Skip to main content
A
Anonymous
February 26, 2010
Question

Decryption - Arrgghh!

  • February 26, 2010
  • 5 replies
  • 10685 views

I'm having some difficulty trying to decrypt some passwords to move from one application to another [using different encryption] ... can anyone help with this

<cfscript>

rc4key = '823hjdFD00fQFSDFJweru87fsj34FS'; // plain text encryption key

passhex = '668413106F51AB'; // hex encoded password [should return test123]

EncryptedPassword = ToBase64(BinaryDecode(passhex, "Hex"));

writeoutput(EncryptedPassword); // returns ZoQTEG9Rqw==  which is base64 ?!?!?

DecryptedPassword = Decrypt( EncryptedPassword, rc4key, 'RC4','Hex'); //throws an error

writeoutput(decrypted); 

</cfscript>

And the error I get is:

An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "823hjdFD00fQFSDFJweru87fsj34FS"..

I just don't know what is not happening here, I've tested the key and password at http://crypto.hurlant.com/demo/ and gotten what I expect are correct results....  see attached.....

can anyone help?

-sean

This topic has been closed for replies.

5 replies

T
TLC-IT
Inspiring
March 15, 2010

You may find that an algorithm which accepts an RC4 key expects it to be base64 encoded.  "So," all I'm saying is, "if that is the case, then base64 encode it so that CF can immediately base64 decode it again."  In this way, you pass the necessary string into the function.

A
Anonymous
March 15, 2010

so you are suggesting something like:

passhex = '668413106F51AB';

rc4key = toBase64('823hjdFD00fQFSDFJweru87fsj34FS');

writeoutput(Decrypt( passhex, rc4key, 'RC4','Hex'));

Which gives me an "The key  specified is not a valid key for this encryption: Illegal key size or  default parameters." error.

-sean

T
TLC-IT
Inspiring
March 16, 2010

That is indeed what I was suggesting.

but ...

are you sure that the fourth parameter to Decrypt() should be 'hex'?  I don't know the answer to that.  Is this supposed to represent the encoding of the data string, or of the key?

T
TLC-IT
Inspiring
March 11, 2010

What I'm saying is... I've found that a couple of the crypto functions expect to receive a base64-encoded string.  They croak if they don't get one.

So, if what you've actually got is "the actual string," i.e. not base64-encoded, and you need to pass that string to the function, simply give it what it wants:  let the parameter simply be toBase64(your_known_string).  You hand the function the encoded version of your_known_string so that it can immediately decode it again ... producing your_known_string ... and everybody's happy now.

    A
    Anonymous
    March 11, 2010

    I still don't see what you are saying, have you tested with any code???

    all I have is the rc4key = '823hjdFD00fQFSDFJweru87fsj34FS' - used to originally encrypt the passwords,  and the encrypted password = '668413106F51AB'  in this one and only case I happen to know that password is 'test123'

    you can see in my original post that someone has figured it out, I can decode passwords one by one using that app,  just have not been able to figure oit out here...

    -sean

    T
    TLC-IT
    Inspiring
    March 8, 2010

    It wants to "base64decode" the string.

    So... simply send it a base64-encoding of the string.  Let the parameter be a function-call which encodes the actual key so that CF can happily decode it again.

    A
    Anonymous
    March 8, 2010

    nope - sorry, I don't understand your reply....

    "It wants to "base64decode" the string." - which string, what is it?

    "simply send it a base64-encoding of the string" ??

    -if you are suggesting the passwords, I don't have a decrypted version of the passwords....

    can you illustrate with a line or two of code?

    -thanks

    -sean

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    February 27, 2010

    The following test works. It may contain something for you.

    <cfscript>
    rc4key = generatesecretkey("RC4");
    writeoutput("CF-generated RC4 key: " & rc4key & "<br>");

    password = "test123";
    EncryptedPassword = encrypt(password,rc4key,"RC4","hex");
    writeoutput("Encrypted password: " & EncryptedPassword & "<br>");
    DecryptedPassword = Decrypt( EncryptedPassword, rc4key, 'RC4','Hex');
    writeoutput("Decrypted password: " & DecryptedPassword);
    </cfscript>

    A
    Anonymous
    February 27, 2010

    Hi;

    yes - it does work, but when I substitute my existing key [ rc4key = '823hjdFD00fQFSDFJweru87fsj34FS'; ] I get the error:

    An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "823hjdFD00fQFSDFJweru87fsj34FS"..

    ok, soooo the problemis with the key?

    -sean

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    February 27, 2010

    sean69 wrote:

    An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "823hjdFD00fQFSDFJweru87fsj34FS"..

    ok, soooo the problemis with the key?

    Indeed, the problem is likely with the key. I would just take Coldfusion's insurance policy,

    rc4key = generatesecretkey("RC4");

    and then store the value somewhere.

    A
    Anonymous
    February 26, 2010

    What version of CF do you have?  As far as I know RC4 is not available in the standard edition.  You need either Enterprise or additional providers installed.

    Cheers

    A
    Anonymous
    February 26, 2010


    I'm 99.9% sure RC4 is available on my server ....  I've added the extra security provider package for [see here: http://kb2.adobe.com/cps/546/e546373d.html ] and if I tail the cfserver log I get:

    01/11 15:08:23 Information [main] - Installed JSafe JCE provider: Version 3.6 RSA Security Inc. Crypto-J JCE Security Provider (implements RSA, DSA, Diffie-Hellman, AES, DES, Triple DES, DESX, RC2, RC4, RC5, PBE, MD2, MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512, HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512)

    If I, #encrypt("killbill","RC4")#, I get "(?)Y0GXZT5_,"

    so I am assuming RC4 is working....

    -sean

    [CF8 Enterprise]

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices