Copy link to clipboard
Copied
I have an issue that I just noticed in which encrypted data that is stored within a cookie seems to get altered in a way in which it cannot be decrypted successfully if the length of the text is over 45 characters. However, if the encrypted data is stored in a simple variable it can be successfully decrypted regardless of size.
Here is a code example: I got the error in both CF9 Enterprise and CF11 Enterprise:
<!---Begin code example--->
<cfset plainText = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">
<cfset seed = "myseedvalue">
<cfcookie name="testvalue" value="#encrypt(plainText,seed)#" expires="never">
<cfset testvalue2 = encrypt(plainText,seed)>
<cfoutput>
The encrypted cookie value:<br> #cookie.testvalue#<br>
The encrypted value outside of the cookie:<br> #testvalue2#
</cfoutput>
<br><br>
A comparison of the two strings using the compare() method: <cfoutput >#compare(cookie.testvalue,testvalue2)#</cfoutput>
<br><br>
Decryption of the value outside the cookie yields:
<cfoutput>
#decrypt(testvalue2,seed)#
</cfoutput>
<br><br>
<br><br>
Decryption of the value in the cookie yields:
<cftry>
<cfoutput>
#decrypt(cookie.testvalue,seed)#
</cfoutput>
<br><br>
<cfcatch>
<cfdump var="#cfcatch#" >
</cfcatch>
</cftry>
<!---End code example--->
The output of running this code is as follows:
The encrypted cookie value:
M7E;2R)*RK[:XK]^&>@ZX79Z44@VNAK6-_I^8?AW8FY*=KA*%!CP
The encrypted value outside of the cookie:
M7E;2R)*RK[:XK]^&>@ZX79Z44@VNAK6-_I^8?AW8FY*=KA*% !CP
A comparison of the two strings using the compare() method: 1
Decryption of the value outside the cookie yields: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Decryption of the value in the cookie yields: An error occurred while trying to encrypt or decrypt your input string: The input and output encodings are not same.
Any insight is appreciated!
Have something to add?