Problem with encrypt and decrypt. Please help

New Here ,
Mar 14, 2021 Mar 14, 2021

Copy link to clipboard

Copied

Here is my code to encrypt and decrypt. When i change my key to decrpt ( 'Mykey1234') i stil can decrypt the string i just encrypted. The key i used to encrypt i 'Mykey12345678'. Any one can explain why this happen?

 

<cfoutput>
Encrypt : #encrypt('This string will be encrypted (you can replace it with more typing).', 'Mykey12345678', 'CFMX_COMPAT','Base64')#
<cfset new_encrypt = encrypt('This string will be encrypted (you can replace it with more typing).', 'Mykey12345678', 'CFMX_COMPAT','Base64')> <br>
Decrypt : #decrypt(new_encrypt, 'Mykey1234', 'CFMX_COMPAT','Base64')#
</cfoutput>

Views

170

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 14, 2021 Mar 14, 2021

Copy link to clipboard

Copied

Here is my code to encrypt and decrypt. When i change my key to decrpt ( 'Mykey1234') i stil can decrypt the string i just encrypted. The key i used to encrypt i 'Mykey12345678'. Any one can explain why this happen?

 

<cfoutput>
Encrypt : #encrypt('This string will be encrypted (you can replace it with more typing).', 'Mykey12345678', 'CFMX_COMPAT','Base64')#
<cfset new_encrypt = encrypt('This string will be encrypted (you can replace it with more typing).', 'Mykey12345678', 'CFMX_COMPAT','Base64')> <br>
Decrypt : #decrypt(new_encrypt, 'Mykey1234', 'CFMX_COMPAT','Base64')#
</cfoutput>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 14, 2021 Mar 14, 2021

Copy link to clipboard

Copied

Please post the exact name of the Adobe program you use so a Moderator may move this message to that forum

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 14, 2021 Mar 14, 2021

Copy link to clipboard

Copied

i'm using coldfusion to develope this.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 14, 2021 Mar 14, 2021

Copy link to clipboard

Copied

Moved to Coldfusion forum and also merged the duplicate posts

-Manan

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 14, 2021 Mar 14, 2021

Copy link to clipboard

Copied

anybody can help? why i change mykey and i still can decrypt? 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 15, 2021 Mar 15, 2021

Copy link to clipboard

Copied

@farizanm84156226 , what you have discovered is indeed strange. As you can see, I have been able to reproduce the issue with random choices of encryptionKey/decryptionKey pairs.

<cfoutput>
<cfset encryptionKey1="z%KAY012_xyz_abracadabra">
Encrypt1 : #encrypt('This string 1 will be encrypted (you can replace it with more typing).', encryptionKey1, 'CFMX_COMPAT','Base64')#
<cfset new_encrypt1 = encrypt('This string 1 will be encrypted (you can replace it with more typing).', encryptionKey1, 'CFMX_COMPAT','Base64')> <br>

<cfset decryptionKey1="z%KEY012">
Decrypt2 : #decrypt(new_encrypt1, decryptionKey1, 'CFMX_COMPAT','Base64')#<br>
EncryptionKey1 : #encryptionKey1# <br>
DecryptionKey1 : #decryptionKey1# <br><br>

<cfset encryptionKey2="z%key012xxx_xyz_abracadabra">
Encrypt2 : #encrypt('This string 2 will be encrypted (you can replace it with more typing).', encryptionKey2, 'CFMX_COMPAT','Base64')#
<cfset new_encrypt2 = encrypt('This string 2 will be encrypted (you can replace it with more typing).', encryptionKey2, 'CFMX_COMPAT','Base64')> <br>

<cfset decryptionKey2="z%koy012">
Decrypt2 : #decrypt(new_encrypt2, decryptionKey2, 'CFMX_COMPAT','Base64')#<br>
EncryptionKey2 : #encryptionKey2# <br>
DecryptionKey2 : #decryptionKey2# 
</cfoutput>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 15, 2021 Mar 15, 2021

Copy link to clipboard

Copied

On the basis of this finding, my advice is as follows:

  • Don't manually generate an encryption key. Instead, use the function generateSecretKey (together with the AES algorithm, for example) to generate the key.
  • Store this key, then use it later for decryption.

For example:

<cfoutput>
<cfset encryptionKey=generatesecretkey("AES")>
Encrypt : #encrypt('This string will be encrypted (you can replace it with more typing).', encryptionKey, 'CFMX_COMPAT','Base64')#
<cfset new_encrypt = encrypt('This string will be encrypted (you can replace it with more typing).', encryptionKey, 'CFMX_COMPAT','Base64')> <br>

<cfset decryptionKey=encryptionKey><!--- Stored key used for decryption --->
Decrypt : #decrypt(new_encrypt, decryptionKey, 'CFMX_COMPAT','Base64')#<br>
EncryptionKey : #encryptionKey# <br>
DecryptionKey : #decryptionKey# 
</cfoutput>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 15, 2021 Mar 15, 2021

Copy link to clipboard

Copied

I am on ColdFusion 2021. What is your ColdFusion version and Update level?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Mar 15, 2021 Mar 15, 2021

Copy link to clipboard

Copied

CFMX_COMPAT is not really a good choice of algorithm to begin with, if I recall correctly it is just an XOR cipher, so it doesn't provide a lot of assurance. Use something strong like AES instead. 

 

I never realized that about the key, I imagine it is only using the first few bits of your key, so anything you add to the end of it doesn't matter - this is just another reason to avoid CFMX_COMPAT in my book. 

 

Pete Freitag

Foundeo Inc.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 15, 2021 Mar 15, 2021

Copy link to clipboard

Copied

CFMX_COMPAT uses a 32 bit key so the key will always be truncated to the first 8 characters.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 18, 2021 Mar 18, 2021

Copy link to clipboard

Copied

@John123 : CFMX_COMPAT uses a 32 bit key so the key will always be truncated to the first 8 characters.

 

It's weirder than that I'm afraid. In one of the tests, you could encrypt with the key

z%key012xxx_xyz_abracadabra

and successfully decrypt with

z%koy012

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Mar 18, 2021 Mar 18, 2021

Copy link to clipboard

Copied

@BKBK : another good reason not to use CFMX_COMPAT.

 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Mar 15, 2021 Mar 15, 2021

Copy link to clipboard

Copied

FYI: We used these UDFs (from 2005) after the internal cfusion_encrypt & cfusion_decrypt built-in functions were dropped in CF11.
https://www.barneyb.com/barneyblog/2005/10/28/cfusion_encryptcfusion_decrypt-udfs/

 

<cffunction name="fusion_encrypt" output="false" returntype="string">
	<cfargument name="string" type="string" required="true">
	<cfargument name="key" type="string" required="true">
	<cfset var i = "">
	<cfset var result = "">
	<cfset key = repeatString(key, ceiling(len(string) len(key)))>
	<cfloop from="1" to="#len(string)#" index="i">
	 	 	<cfset result = result & rJustify(formatBaseN(binaryXOR(asc(mid(string, i, 1)), asc(mid(key, i, 1))), 16), 2)>
	</cfloop>
	<cfreturn replace(result, " ", "0", "all")>
</cffunction>
<cffunction name="fusion_decrypt" output="false" returntype="string">
	<cfargument name="string" type="string" required="true">
	<cfargument name="key" type="string" required="true">
	<cfset var i = "">
	<cfset var result = "">
	<cfset key = repeatString(key, ceiling(len(string) 2 len(key)))>
	<cfloop from="2" to="#len(string)#" index="i" step="2">
	 	 	<cfset result = result & chr(binaryXOR(inputBaseN(mid(string, i - 1, 2), 16), asc(mid(key, i 2, 1))))>
	</cfloop>
	<cfreturn result>
</cffunction>
<cffunction name="binaryXOR" output="false" returntype="numeric">
	<cfargument name="n1" type="numeric" required="true">
	<cfargument name="n2" type="numeric" required="true">
	<cfset n1 = formatBaseN(n1, 2)>
	<cfset n2 = formatBaseN(n2, 2)>
	<cfreturn inputBaseN(replace(n1 + n2, 2, 0, "all"), 2)>
</cffunction>

<cfset key = "test">
<cfoutput>
<table>
<cfloop list="barney,is,damn cool!" index="i">
	<tr>
		<td>#i#</td>
		<td>#cfusion_encrypt(i, key)#</td>
		<td>#fusion_encrypt(i, key)#</td>
		<td>#cfusion_decrypt(cfusion_encrypt(i, key), key)#</td>
		<td>#fusion_decrypt(fusion_encrypt(i, key), key)#</td>
	</tr>
</cfloop>
</table>
</cfoutput>

 

I ran your different encrypt/decrypt keys through it and didn't encounter the same issue (where only the first 8 characters were all that was required to decrypt.)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 18, 2021 Mar 18, 2021

Copy link to clipboard

Copied

@farizanm84156226 , you should report a bug. It might help to include in your report a link to this forum thread.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Mar 21, 2021 Mar 21, 2021

Copy link to clipboard

Copied

LATEST

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines