RC4decrypt and RC4encrypt (String functions)

From m204wiki
Jump to navigation Jump to search

RC4 encryption or decryption (String class)

RC4decrypt and RC4encrypt are synonyms for the intrinsic function to return a binary string that is the method object string encrypted or decrypted with the specified RC4 encryption key. The length of the returned string is the same as that of the object string.

RC4 is a two-way, or symmetric, stream cipher (algorithm), so encrypting a string with a key and then decrypting the result of that encryption with the same key produces the original string. That is, the following assertion should always hold:

assert %string:rc4encrypt(%key):rc4decrypt(%key) eq %string

You can use RC4decrypt to "document" that you are decrypting, and use RC4encrypt to "document" that you are encrypting. In the remainder of this article, you can use RC4decrypt and RC4encrypt interchangeably.


%outString = string:RC4decrypt( key)

%outString = string:RC4encrypt( key)

Syntax terms

%outString A string variable to receive the encrypted or decrypted method object string. Its length is the same as string.
string The string to which the method is applied.
key A string variable whose value is used to encrypt or decrypt the method object string. The key is transformed and then combined with the object string. This key value must not be null nor longer than 255 bytes. (RC4 keys are rarely longer than 64 bytes.)

Usage notes

  • A complete explanation of RC4 encryption can easily be found on the Internet.
  • You are not prevented from creating confusion by encrypting with RC4decrypt and decrypting with RC4encrypt.
  • The key value you provide is (internally) concatenated with itself until it reaches 256 bytes and becomes the "true" key that participates in the encryption algorithm. A consequence of this is that a key that consists of text that repeats will produce the same encryption result as the text alone (without its repetitions). For example, the eight-byte key 'AAAAAAAA' is no stronger than the one-byte key 'A', so it is not very secure. Similarly, the ten-byte key 'ababababab' is no stronger than the two-byte key 'ab'.
  • RC4 is the former default stream cipher used in Janus Network Security.


In the following example, the output string from the RC4encrypt method is assigned to a variable, converted to hex using the StringToHex intrinsic function to reveal its non-displayable characters, then decrypted to return the original input string:

%string = 'this is a test':rc4encrypt('key') printText {~} is {%string:stringTohex} printText {~} is: {%string:rc4decrypt('key')}

The result is:

%string:stringTohex is E15655DAC416D10ACB3730FA22D2 %string:rc4decrypt('key') is: this is a test

See also