SHA-1 Algorithm and Decryption in CF

Report · Dec 05, 2011

Hello there,

I am trying to decrypt a string and I get the following error message:

"The SHA1 algorithm is not supported by the Security Provider you have chosen."

This is a small description of the system:

OS: Windows Server 2003

CF Version: 8, STANDARD

Web Server: IIS

I have successfully worked with encryption/decryption in the past, but on Enterprise versions of CF. I am wondering if the fact that CF is standard has to do with the problem.

Thanks,

Report · Dec 09, 2011

Jason, I hear you. Initially they had provided me with the certificate in a separate XML file that it's called IDP metadata file on the PeopleSoft side. When that key was not working then I was provided with an encoded text that when decoded, gives you an XML file with encryption information, key information, and data information. Let me see what I can dig futher.

Report · Dec 09, 2011

OK, so I clarified the issue of the key. The key that I am supposed to use is in the IDP metadata file. The text that I am supposed to decrypt is in the decoded XML element that I got from the SAML text.

This is the reference to the text:

XmlResponse.EncryptedAssertion.EncryptedData.CipherData.CipherValue.XmlText

THis is how I am decrypting my data --well, attempting to--

#Decrypt("#mydata#","#var.mykey#","AES")#

Where mydata is the encrypted text in XmlResponse.EncryptedAssertion.EncryptedData.CipherData.CipherValue.XmlText, var.mykey is the key in the IDP xml file that they sent me, and AES the encryption algorithm. My CF code still complains

The key specified is not a valid key for this encryption: Invalid key data length

Report · Dec 09, 2011

Then you probably need to do something else with the key before you pass it in. Encode or Decode, or somethign like that. Or if it is an encoded object then decode it back to object form and call a method on it to get the actual key (this is how many Java systems work, so don't discount it).

This is really hard to debug since you are not really offering any actual data. I can only speculate about the problem.

Jason

Report · Dec 09, 2011

Yes, I just confirmed that the code is base64 encoded. In this scenario, What is the proper format/way to decode and use the key? It's a lil tricky.

Report · Dec 09, 2011

Then try this:

#Decrypt(mydata,mykey,"AES", "Base64")#

Report · Dec 09, 2011

I still get the same exception. Interesting. I was going to attach to this the files in question but it does not let me.

Report · Dec 09, 2011

Oh wait, I wasn't thinking.

The Base64 param in Encrypt is for the MESSAGE encoding, not the key encoding. Sorry.

ok, try this then:

#Decrypt(mydata, toString(BinaryDecode(myKey, "Base64")), "AES")#

Again, without more info this is REALLY hard to debug. I understand you are reluctant to share this data (as you should be if it is real data), but maybe you could offer some sort of test examples. You offered a screenshot earier of data, but it was unradable. Can you offer anything?

If you'd rather contact me privately feel free, but much more time spent on this is going to turn into a consulting situation (Which might be cheaper than wasting any more of your time on this). Encryption is not easy. It's rarely just a matter of String + key = message, and in those cases where it is, it is because the encryption is poor. Solid crypto is hard to get right.

Jason

Report · Dec 09, 2011

I just private messaged you.

Report · Dec 09, 2011

Mmmmmm that changed the error message to: An error occurred while trying to encrypt or decrypt your input string: 65533.

We may be up to something here. I wrote a similar program in Java and I am experiencing some weird error messages complaining about my parameters on the addkeyinfo method. I feel I am close, but still missing something.

SHA-1 Algorithm and Decryption in CF

Photos