I'm 99.9% sure RC4 is available on my server ....  I've added the extra security provider package for [see here: http://kb2.adobe.com/cps/546/e546373d.html ] and if I tail the cfserver log I get:

01/11 15:08:23 Information [main] - Installed JSafe JCE provider: Version 3.6 RSA Security Inc. Crypto-J JCE Security Provider (implements RSA, DSA, Diffie-Hellman, AES, DES, Triple DES, DESX, RC2, RC4, RC5, PBE, MD2, MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512, HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512)

If I, #encrypt("killbill","RC4")#, I get "(?)Y0GXZT5_,"

so I am assuming RC4 is working....

-sean

[CF8 Enterprise]

Hi;

yes - it does work, but when I substitute my existing key [ rc4key = '823hjdFD00fQFSDFJweru87fsj34FS'; ] I get the error:

An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "823hjdFD00fQFSDFJweru87fsj34FS"..

ok, soooo the problemis with the key?

-sean

sean69 wrote: An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "823hjdFD00fQFSDFJweru87fsj34FS".. ok, soooo the problemis with the key?

Indeed, the problem is likely with the key. I would just take Coldfusion's insurance policy,

rc4key = generatesecretkey("RC4");

and then store the value somewhere.

wherein lies the problem, I am migrating customers from one store application [Candypress - asp pages] to a completely new application since there is about 9000 of them it would be nice to be able to script the passwords.... [stored as plain text in the new application]

-sean

sean69 wrote: wherein lies the problem, I am migrating customers from one store application [Candypress - asp pages] to a completely new application since there is about 9000 of them it would be nice to be able to script the passwords.... [stored as plain text in the new application

No problem. Just let Coldfusion generate the RC4 keys for you.

I don't understand how that would help.

I'm trying to migrate the passwords as well, not change them. all I have is the encrypted password and the key to start with.

-sean

I'm trying to migrate the passwords as well

Ah. That wasn't clear to me. In any case, I doubt whether '823hjdFD00fQFSDFJweru87fsj34FS' is an RC4 key.

You can test the key at http://crypto.hurlant.com/demo/

screenshot in first post...it seems to work so if there is a problem with it, I'm not sure what it could be??

-sean

nope - sorry, I don't understand your reply....

"It wants to "base64decode" the string." - which string, what is it?

"simply send it a base64-encoding of the string" ??

-if you are suggesting the passwords, I don't have a decrypted version of the passwords....

can you illustrate with a line or two of code?

-thanks

-sean

I still don't see what you are saying, have you tested with any code???

all I have is the rc4key = '823hjdFD00fQFSDFJweru87fsj34FS' - used to originally encrypt the passwords,  and the encrypted password = '668413106F51AB'  in this one and only case I happen to know that password is 'test123'

you can see in my original post that someone has figured it out, I can decode passwords one by one using that app,  just have not been able to figure oit out here...

-sean

so you are suggesting something like:

passhex = '668413106F51AB';

rc4key = toBase64('823hjdFD00fQFSDFJweru87fsj34FS');

writeoutput(Decrypt( passhex, rc4key, 'RC4','Hex'));

Which gives me an "The key  specified is not a valid key for this encryption: Illegal key size or  default parameters." error.

-sean

That is indeed what I was suggesting.

but ...

are you sure that the fourth parameter to Decrypt() should be 'hex'?  I don't know the answer to that.  Is this supposed to represent the encoding of the data string, or of the key?

I really don't have a clue.....

Sean -

Did you ever happen to figure this out?  If so, what was the issue?

Thanks,

Neal

nope - never figured it out...  sorry

Yeah, I gave up as well.  Decided to use this function:

http://www.cflib.org/udf/RC4

I am not very familiar with RC4, but this seems to work fine for me. ie Returns the same results as the online demo.

<cfscript>
    // convert plain text key to base64
    rc4key = '823hjdFD00fQFSDFJweru87fsj34FS';
    keyBytes = charsetDecode(rc4key, "utf8");
    keyBase64 = BinaryEncode(keyBytes, "base64");

    //encrypt it and return value as HEX...
    encrypted = Encrypt("test123", keyBase64, 'RC4', 'hex');
    WriteOutput("encrypted="& encrypted &"<br>");

    // decrypt value
    decrypted = Decrypt( encrypted, keyBase64, 'RC4', 'Hex');
    WriteOutput("decrypted="& decrypted &"<br>");
</cfscript>

If I, #encrypt("killbill","RC4")#, I get "(?)Y0GXZT5_, so I am assuming RC4 is working....

BTW: The algorithm name is in the wrong position. So it is just using the default CFMX_COMPAT.

Message was edited by: -==cfSearching==-

as I remember, the passwords were encrypted with asp.net, all I had was the encrypted passwords & encryption keys ...  I had no problems using CFMX > CFMX encryption ...

Not sure what you mean. With a slight modification, your original example of RC4 encryption works fine.

BTW: The last comment was to point out that one of your test cases was not actually using RC4 as you thought

ie #encrypt("killbill","RC4")# actually uses the default CFMX_COMPAT with "RC4" as the seed.

-Leigh