Janaki30364817ulno
New Here
Janaki30364817ulno
New Here
Activity
‎Aug 14, 2024
09:27 AM
Please ignore this code. I am experincing issue in below code.
... View more
‎Aug 14, 2024
09:26 AM
<script> async function encryptData(plainText, key) { const encoder = new TextEncoder(); const data = encoder.encode(plainText); // Generate a random IV const iv = crypto.getRandomValues(new Uint8Array(16)); // AES block size is 16 bytes // Import the key for AES-CBC const cryptoKey = await crypto.subtle.importKey( 'raw', key, { name: 'AES-CBC', length: 128 }, false, ['encrypt'] ); // Encrypt the data const encryptedBuffer = await crypto.subtle.encrypt( { name: 'AES-CBC', iv: iv }, cryptoKey, data ); // Combine IV and encrypted data for transmission const combined = new Uint8Array(iv.byteLength + encryptedBuffer.byteLength); combined.set(iv); combined.set(new Uint8Array(encryptedBuffer), iv.byteLength); return btoa(String.fromCharCode(...combined)); // Encode as base64 } // Example usage (async () => { const key = crypto.getRandomValues(new Uint8Array(16)); // 128-bit key const encryptedBase64 = await encryptData('Secret message', key); console.log('Encrypted (Base64):', encryptedBase64); // Export key to Base64 for use in ColdFusion const keyBase64 = btoa(String.fromCharCode(...key)); console.log('Key (Base64):', keyBase64); })(); </script> <cfscript> function decryptAES_CBC(encryptedBase64, keyBase64) { // Convert base64 to binary encryptedBytes = toBinary(encryptedBase64); keyBytes = toBinary(keyBase64); // Extract the IV and encrypted data ivLength = 16; // AES block size iv = arraySlice(encryptedBytes, 1, ivLength); encryptedData = arraySlice(encryptedBytes, ivLength + 1); // Create a Java AES/CBC/PKCS5Padding Cipher instance cipher = createObject("java", "javax.crypto.Cipher").getInstance("AES/CBC/PKCS5Padding"); // Generate the secret key from byte array keySpec = createObject("java", "javax.crypto.spec.SecretKeySpec").init(keyBytes, "AES"); ivSpec = createObject("java", "javax.crypto.spec.IvParameterSpec").init(iv); // Initialize the cipher for decryption cipher.init(2, keySpec, ivSpec); // Decrypt the data decryptedBytes = cipher.doFinal(encryptedData); // Convert decrypted bytes to string decryptedString = binaryDecode(decryptedBytes, "utf-8"); return decryptedString; } // Example usage keyBase64 = "QNPeiLBgxpEItOrNWWb1PA=="; // Replace with the actual key from JavaScript encryptedBase64 = "+6DQ8IlZUt+M11/SVxWZLNWmI5EwCFWy6wVgr9uoU5w="; // Replace with the actual data from JavaScript decrypted = decryptAES_CBC(encryptedBase64, keyBase64); writeOutput("Decrypted: " & decrypted); </cfscript>
... View more
‎Aug 14, 2024
09:07 AM
<cfscript> // Load BouncyCastle provider javaLoader = createObject("java", "java.security.Security"); bouncyCastleProvider = createObject("java", "org.bouncycastle.jce.provider.BouncyCastleProvider").init(); javaLoader.addProvider(bouncyCastleProvider); // Example values (replace with actual values) encryptedMessage = '{"iv":"3atIpqYRBUIDZD3LlFoDcQ==","v":1,"iter":10000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"0ZbZ5Jq92Tc=","ct":"YcPM/jQ1PImAZzUV6+WyXsPCbxuQK5fBs34="}'; // SJCL encrypted message JSON key = "mySecretKey"; // The password/key used for encryption // Parse the encrypted message (assuming JSON format) decryptedData = deserializeJSON(encryptedMessage); salt = binaryDecode(decryptedData.salt, "base64"); iv = binaryDecode(decryptedData.iv, "base64"); ciphertext = binaryDecode(decryptedData.ct, "base64"); // Key Derivation (PBKDF2 with HMAC-SHA256) generator = createObject("java", "org.bouncycastle.crypto.generators.PBKDF2ParametersGenerator").init( createObject("java", "org.bouncycastle.crypto.digests.SHA256Digest").newInstance() ); generator.init(createObject("java", "org.bouncycastle.crypto.params.KeyParameter").newInstance(key.getBytes(), salt)); keyParams = generator.generateDerivedParameters(256); key = keyParams.getKey(); // Decrypt cipher = createObject("java", "javax.crypto.Cipher").getInstance("AES/CBC/PKCS5Padding", "BC"); cipher.init(2, createObject("java", "javax.crypto.spec.SecretKeySpec").newInstance(key, "AES"), createObject("java", "javax.crypto.spec.IvParameterSpec").newInstance(iv)); decryptedText = toString(cipher.doFinal(ciphertext), "UTF-8"); // Output the decrypted message writeOutput("Decrypted Message: " & decryptedText); </cfscript>
... View more
‎Aug 14, 2024
07:51 AM
I tried with Stanford Javascript Crypto Library to encrypt, but unable to decrypt in coldfusion. Could you give me a sample code
... View more
‎Aug 14, 2024
06:02 AM
I would like to do client side encryption to hide the credit card information in payload so i used this logic in client side encryption using javascript and server side decryption in coldfusion. We have implemented this logic in CryptoJS 3.1.2 which has vulnerabilites and latest version of CryptoJS 4.2.0 also discontinued. I want to hide the credit card in payload. What's the best way to implement this logic in Coldfusion?
... View more
‎Aug 05, 2024
08:58 PM
Currently, I am using CryptoJS v3.1.2 Library file which has vulnerabilty. How to mitigate this issue in Coldfusion?
... View more
‎Jun 08, 2023
11:39 AM
Yes, I am using the 5 setting plus below setting in my application <cfset THIS.name="testapplication"> <cfset This.loginstorage="Session"> <cfset THIS.clientManagement=True> <cfset THIS.sessionManagement=True> <cfset THIS.setClientCookies=true> <cfset THIS.sessioncookie.secure = true> <cfset THIS.sessioncookie.httponly = true> <cfset THIS.applicationTimeout=createtimespan(0,2,30,0)> <cfset THIS.sessionTimeout=createtimespan(0,0,30,0)> <cfset THIS.sessioncookie.httponly=true>
... View more
‎Jun 08, 2023
11:04 AM
Yes, you are right session is not maintaing in my application. For example: Log in page: http://xxxxxxxx:8080/test_public_1?CFID=2946&CFTOKEN=68589b4d9f6afac0-1971ECBF-EBEA-AA83-1F1F4AA9A713CDB5 After Logged : CFID and CFToken changing http://xxxxxxxx:8080/test_public_1?CFID=2982&CFTOKEN=f9dab549db54f880-19A99525-E145-B538-B6D6C2E04AFFFC8B I have written the code as mentioned in above statement still not working. Anything need to change in Coldfusion server setting?
... View more
‎Jun 07, 2023
09:56 PM
Coldfusion 2016 supported on Window server 2012?
... View more
‎Jun 07, 2023
08:43 PM
We have moved from old sever to new server using Coldfusion 2016 version. We have below queries regarding this migraton. 1. Using CFlogin we are validating the current user logged in application or not with help of Isuserloggedin() function. 2. The IsUserloggedin() is working before (cflocation)redirection, once redirected(cflocation) to another page it’s not working. 3. IsUserroles(),GetUserroles() are also not working after redirection(cflocation).
... View more