0 Replies Latest reply on Aug 8, 2017 12:09 PM by josephv80633748

    ColdFusion decryption problem with third-party key

    josephv80633748 Level 1

      We need to decrypt a key passed to us from a third party in order to then decrypt data sent in the same transmission. We use a static secret key that we have to decrypt the key, which apparently works (no error thrown); however, that decrypted string does not decrypt the data.

       

      So, we receive two fields: secret and data, both encrypted strings.

       

      Here's our code:

       

      <cfset data_key=Decrypt(secret,"our secret key here","AES/ECB/PKCS5Padding","Base64") />

       

      This code completes successfully (or so it seems), but using the resulting data_key to decrypt the data, like this:

       

      <cfset data_str=Decrypt(data,data_key,"AES/ECB/PKCS5Padding","Base64") />

       

      gives this error:

       

      An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string " U� ��v�p'|

       

      cx� � �O���s��)�R݋��"..

       

      We've tried transforming data_key in various ways to make it work, but we're out of ideas.

       

      More relevant info:

       

      We're attempting 256-bit AES encryption and have installed the JCE Unlimited Strength Jurisdiction Policy Files.

       

      The mode and packing parameters are correct, per our source.

       

      No IV should be required, per our source.

       

      Any guidance would be greatly appreciated. Thank you.