1) Original 24 character Key used for encryption: 7+8Jh+dWEf123456789087==
We decided on this key because we couldn't get the padding to work, and I generated one in CF using the generateSecretKey() function. This then gave me some rules to define a key that wouldn't cause us problems. And we will change it again once we go to production. 2) Data before encyption - original clear text: 98817:7&[EMAIL PROTECTED] 3) Data after .NET encryption cipherText: ¤ªáQk \¬¶8j *M¡QÝwx¹^Vð½_<[1] Ò¸¬Ö ÏDoU\' GÕ(R)м£>+£ì ´ He has then been base64 encoding the cipher text to make it easier to pass through the URL. Other things I noticed: .NET using a component built and installed into FoxPro, http://www.sweetpotatosoftware.com/SPSBlog/CommentView,guid,5d4a0cf0-7d1d-4353-a49b-667946ff1c81.aspx The encrypted string is not in UTF-8, and CF expects UTF-8 I updated the jar files to cope with 24 bit keys as per the technote http://www.adobe.com/go/e546373d (although CF seemed to be able to generate and decypt AES 24 ok before this upgrade) We cant use another AES mode such as CFB because he has no knowledge of the IV, however he is going to contact the original developer to see if this is hard coded and not exposed in the DLL. On 10/17/07, Pat Branley <[EMAIL PROTECTED]> wrote: > > > Duncan > > What I think is happening is that CF expects the key to be Base64 > encoded, hence the problems with &, ^ and the need for == at the end. > Try using the 'sun.misc.BASE64Encoder' class to encode the key before > passing it to the decrypt / encrypt functions. > > Pat > > On Oct 17, 10:22 am, Duncan <[EMAIL PROTECTED]> wrote: > > I am waiting on the third party to redo the encryption with a key that > > doesn't have any required padding i.e. they provide a full 24 char > > string) and doesn't have any of the identified dodgy chars & and ^ > > > > 'It works fine' means encrypting and decrypting within CF using an > > example such as Pete Freitags > entryhttp://www.petefreitag.com/item/222.cfmAnd substituting the > > GenerateSecretKey() with a hand written key. > > > > So far I have only established that CF has some issues with the key he > > provided. I have no idea if we will be able to decrypt it properly > > yet. > > > > I will update with some more info once I get a new key from the .NET > guy! > > > > On 10/16/07, MrBuzzy <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > Hi Duncan, you had a lot of stuff going on there :) > > > > > When you say 'it works fine'... have you soled your problem? Or only > part? > > > > > Perhaps you could post the updated source code. > > > > > Cheers. > > > > > On 10/16/07, Duncan <[EMAIL PROTECTED]> wrote: > > > > > > So far in my investigation and trial and error, I have discovered > that > > > > the AES key you use cannot have ^ or & in it. The key we were > provided > > > > by the .NET side did have these in. Another thing is that padding to > > > > 24 characters renders the error " The key specified is not a valid > key > > > > for this encryption: Invalid AES key length: 7 bytes" - 7 bytes? Its > > > > like CF doesnt even see the extra spaces. So I replaced the spaces > > > > with 3's and I get an 18 byte string? What in the wierd? > > > > > > Replace the last 2 characters with == and it works fine, my manually > > > > generated key is 7+8sh+dWEf333333333333== > > > > > > I am putting this out there because its causing me no end of > problems, > > > > and I cant find anything out in google land or on blogs about this. > > > > > > On 10/16/07, Duncan <[EMAIL PROTECTED]> wrote: > > > > > I hope someone with a little knowledge of Encryption and AES stuff > can > > > > > help me out with how to use a provided key to decrypt some info. > > > > > > > Your time here would be greatly appreciated. Details below. > > > > > > > On 10/15/07, Duncan < [EMAIL PROTECTED]> wrote: > > > > > > Hi all, > > > > > > > > I have a token that is being passed in via the URL, that is > generated > > > > > > in a .NET program. I am having trouble decoding it in CF 8 so I > was > > > > > > hoping that someone could give me a hand. I am very frustrated > with > > > > > > this as this is my first dive into AES. > > > > > > > > The .NET developer gave me the following instructions: > > > > > > > > These are the steps needed to return the key in the email back > to it's > > > > > > original state > > > > > > > > 1. URLDecode the key > > > > > > 2. Convert result to decoded base64 binary > > > > > > 3. Remove chr(0) from end of string > > > > > > 4. Decrypt from AES192 (requires a 24 character > Key). Hence > > > > > > make sure you pad the hash key with spaces at the end up to 24 > > > > > > characters > > > > > > > > And here is what I have code wise now (I changed the key to keep > it > > > private): > > > > > > > > <cfoutput> > > > > > > <!--- comes in via URL ---> > > > > > > <cfset > > > > forDec="OTg4MTc6NjcmOEpoXmRXRWY0JSVHWUcqb2xpa3VqZGxveHRvbkByZWQ1LmNvbS5hdQ%3D%3D"> > > > > > > <!--- padded with spaces to make 24 chars ---> > > > > > > <cfset key="7&KSK^8SID "> > > > > > > <br />#forDec# > > > > > > <!--- 1. URLDecode the key ---> > > > > > > <cfset forDec = URLDecode(forDec)> > > > > > > <br />#forDec# > > > > > > <!--- 2. Convert result to decoded base64 binary ---> > > > > > > <cfset forDec = BinaryDecode(forDec,"base64")> > > > > > > <!--- we now have binary object ---> > > > > > > <cfdump var="#forDec#"> > > > > > > <!---3. Remove chr(0) from end of string ---> > > > > > > <!--- I cant put a trim on to a binary object, nor can I do a > > > > > > ReplacenoCase() ---> > > > > > > > > <!---4. Decrypt from AES192 (requires a 24 character > Key). Hence > > > > > > make sure you pad the hash key with spaces at the end up to 24 > > > > > > characters---> > > > > > > <cfset key = Decrypt(forDec,key,"AES","base64")> > > > > > > </cfoutput> > > > > > > > > This results in a bytearray cannot be converted to strings > error. So I > > > > > > tried forDec.toString(), but every request this generates a > different > > > > > > value - how can this be? > > > > > > > > <cfset key = > > > > Decrypt(BinaryEncode(forDec,"base64"),BinaryDecode(key,"base64"),"AES","base64")> > > > > > > > > Results in getting an error that " The input and output > encodings are > > > > > > not same." > > > > > > > > I am at a loss and tearing my hair out - can anyone help me out > > > here??? > > > > > > > > -- > > > > > > Duncan I Loxton > > > > > > [EMAIL PROTECTED] > > > > > > > -- > > > > > Duncan I Loxton > > > > > [EMAIL PROTECTED] > > > > > > -- > > > > Duncan I Loxton > > > > [EMAIL PROTECTED] > > > > -- > > Duncan I Loxton > > [EMAIL PROTECTED] Hide quoted text - > > > > - Show quoted text - > > > > > -- Duncan I Loxton [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
