Copy link to clipboard
Copied
Randomly about once every 200 transactions we get the following encryption error:
An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
At login we create the follow session variables:
<cfset session.a= 'AES'>
<cfset session.e= 'HEX'>
<cfset session.k=generateSecretKey(session.a)>
Then throughout the site we use:
<cfscript>
encrypted=encrypt(customer.foo, session.k,session.a,session.e);
</cfscript>
<cfscript>
url.serial=decrypt(url.foo, session.k,session.a,session.e);
</cfscript>
Any suggestions?
Copy link to clipboard
Copied
I'm not sure where you're getting the error. Are you getting it when you encrypt, or when you decrypt, or both? Do you get it once, but then get success if you try that operation again with the same key?
If it's the latter, I'd just write an exception handler that tries to repeat the operation. If it happens repeatedly after you've generated a specific key, I'd write the key generation process in an exception handler that attempts to use the key right after you created it.
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
It happens randomly on decrypt and the next attempt will work so an exception handler to repeat the process is probably the best idea... Something new to learn.
Copy link to clipboard
Copied
I'd propose instead (or in addition) that a try/catch around the erroneous statement could then log the values of all the variables involved in that statement. You are reasonably presuming that they are what you expect them to be, but I am willing to bet that you will find that when it fails, the problem has to do with the values in those variables.
Even if you may go the "repeat" route, could you please take a moment to log (with cflog or writelog) the values? It could help you and other readers to understand the real root cause of your problem.
That said, do beware that if somehow the variable to be logged wasn't a string (or couldn't be interpreted by CF to be one), then the cflog/writelog would fail--but that failure itself would indicate that the variable which couldn't be written was the real problem.