cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Encrypted Data Exchange with .NET

insuractive
Advocate ,
Nov 23, 2011 Nov 23, 2011

I've seen a number of postings on the forums about getting CF's encrypt method to play nice with data encrypted from a .NET system.  I currently find myself in a situation where I'm having to walk a .NET developer through using encryption on their end in order to send/accept encrypted data with ColdFusion.  Does anyone have a plug-and-play example that demonstrates an encrypted string exchange between CF and .NET that I could use as reference?

TOPICS
Advanced techniques
2.3K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

-__cfSearching__-
Valorous Hero , Nov 23, 2011 Nov 23, 2011

Here is a simple example of AES in C#/ColdFusion:

ColdFusion code:

<cfset thePlainData = "Nothing to see here folks" />

<cfset theKey = "oRJUjgbx9SGGR6v3T8JGJg==" />

<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />

<cfset theIVInBase64 = "f+hYUyjprHt/6FhTKOmsew==" />

<cfset theEncoding = "base64" />

<!--- do encrypt/decrypt --->

<!--- iv must be a byte array --->

<cfset theIV = BinaryDecode(theIVInBase64, "base64") />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV)

...
Translate
replies 9 Replies 9
latest latest Jump to latest reply
-__cfSearching__-
Valorous Hero ,
Nov 23, 2011 Nov 23, 2011

I have had a little experience with CF/.NET exchanges. What kind of encryption are you using (algorithm, encoding, iv, ecetera)?

 

-Leigh

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
insuractive
Advocate ,
Nov 23, 2011 Nov 23, 2011
In Response To -__cfSearching__-

Hi Leigh,

The decision on what to use it pretty up in the air right now, the only requirement is that we are able to encrypt/decrypt a string consistently with CF and .NET.  My initial thought is to use one of the standard Encrypt() block-level encryption algorithms, but I'd settle for any example that uses a decent level of encryption.  Luckily we're dealing with data that is not really that sensitive (P.H.I., Credit Cards, etc), so there aren't any legal or compliance requirements as to the strength of the encryption.

Thanks!

- Michael

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
Nov 23, 2011 Nov 23, 2011
In Response To insuractive

Okay, I should have a simple AES example somewhere. Let me see if I can dig it up.

 

-Leigh

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
insuractive
Advocate ,
Nov 23, 2011 Nov 23, 2011
In Response To -__cfSearching__-

Sweet!  Thanks Leigh.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
Nov 23, 2011 Nov 23, 2011
In Response To insuractive

Sorry, I looked and do not have an example of a full exchange, just the encyrption part. But data exchange should not be that hard. Do you want that encryption portion?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
insuractive
Advocate ,
Nov 23, 2011 Nov 23, 2011
In Response To -__cfSearching__-

That would be great!  The actual exchange of data is easy - telling a .NET developer how to configure their application so they can read my CF encrypted text = hard.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
Nov 23, 2011 Nov 23, 2011
In Response To insuractive

Here is a simple example of AES in C#/ColdFusion:

ColdFusion code:

<cfset thePlainData = "Nothing to see here folks" />

<cfset theKey = "oRJUjgbx9SGGR6v3T8JGJg==" />

<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />

<cfset theIVInBase64 = "f+hYUyjprHt/6FhTKOmsew==" />

<cfset theEncoding = "base64" />

<!--- do encrypt/decrypt --->

<!--- iv must be a byte array --->

<cfset theIV = BinaryDecode(theIVInBase64, "base64") />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />

<cfset decryptedString = decrypt(encryptedString, theKey, theAlgorithm, theEncoding, theIV) />

<!--- display results --->

<cfdump var="#variables#" label="AES/CBC/PKCS5Padding Results" />

C# code:

using System;

using System.Collections.Generic;

using System.Text;

using System.Security.Cryptography;

public class AESCBC

{

    public static void Main(string[] args)

    {

        try

        {

            // Just hard coded values for testing ...

            String thePlainData = "Nothing to see here folks";

            String theKey = "oRJUjgbx9SGGR6v3T8JGJg==";

            String theIV = "f+hYUyjprHt/6FhTKOmsew==";

            String encryptedText = EncryptText(thePlainData, theKey, theIV);

            String decryptedText = DecryptText(encryptedText, theKey, theIV);

            Console.WriteLine("Encrypted String: {0}", encryptedText);

            Console.WriteLine("Decrypted String: {0}", decryptedText);

        }

        catch (Exception e)

        {

            Console.WriteLine(e.Message);

        }

        Console.ReadLine();

    }

    public static String EncryptText(String Data, String Key, String IV)

    {

        // Extract the bytes of each of the values

        byte[] input = Encoding.UTF8.GetBytes(Data);

        byte[] key = Convert.FromBase64String(Key);

        byte[] iv = Convert.FromBase64String(IV);

        // Create a new instance of the algorithm with the desired settings

        RijndaelManaged algorithm = new RijndaelManaged();

        algorithm.Mode = CipherMode.CBC;

        algorithm.Padding = PaddingMode.PKCS7;

        algorithm.BlockSize = 128;

        algorithm.KeySize = 128;

        algorithm.Key = key;

        algorithm.IV = iv;

        // Create a new encryptor and encrypt the given value

        ICryptoTransform cipher = algorithm.CreateEncryptor();

        byte[] output = cipher.TransformFinalBlock(input, 0, input.Length);

        // Finally, return the encrypted value in base64 format

        String encrypted = Convert.ToBase64String(output);

        return encrypted;

    }

    public static String DecryptText(String Data, String Key, String IV)

    {

        // Extract the bytes of each of the values

        byte[] input = Convert.FromBase64String(Data);

        byte[] key = Convert.FromBase64String(Key);

        byte[] iv = Convert.FromBase64String(IV);

        // Create a new instance of the algorithm with the desired settings

        RijndaelManaged algorithm = new RijndaelManaged();

        algorithm.Mode = CipherMode.CBC;

        algorithm.Padding = PaddingMode.PKCS7;

        algorithm.BlockSize = 128;

        algorithm.KeySize = 128;

        algorithm.Key = key;

        algorithm.IV = iv;

        //FromBase64String

        // Create a new encryptor and encrypt the given value

        ICryptoTransform cipher = algorithm.CreateDecryptor();

        byte[] output = cipher.TransformFinalBlock(input, 0, input.Length);

        // Finally, convert the decrypted value to UTF8 format

        String decrypted = Encoding.UTF8.GetString(output);

        return decrypted;

    }

}

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
insuractive
Advocate ,
Nov 23, 2011 Nov 23, 2011
In Response To -__cfSearching__-

Thanks Leigh - that is exactly what I need!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
Nov 23, 2011 Nov 23, 2011
LATEST
In Response To insuractive

You are very welcome.  Obviously adapt the settings to suit your needs, but hopefully the example demonstrates how you can adjust the settings on both ends.

-Leigh

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices