Livecode Wiki

Decrypt data.

Built-in Message handler[]


decrypt source using <cipher> with [password|key] <passorkey> [and salt <saltvalue>] [and IV <IVvalue>] [at bitvalue <bit>]

On failure encrypt/decrypt set the result to the appropriate error message. Like " (SSL error: bad decrypt)", note the beginning space.

On success the variable it will contain the encrypted or decrypted data.

The decrypt commands accept the source data that will be decrypted. The cipher is the name of one of the ciphers obtained using the ciphernames function.

For example usually are available the following ciphers:

  • aes-128-cbc,128
  • aes-128-cfb,128
  • aes-128-cfb1,128
  • aes-128-cfb8,128
  • aes-128-ctr,128
  • aes-128-ecb,128
  • aes-128-gcm,128
  • aes-128-ofb,128
  • aes-128-xts,256
  • aes-192-cbc,192
  • aes-192-cfb,192
  • aes-192-cfb1,192
  • aes-192-cfb8,192
  • aes-192-ctr,192
  • aes-192-ecb,192
  • aes-192-gcm,192
  • aes-192-ofb,192
  • aes-256-cbc,256
  • aes-256-cfb,256
  • aes-256-cfb1,256
  • aes-256-cfb8,256
  • aes-256-ctr,256
  • aes-256-ecb,256
  • aes-256-gcm,256
  • aes-256-ofb,256
  • aes-256-xts,512
  • aes128,128
  • aes192,192
  • aes256,256
  • bf,128
  • bf-cbc,128
  • bf-cfb,128
  • bf-ecb,128
  • bf-ofb,128
  • blowfish,128
  • camellia-128-cbc,128
  • camellia-128-cfb,128
  • camellia-128-cfb1,128
  • camellia-128-cfb8,128
  • camellia-128-ecb,128
  • camellia-128-ofb,128
  • camellia-192-cbc,192
  • camellia-192-cfb,192
  • camellia-192-cfb1,192
  • camellia-192-cfb8,192
  • camellia-192-ecb,192
  • camellia-192-ofb,192
  • camellia-256-cbc,256
  • camellia-256-cfb,256
  • camellia-256-cfb1,256
  • camellia-256-cfb8,256
  • camellia-256-ecb,256
  • camellia-256-ofb,256
  • camellia128,128
  • camellia192,192
  • camellia256,256
  • cast,128
  • cast-cbc,128
  • cast5-cbc,128
  • cast5-cfb,128
  • cast5-ecb,128
  • cast5-ofb,128
  • des,64
  • des-cbc,64
  • des-cfb,64
  • des-cfb1,64
  • des-cfb8,64
  • des-ecb,64
  • des-ede,128
  • des-ede-cbc,128
  • des-ede-cfb,128
  • des-ede-ofb,128
  • des-ede3,192
  • des-ede3-cbc,192
  • des-ede3-cfb,192
  • des-ede3-cfb1,192
  • des-ede3-cfb8,192
  • des-ede3-ofb,192
  • des-ofb,64
  • des3,192
  • desx,192
  • desx-cbc,192
  • id-aes128-GCM,128
  • id-aes192-GCM,192
  • id-aes256-GCM,256
  • rc2,128
  • rc2-40-cbc,40
  • rc2-64-cbc,64
  • rc2-cbc,128
  • rc2-cfb,128
  • rc2-ecb,128
  • rc2-ofb,128
  • rc4,128
  • rc4-40,40
  • rc4-hmac-md5,128
  • seed,128
  • seed-cbc,128
  • seed-cfb,128
  • seed-ecb,128
  • seed-ofb,128

The password or key specifies the password or key that will be use for encryption or decryption as determined by the keyword before it. If you specify key, then the key needs to be the same size (in bits, eight per byte) as the specified cipher key length. The key may optionally be accompanied by the IV value used by some ciphers (for example AES). If you specify password or don't specify a key mode, then a password, tyically text, will be used. The password may optionally be accompanied by a saltvalue. The bits specifies the key length in bits (for example, 64, 128, 192 or 256) and may be zero or empty for the default length (that listed with the cipherNames function). Some ciphers have fixed key lengths and using an unsupported value will result in an error.

The key and IV value are the fundamental determiner in block ciphers. The IV value is typically the width (in bits) of the block associated with the cipher. The default value is zero. Its use is beyond the scope of this documentation.

The password and salt value are combined and scrambled to form the key and IV value which are used as described above. The key derivation process is the same as that used in the openSSL utility. A 16-byte salt prefix is prepended to the encrypted data, based on the salt value. This is used in decryption. If no salt value is specified for a password, one is randomly generated. The use of a randomized salt value is a protection against dictionary attacks.

Some modes of block ciphers will pad data to be a multiple of block size. The padding method is that used by the openSSL utility and is a minimum of one byte.

To use OpenSSL functionality with LiveCode, make sure that the openssl shared library is installed, and in a place where LiveCode can find it. It is pre-installed with OSX. You can download and build OpenSSL at and distribute with your apps. LiveCode includes a prebuilt openssl dll which is required to use OpenSSL for windows (libeay32.dll) which needs to be in the application, current, or system directory. If LiveCode cannot load SSL, it will return the error in the result "ssl library not found".

The decrypt command is part of the SSL & Encryption library. To ensure that the command works in a standalone application, you must include this custom library when you create your standalone. In the Inclusions section on the General screen of the Standalone Application Settings window, make sure "SSL & Encryption" is selected in the list of script libraries.

See Also: encrypt Command, decrypt using rsa Command, encrypt using rsa Command