cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
1
Upvote

Decrypt() Problem

DDewbre
Participant ,
Aug 25, 2007 Aug 25, 2007
It seems that I've got a little problme when trying to decrypt a password that was encrypted when input into the system. Here is the error that I get:

There has been an error while trying to encrypt or decrypt your input string: Given final block not properly padded.

I'm not sure what this means. Here is the code I'm using to decrypt the information received from the query:

<cfset userPswd = "#Trim(FORM.Password)#">
<cfset dbPswd = "#Trim(qVerify.Employee_Password)#">
<cfset dPassword = Decrypt(dbPswd,APPLICATION.Key,"#APPLICATION.pKey1#","#APPLICATION.pKey2#")>
<cfset comparison = #Compare(userPswd, dbPswd)#>

Any help would be appreciated.
TOPICS
Getting started
4.4K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 10 Replies 10
latest latest Jump to latest reply
DDewbre
Participant ,
Aug 27, 2007 Aug 27, 2007
Does anyone know a good number to get in touch with Adobe CF support so I can get this question answered?

D
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Newsgroup_User
LEGEND ,
Aug 27, 2007 Aug 27, 2007
> Does anyone know a good number to get in touch with Adobe CF support so I can get this question answered?

According to the Adobe website, it's 800-642-3623

www.adobe.com > Support > Home > Contact Support > ColdFusion Enterprise >
Go.

Wasn't that hard to find.

--
Adam
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
DDewbre
Participant ,
Aug 27, 2007 Aug 27, 2007
In Response To Newsgroup_User
Thanks.
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Newsgroup_User
LEGEND ,
Aug 27, 2007 Aug 27, 2007
From googling about the place, it seems like you're not using the same key
to decrypt that was used to encrypt in the first place.

This sample code demonstrates it:
<cfscript>
s = "Secret";
sKeyGood = generateSecretKey("AES");
sKeyBad = generateSecretKey("AES");

sEnc = encrypt(s, sKeyGood, "AES");
sDec = decrypt(sEnc, sKeyBad, "AES");
</cfscript>
<cfdump var="#variables#">

Looking at your code, what you're doing doesn't seem sensible:
<cfset dPassword =
Decrypt(dbPswd,APPLICATION.Key,"#APPLICATION.pKey1#","#APPLICATION.pKey2#")>

The arguments for decrypt() are:
encrypted_string, key[, algorithm, encoding, IVorSalt, iterations]

So the latter two arguments you pass would not be KEYS, they'd be a string
holding an algorithm name, and a string holding an encoding scheme.

Either that, or your using some very poor variable-naming standards there.

You also don't need the quotes or the pound-signs in that expression.
Although that has nothing to do with your problem, it does clutter up your
code unnecessarily / inappropriately.

--
Adam
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
DDewbre
Participant ,
Aug 27, 2007 Aug 27, 2007
In Response To Newsgroup_User
Adam,
thanks for the response. I'm not sure what you mean about the code.. Here's the trouble shooting I've done so far:

1. I've based my code on the example on page 1212 of the Macromedia ColdFusionMX7 Application Construction Kit book

2. I've tested the encrypt and decrypt code and it works just like it's supposed to on user input from the login form (e.g. I've encrypted the password passed from the form, displayed it, and also decrypted the same encrypted password from the form and it displayed the password correctly) The problem is that it won't decrypt the password from the DB.

Since this is just testing here is the key generation code which is what I think you are eluding too:

<cfset APPLICATION.pKey1 = "DES">
<cfset APPLICATION.pKey2 = "HEX">
<cfset APPLICATION.pKey = GenerateSecretKey("#APPLICATION.pKey1#")>
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Aug 27, 2007 Aug 27, 2007
G'day
I don't the CFWACK to hand. I think we've got a copy in the office, I'll try to remember to look up that page tomorrow.

Do you KNOW that the pwds in the DB have used the same key, and same encryption and encoding schemes as that which you're trying to use to decrypt them? Because the error msg is telling you that you're not using the same key (I'm not sure if the error is the same with different encryption/encoding schemes; I only verified the key situation).

Have you written a test rig that does this:
1) takes form input of a pwd;
2) encrypts it;
3) stores it in your DB;
4) fetches it back again;
5) decrypts it;
and found this to fail? It's unclear from what you're saying as to whether that's what you're experimenting with.

What DB are you using? Is it perhaps padding the stored value with trailing spaces or something like that? If you do a compare() of the "pre database" encrypted string and the fetched-back-from-the-DB string, are they the same (compare() returning 0).

That aside, you don't generally want to DECRYPT a password. You'd simply want to ENCRYPT the user-entered pwd (say from a login form) and compare it to the encrypted value in the DB (this is why quite often one-way "encryption" like hashing is used on pwds: they can "never" be decrypted). The only time you'd want to decrypt a password would be to present it in clear text which... you should never really want to do: it's a security concern.

Is the book suggesting you do this... decrypt the pwds? Bleah. Still: it's not a security book, I guess.

My comment about your code is this:
APPLICATION.pKey1. The value of the variable *isn't a key*. It's got nothing to do with *a key*. It's the name of an encryption scheme. Ditto pKey2 (which would hold the name of an encoding scheme). pKey is the only one that's *a key*. Your variable names are inaccurate and misleading. Whether it's test code or not, it should always be written sensibly.

--
Adam
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
DDewbre
Participant ,
Aug 27, 2007 Aug 27, 2007
In Response To Deleted User
Adam,
I'm just a little slow so give me a moment to review everything you've provided. However, I think that I'm starting to understand what you're saying and need to check my code against what you're saying.

D
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
cf_dev2
Guide ,
Aug 27, 2007 Aug 27, 2007
In Response To Deleted User
>Is the book suggesting you do this... decrypt the pwds?

No. I think they're referring to the brief code sample beneath the description of the Decrypt() function in the Appendix.

Example:

<cfset key = GenerateSecretKey("DES")>
<cfset x = Encrypt("John", key, "DES", "Hex")>
<cfset y = Decrypt(x, key, "DES", "Hex")>

<p>Encrypted: <cfdump var="#x#"></p>
<p>Decrypted: <cfdump var="#y#"></p>
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Newsgroup_User
LEGEND ,
Aug 27, 2007 Aug 27, 2007
In Response To Deleted User
> I'm just a little slow so give me a moment to review everything you've
> provided. However, I think that I'm starting to understand what you're saying
> and need to check my code against what you're saying.

No worries. I'll look out for your response.

--
Adam
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
DDewbre
Participant ,
Aug 28, 2007 Aug 28, 2007
LATEST
In Response To Newsgroup_User
Adam,
I've had a chance to look at what you wrote and looked over my code and you were right. The bottom line was that I was creating a new key everytime since the key was an APPLICATION variable that was dynamically generated everytime the page was generated.

My thought is to generate a key, save it as a variable and just use that everytime. In this way I should be able to encrypt and verify the password that's been encrypted, because your right I don't want to decrypt the password I just want to compare to make sure they are the same.....of course using the same key will be useful in this.

No the book was not suggesting that I decrypt passwords it was just providing an example of how to use the decrypt function.

Thanks,
Daren
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices