Skip to main content
A
Anonymous
December 5, 2011
Question

SHA-1 Algorithm and Decryption in CF

  • December 5, 2011
  • 4 replies
  • 9126 views

Hello there,

I am trying to decrypt a string and I get the following error message:

"The SHA1 algorithm is not supported by the Security Provider you have chosen."

This is a small description of the system:

OS: Windows Server 2003

CF Version: 8, STANDARD

Web Server: IIS

I have successfully worked with encryption/decryption in the past, but on Enterprise versions of CF. I am wondering if the fact that CF is standard has to do with the problem.

Thanks,

    This topic has been closed for replies.

    4 replies

    A
    Anonymous
    December 7, 2011

    I got more information about the context of my question. The client is sending the SAML message (SAML response) for us to decrypt. I attached a picture with the dump of a struct. The text on xmltext is what my colleague is trying to decrypt. They also sent him some sample encrypted text which I guess is for testing the decryption.

    Jason it is probably scenario 2 or 3 of your previous response. I will get involved and figure out what is exactly going on. So in this case, the customer that we are workign with, they still must send me a private or public key to make the decryption, am I correct?  

    12Robots
    12Robots
    Participating Frequently
    December 7, 2011

    Sorry, that screen shot is no good.

    A
    Anonymous
    December 7, 2011

    Jason, this is what I got from the client on the message they are sending me.

    OIF uses Symmetric Cryptographic Algorithm to encrypt SAML message. There are 2 pieces of SAML message level security -

    1. 1. Encryption- Symmetric Cryptographic Algorithm. The ETS IDP metadata XML provided earlier has the certificate which OIF uses to encrypt to the SAML. The SAML consumer on your end must use same certificate to decrypt.

    1. 2. XML Signature - OIF also signs the SAML (XML) message with certificate, on peerless end SAML consumer must verify the signature. Again the certificate used to Sign is part of ETS IDP metadata XML provided earlier.
    12Robots
    12Robots
    Participating Frequently
    December 5, 2011

    SHA-1 is a hashing algorithm, not an encryption algorithm. As cfSearching said, it cannot be decrypted. It is a one-way street.

    Jason

    A
    Anonymous
    December 6, 2011

    I got more information on this matter. We are a getting an encrypted XML text generated from a SAML 2.0 SSO system. The XML text contains user credentials. On our end we are supposed to decrypt the file and parse the XML file to complete the login process.

    I got a couple of booklets on SAML 2.0 SSO but I cannot find what key is being used to encrypt the message, which I believe I need to know to successfully decrypt it.

    Owainnorth
    Owainnorth
    Inspiring
    December 6, 2011

    I cannot find what key is being used to encrypt the message, which I believe I need to know to successfully decrypt it.

    It would kinda defeat the object if you didn't

    -
    -__cfSearching__-
    Inspiring
    December 5, 2011

    It sounds like you are talking about a hashed value, not an encrypted string. You should not be able to reversed a hashed string (not easily anyway).

    Owainnorth
    Owainnorth
    Inspiring
    December 5, 2011

    ColdFusion 8 documentation shows supported algorithms for decrypt() are CFMX_COMPAT, AES, BLOWFISH, DES and DESEDE. So I guess that's your answer

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices