Skip to main content
Tayyab Hussain
Tayyab Hussain
Inspiring
October 11, 2017
Answered

ColdFusion Encryption

  • October 11, 2017
  • 4 replies
  • 1583 views

I have the following PHP Code that uses an AES/ECB/PKCS5Padding

PHP Code:

$hashRequest = '';

$hashKey = 'HM53BC0C176Z58PV';

$mapString='

amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=3528'

// Encrypting mapString

function pkcs5_pad($text, $blocksize) {

      $pad = $blocksize - (strlen($text) % $blocksize);

      return $text . str_repeat(chr($pad), $pad);

}

$alg = MCRYPT_RIJNDAEL_128; // AES

$mode = MCRYPT_MODE_ECB; // ECB

$iv_size = mcrypt_get_iv_size($alg, $mode);

$block_size = mcrypt_get_block_size($alg, $mode);

$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);

$mapString = pkcs5_pad($mapString, $block_size);

$crypttext = mcrypt_encrypt($alg, $hashKey, $mapString, $mode, $iv);

$hashRequest = base64_encode($crypttext);

// end encryption;

My ColdFusion Code So Far

<cfset mapString = "amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=352" />

<cfset theKey = toBase64("HM53BC0C176Z58PV") />

<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />

<cfset theEncoding = "base64" />

<cfset theIV = "HM53BC0C176Z58PV" />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />

<cfoutput>#encryptedString#</cfoutput>

The Results are different

Can Any one Help

This topic has been closed for replies.
Correct answer Tayyab Hussain

Hello

I think I have resolved the Issue

<cfset input = "amount=30.0&autoRedirect=0&emailAddr=me@.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=shopping cart id">

<!---

    Generate a secret key. We are going to be using a more complex

    form of encryption; however, we can still tell the key-generator

    that we are simply using AES (Advanced Encryption Standard).

--->

<cfset encryptionKey = toBase64("HM53BC0C176Z58PV") />

<!---

    Now, let's encrypt our secret message with AES, This AES approach

breaks the data up into blocks,encrypts them individually,

and passes the result into the next block of encryption (.... I think).

--->

<cfset hashRequest = encrypt(

    input,

    encryptionKey,

    "AES",

    "base64"

    ) />

<!---

    Now, let's decode our secret using AES  and our secret key.

--->

<cfset decoded = decrypt(

    hashRequest,

    encryptionKey,

    "AES",

    "base64"

    ) />

<cfoutput>

    Original: #input#<br />

    <br />

    Secret: #hashRequest#<br />

    <br />

    Decoded: #decoded#<br />

</cfoutput>

(Email address and shopping cart id removed by moderator)

4 replies

Tayyab Hussain
Tayyab HussainAuthorCorrect answer
Inspiring
October 16, 2017

Hello

I think I have resolved the Issue

<cfset input = "amount=30.0&autoRedirect=0&emailAddr=me@.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=shopping cart id">

<!---

    Generate a secret key. We are going to be using a more complex

    form of encryption; however, we can still tell the key-generator

    that we are simply using AES (Advanced Encryption Standard).

--->

<cfset encryptionKey = toBase64("HM53BC0C176Z58PV") />

<!---

    Now, let's encrypt our secret message with AES, This AES approach

breaks the data up into blocks,encrypts them individually,

and passes the result into the next block of encryption (.... I think).

--->

<cfset hashRequest = encrypt(

    input,

    encryptionKey,

    "AES",

    "base64"

    ) />

<!---

    Now, let's decode our secret using AES  and our secret key.

--->

<cfset decoded = decrypt(

    hashRequest,

    encryptionKey,

    "AES",

    "base64"

    ) />

<cfoutput>

    Original: #input#<br />

    <br />

    Secret: #hashRequest#<br />

    <br />

    Decoded: #decoded#<br />

</cfoutput>

(Email address and shopping cart id removed by moderator)

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
October 16, 2017

Hi Tayyab Hussain,

Thanks for sharing that with us.

Tayyab Hussain
Tayyab HussainAuthor
Inspiring
October 16, 2017

Dear BKBK,

What I think is that I'am not setting <cfset theIV = "HM53BC0C176Z58PV" /> correctly, If this sets then I think it might work

Regards

Tayyab Hussain

Tayyab Hussain
Tayyab HussainAuthor
Inspiring
October 14, 2017

Hello BKBK,

I tried with the correction made to storeid

The results in PHP

+gsH3CaifLXzoJ4TiCyqf7TPK+HnBaUEv3j5Fz41P1omhRoMOzCGcZHkYB7QfBqqlHOCBbcw8pn9lWd2JshYiQ8A2adAzdORxq2ug60YQKY1g9yhAcaoHaPouAkEJ5D/3ZZORvxfBZvwWcDzz7BmTwawCiKet5VBhLruTsiHPY/x6DETR2gIAKp34cPwJmHSTFH2+c41PqfrySW8MqX9MxcG1x/A2ADMA7wE2nMirNlEDv+IVPF//Cjknv8K2XSJR6rdy46eiwbWnHmDpBMk4AfcKDxk7fTu2JZp7SVvkj7xIWpUS+7H9ZHTFP5VFPVl

The Results in CF

KjCDw7J4UP1NGTeBZpfKIasd3Wkn9xyIZDs3AC5BPMwLSsJwoB51TOxWzusupJGpjA3QUs3Np2ZJkAHqwLvXrik1PVNXZ09KEK14RGLtx0zrXg7Ze+4IyVI1thvnFVtRbLl69NZPk9zQ+Nt/C3TVV1H22ty6jcEOdue7ouPsNfNnZqu3mAaukVvMqh4+FRXbhkXLSa5ze5VdNDkBq78TQ05JNDWMCiDrF55OeJR0/QgRlB7SFL4kNoMkhxEfkc6nuhP2jhirfubuDi1Sto6LUBtyJB5A7orqzd27CzCzKFwnrlrn3bvLSJbKFj2FL1Qc

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
October 15, 2017

Someone gave an explanation and an example in the Stackoverflow website.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
October 14, 2017

Before we go any further, the storeID in the PHP query-string is 3528, whereas it is 352 in the ColdFusion query-string.

Tayyab Hussain
Tayyab HussainAuthor
Inspiring
October 14, 2017

Sorry my bad... stories

is  3528

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices