Highlighted

ColdFusion Encryption

Explorer ,
Oct 11, 2017

Copy link to clipboard

Copied

I have the following PHP Code that uses an AES/ECB/PKCS5Padding

PHP Code:

$hashRequest = '';

$hashKey = 'HM53BC0C176Z58PV';

$mapString='

amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=3528'

// Encrypting mapString

function pkcs5_pad($text, $blocksize) {

      $pad = $blocksize - (strlen($text) % $blocksize);

      return $text . str_repeat(chr($pad), $pad);

}

$alg = MCRYPT_RIJNDAEL_128; // AES

$mode = MCRYPT_MODE_ECB; // ECB

$iv_size = mcrypt_get_iv_size($alg, $mode);

$block_size = mcrypt_get_block_size($alg, $mode);

$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);

$mapString = pkcs5_pad($mapString, $block_size);

$crypttext = mcrypt_encrypt($alg, $hashKey, $mapString, $mode, $iv);

$hashRequest = base64_encode($crypttext);

// end encryption;

My ColdFusion Code So Far

<cfset mapString = "amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=352" />

<cfset theKey = toBase64("HM53BC0C176Z58PV") />

<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />

<cfset theEncoding = "base64" />

<cfset theIV = "HM53BC0C176Z58PV" />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />

<cfoutput>#encryptedString#</cfoutput>

The Results are different

Can Any one Help

Hello

I think I have resolved the Issue

<cfset input = "amount=30.0&autoRedirect=0&emailAddr=me@.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=shopping cart id">

<!---

    Generate a secret key. We are going to be using a more complex

    form of encryption; however, we can still tell the key-generator

    that we are simply using AES (Advanced Encryption Standard).

--->

<cfset encryptionKey = toBase64("HM53BC0C176Z58PV") />

<!---

    Now, let's encrypt our secret message with AES, This AES approach

breaks the data up into blocks,encrypts them individually,

and passes the result into the next block of encryption (.... I think).

--->

<cfset hashRequest = encrypt(

    input,

    encryptionKey,

    "AES",

    "base64"

    ) />

<!---

    Now, let's decode our secret using AES  and our secret key.

--->

<cfset decoded = decrypt(

    hashRequest,

    encryptionKey,

    "AES",

    "base64"

    ) />

<cfoutput>

    Original: #input#<br />

    <br />

    Secret: #hashRequest#<br />

    <br />

    Decoded: #decoded#<br />

</cfoutput>

(Email address and shopping cart id removed by moderator)

Views

945

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion Encryption

Explorer ,
Oct 11, 2017

Copy link to clipboard

Copied

I have the following PHP Code that uses an AES/ECB/PKCS5Padding

PHP Code:

$hashRequest = '';

$hashKey = 'HM53BC0C176Z58PV';

$mapString='

amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=3528'

// Encrypting mapString

function pkcs5_pad($text, $blocksize) {

      $pad = $blocksize - (strlen($text) % $blocksize);

      return $text . str_repeat(chr($pad), $pad);

}

$alg = MCRYPT_RIJNDAEL_128; // AES

$mode = MCRYPT_MODE_ECB; // ECB

$iv_size = mcrypt_get_iv_size($alg, $mode);

$block_size = mcrypt_get_block_size($alg, $mode);

$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);

$mapString = pkcs5_pad($mapString, $block_size);

$crypttext = mcrypt_encrypt($alg, $hashKey, $mapString, $mode, $iv);

$hashRequest = base64_encode($crypttext);

// end encryption;

My ColdFusion Code So Far

<cfset mapString = "amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=352" />

<cfset theKey = toBase64("HM53BC0C176Z58PV") />

<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />

<cfset theEncoding = "base64" />

<cfset theIV = "HM53BC0C176Z58PV" />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />

<cfoutput>#encryptedString#</cfoutput>

The Results are different

Can Any one Help

Hello

I think I have resolved the Issue

<cfset input = "amount=30.0&autoRedirect=0&emailAddr=me@.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=shopping cart id">

<!---

    Generate a secret key. We are going to be using a more complex

    form of encryption; however, we can still tell the key-generator

    that we are simply using AES (Advanced Encryption Standard).

--->

<cfset encryptionKey = toBase64("HM53BC0C176Z58PV") />

<!---

    Now, let's encrypt our secret message with AES, This AES approach

breaks the data up into blocks,encrypts them individually,

and passes the result into the next block of encryption (.... I think).

