ColdFusion Encryption

Report · Oct 11, 2017

I have the following PHP Code that uses an AES/ECB/PKCS5Padding

PHP Code:

$hashRequest = '';

$hashKey = 'HM53BC0C176Z58PV';

$mapString='

amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL=http://shopweb.windsorparking.com/php/getToken.php&storeId=3528'

// Encrypting mapString

function pkcs5_pad($text, $blocksize) {

$pad = $blocksize - (strlen($text) % $blocksize);

return $text . str_repeat(chr($pad), $pad);

}

$alg = MCRYPT_RIJNDAEL_128; // AES

$mode = MCRYPT_MODE_ECB; // ECB

$iv_size = mcrypt_get_iv_size($alg, $mode);

$block_size = mcrypt_get_block_size($alg, $mode);

$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);

$mapString = pkcs5_pad($mapString, $block_size);

$crypttext = mcrypt_encrypt($alg, $hashKey, $mapString, $mode, $iv);

$hashRequest = base64_encode($crypttext);

// end encryption;

My ColdFusion Code So Far

<cfoutput>#encryptedString#</cfoutput>

The Results are different

Can Any one Help

Report · Oct 14, 2017

Before we go any further, the storeID in the PHP query-string is 3528, whereas it is 352 in the ColdFusion query-string.

Report · Oct 14, 2017

Sorry my bad... stories

is 3528

Report · Oct 14, 2017

Hello BKBK,

I tried with the correction made to storeid

The results in PHP

+gsH3CaifLXzoJ4TiCyqf7TPK+HnBaUEv3j5Fz41P1omhRoMOzCGcZHkYB7QfBqqlHOCBbcw8pn9lWd2JshYiQ8A2adAzdORxq2ug60YQKY1g9yhAcaoHaPouAkEJ5D/3ZZORvxfBZvwWcDzz7BmTwawCiKet5VBhLruTsiHPY/x6DETR2gIAKp34cPwJmHSTFH2+c41PqfrySW8MqX9MxcG1x/A2ADMA7wE2nMirNlEDv+IVPF//Cjknv8K2XSJR6rdy46eiwbWnHmDpBMk4AfcKDxk7fTu2JZp7SVvkj7xIWpUS+7H9ZHTFP5VFPVl

The Results in CF

KjCDw7J4UP1NGTeBZpfKIasd3Wkn9xyIZDs3AC5BPMwLSsJwoB51TOxWzusupJGpjA3QUs3Np2ZJkAHqwLvXrik1PVNXZ09KEK14RGLtx0zrXg7Ze+4IyVI1thvnFVtRbLl69NZPk9zQ+Nt/C3TVV1H22ty6jcEOdue7ouPsNfNnZqu3mAaukVvMqh4+FRXbhkXLSa5ze5VdNDkBq78TQ05JNDWMCiDrF55OeJR0/QgRlB7SFL4kNoMkhxEfkc6nuhP2jhirfubuDi1Sto6LUBtyJB5A7orqzd27CzCzKFwnrlrn3bvLSJbKFj2FL1Qc

Report · Oct 15, 2017

Someone gave an explanation and an example in the Stackoverflow website.

Report · Oct 15, 2017

Dear BKBK,

What I think is that I'am not setting <cfset theIV = "HM53BC0C176Z58PV" /> correctly, If this sets then I think it might work

Regards

Tayyab Hussain

Report · Oct 16, 2017

Hello

I think I have resolved the Issue

<!---

Generate a secret key. We are going to be using a more complex

form of encryption; however, we can still tell the key-generator

that we are simply using AES (Advanced Encryption Standard).

--->

<!---

Now, let's encrypt our secret message with AES, This AES approach

breaks the data up into blocks,encrypts them individually,

and passes the result into the next block of encryption (.... I think).

--->

<cfset hashRequest = encrypt(

input,

encryptionKey,

"AES",

"base64"

) />

<!---

Now, let's decode our secret using AES and our secret key.

--->

<cfset decoded = decrypt(

hashRequest,

encryptionKey,

"AES",

"base64"

) />

Original: #input#

Secret: #hashRequest#

Decoded: #decoded#

</cfoutput>

(Email address and shopping cart id removed by moderator)

Report · Oct 16, 2017

Hi Tayyab Hussain,

Thanks for sharing that with us.

Adobe Community

ColdFusion Encryption

1 Correct answer