to generate the decrypted data. If a large amount of data is to be decrypted, you can call [OH_CryptoSymCipher_Update](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_update) multiple times to pass in the data by segment, and then use **OH_CryptoSymCipher_Final** to generate the plaintext.
38e41f4b71Sopenharmony_ci
39e41f4b71Sopenharmony_ci
40e41f4b71Sopenharmony_ci
41e41f4b71Sopenharmony_ci```c++
42e41f4b71Sopenharmony_ci#include "CryptoArchitectureKit/crypto_common.h"
43e41f4b71Sopenharmony_ci#include "CryptoArchitectureKit/crypto_sym_cipher.h"
44e41f4b71Sopenharmony_ci
45e41f4b71Sopenharmony_cistatic OH_Crypto_ErrCode doTestAesCbc()
46e41f4b71Sopenharmony_ci{
47e41f4b71Sopenharmony_ci    OH_CryptoSymKeyGenerator *genCtx = nullptr;
48e41f4b71Sopenharmony_ci    OH_CryptoSymCipher *encCtx = nullptr;
49e41f4b71Sopenharmony_ci    OH_CryptoSymCipher *decCtx = nullptr;
50e41f4b71Sopenharmony_ci    OH_CryptoSymKey *keyCtx = nullptr;
51e41f4b71Sopenharmony_ci    OH_CryptoSymCipherParams *params = nullptr;
52e41f4b71Sopenharmony_ci    Crypto_DataBlob outUpdate = {.data = nullptr, .len = 0};
53e41f4b71Sopenharmony_ci    Crypto_DataBlob decUpdate = {.data = nullptr, .len = 0};
54e41f4b71Sopenharmony_ci    uint8_t plainText[] = "this is test!";
55e41f4b71Sopenharmony_ci    Crypto_DataBlob msgBlob = {.data = reinterpret_cast<uint8_t *>(plainText), .len = sizeof(plainText)};
56e41f4b71Sopenharmony_ci    uint8_t iv[16] = {0};
57e41f4b71Sopenharmony_ci    Crypto_DataBlob ivBlob = {.data = iv, .len = sizeof(iv)};
58e41f4b71Sopenharmony_ci    // Generate a symmetric key.
59e41f4b71Sopenharmony_ci    OH_Crypto_ErrCode ret;
60e41f4b71Sopenharmony_ci    ret = OH_CryptoSymKeyGenerator_Create("AES128", &genCtx);
61e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
62e41f4b71Sopenharmony_ci        goto end;
63e41f4b71Sopenharmony_ci    }
64e41f4b71Sopenharmony_ci    ret = OH_CryptoSymKeyGenerator_Generate(genCtx, &keyCtx);
65e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
66e41f4b71Sopenharmony_ci        goto end;
67e41f4b71Sopenharmony_ci    }
68e41f4b71Sopenharmony_ci    
69e41f4b71Sopenharmony_ci    // Set parameters.
70e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_Create(&params);
71e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
72e41f4b71Sopenharmony_ci        goto end;
73e41f4b71Sopenharmony_ci    }
74e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_IV_DATABLOB, &ivBlob);
75e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
76e41f4b71Sopenharmony_ci        goto end;
77e41f4b71Sopenharmony_ci    }
78e41f4b71Sopenharmony_ci    
79e41f4b71Sopenharmony_ci    // Encrypt data.
80e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Create("AES128|CBC|PKCS7", &encCtx);
81e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
82e41f4b71Sopenharmony_ci        goto end;
83e41f4b71Sopenharmony_ci    }
84e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Init(encCtx, CRYPTO_ENCRYPT_MODE, keyCtx, params);
85e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
86e41f4b71Sopenharmony_ci        goto end;
87e41f4b71Sopenharmony_ci    }
88e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Final(encCtx, &msgBlob, &outUpdate);
89e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
90e41f4b71Sopenharmony_ci        goto end;
91e41f4b71Sopenharmony_ci    }
92e41f4b71Sopenharmony_ci    
93e41f4b71Sopenharmony_ci    // Decrypt data.
94e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Create("AES128|CBC|PKCS7", &decCtx);
95e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
96e41f4b71Sopenharmony_ci        goto end;
97e41f4b71Sopenharmony_ci    }
98e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Init(decCtx, CRYPTO_DECRYPT_MODE, keyCtx, params);
99e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
100e41f4b71Sopenharmony_ci        goto end;
101e41f4b71Sopenharmony_ci    }
102e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Final(decCtx, &outUpdate, &decUpdate);
103e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
104e41f4b71Sopenharmony_ci        goto end;
105e41f4b71Sopenharmony_ci    }
106e41f4b71Sopenharmony_ci
107e41f4b71Sopenharmony_ciend:
108e41f4b71Sopenharmony_ci    OH_CryptoSymCipherParams_Destroy(params);
109e41f4b71Sopenharmony_ci    OH_CryptoSymCipher_Destroy(encCtx);
110e41f4b71Sopenharmony_ci    OH_CryptoSymCipher_Destroy(decCtx);
111e41f4b71Sopenharmony_ci    OH_CryptoSymKeyGenerator_Destroy(genCtx);
112e41f4b71Sopenharmony_ci    OH_CryptoSymKey_Destroy(keyCtx);
113e41f4b71Sopenharmony_ci    OH_Crypto_FreeDataBlob(&outUpdate);
114e41f4b71Sopenharmony_ci    OH_Crypto_FreeDataBlob(&decUpdate);
115e41f4b71Sopenharmony_ci    return ret;
116e41f4b71Sopenharmony_ci}
117e41f4b71Sopenharmony_ci```
118