--->

<cfset hashRequest = encrypt(

    input,

    encryptionKey,

    "AES",

    "base64"

    ) />

<!---

    Now, let's decode our secret using AES  and our secret key.

--->

<cfset decoded = decrypt(

    hashRequest,

    encryptionKey,

    "AES",

    "base64"

    ) />

<cfoutput>

    Original: #input#<br />

    <br />

    Secret: #hashRequest#<br />

    <br />

    Decoded: #decoded#<br />

</cfoutput>

(Email address and shopping cart id removed by moderator)

Views

946

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 11, 2017 0
Adobe Community Professional ,
Oct 14, 2017

Copy link to clipboard

Copied

Before we go any further, the storeID in the PHP query-string is 3528, whereas it is 352 in the ColdFusion query-string.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 14, 2017 0
Explorer ,
Oct 14, 2017

Copy link to clipboard

Copied

Sorry my bad... stories

is  3528

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 14, 2017 0
Explorer ,
Oct 14, 2017

Copy link to clipboard

Copied

Hello BKBK,

I tried with the correction made to storeid

The results in PHP

+gsH3CaifLXzoJ4TiCyqf7TPK+HnBaUEv3j5Fz41P1omhRoMOzCGcZHkYB7QfBqqlHOCBbcw8pn9lWd2JshYiQ8A2adAzdORxq2ug60YQKY1g9yhAcaoHaPouAkEJ5D/3ZZORvxfBZvwWcDzz7BmTwawCiKet5VBhLruTsiHPY/x6DETR2gIAKp34cPwJmHSTFH2+c41PqfrySW8MqX9MxcG1x/A2ADMA7wE2nMirNlEDv+IVPF//Cjknv8K2XSJR6rdy46eiwbWnHmDpBMk4AfcKDxk7fTu2JZp7SVvkj7xIWpUS+7H9ZHTFP5VFPVl

The Results in CF

KjCDw7J4UP1NGTeBZpfKIasd3Wkn9xyIZDs3AC5BPMwLSsJwoB51TOxWzusupJGpjA3QUs3Np2ZJkAHqwLvXrik1PVNXZ09KEK14RGLtx0zrXg7Ze+4IyVI1thvnFVtRbLl69NZPk9zQ+Nt/C3TVV1H22ty6jcEOdue7ouPsNfNnZqu3mAaukVvMqh4+FRXbhkXLSa5ze5VdNDkBq78TQ05JNDWMCiDrF55OeJR0/QgRlB7SFL4kNoMkhxEfkc6nuhP2jhirfubuDi1Sto6LUBtyJB5A7orqzd27CzCzKFwnrlrn3bvLSJbKFj2FL1Qc

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 14, 2017 0
Adobe Community Professional ,
Oct 15, 2017

Copy link to clipboard

Copied

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 15, 2017 0
Explorer ,
Oct 15, 2017

Copy link to clipboard

Copied

Dear BKBK,

What I think is that I'am not setting <cfset theIV = "HM53BC0C176Z58PV" /> correctly, If this sets then I think it might work

Regards

Tayyab Hussain

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 15, 2017 0
Explorer ,
Oct 16, 2017

Copy link to clipboard

Copied

Hello

I think I have resolved the Issue

<cfset input = "amount=30.0&autoRedirect=0&emailAddr=me@.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=shopping cart id">

<!---

    Generate a secret key. We are going to be using a more complex

    form of encryption; however, we can still tell the key-generator

    that we are simply using AES (Advanced Encryption Standard).

--->

<cfset encryptionKey = toBase64("HM53BC0C176Z58PV") />

<!---

    Now, let's encrypt our secret message with AES, This AES approach

breaks the data up into blocks,encrypts them individually,

and passes the result into the next block of encryption (.... I think).

--->

<cfset hashRequest = encrypt(

    input,

    encryptionKey,

    "AES",

    "base64"

    ) />

<!---

    Now, let's decode our secret using AES  and our secret key.

--->

<cfset decoded = decrypt(

    hashRequest,

    encryptionKey,

    "AES",

    "base64"

    ) />

<cfoutput>

    Original: #input#<br />

    <br />

    Secret: #hashRequest#<br />

    <br />

    Decoded: #decoded#<br />

</cfoutput>

(Email address and shopping cart id removed by moderator)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 16, 2017 0
BKBK LATEST
Adobe Community Professional ,
Oct 16, 2017

Copy link to clipboard

Copied

Hi Tayyab Hussain,

Thanks for sharing that with us.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 16, 2017 0