7 Replies Latest reply on Oct 16, 2017 6:27 AM by BKBK

    ColdFusion Encryption

    Tayyab Hussain

      I have the following PHP Code that uses an AES/ECB/PKCS5Padding


      PHP Code:

      $hashRequest = '';

      $hashKey = 'HM53BC0C176Z58PV';


      amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL =http://shopweb.windsorparking.com/php/getToken.php&storeId=3528'

      // Encrypting mapString

      function pkcs5_pad($text, $blocksize) {

            $pad = $blocksize - (strlen($text) % $blocksize);

            return $text . str_repeat(chr($pad), $pad);


      $alg = MCRYPT_RIJNDAEL_128; // AES

      $mode = MCRYPT_MODE_ECB; // ECB

      $iv_size = mcrypt_get_iv_size($alg, $mode);

      $block_size = mcrypt_get_block_size($alg, $mode);

      $iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);


      $mapString = pkcs5_pad($mapString, $block_size);

      $crypttext = mcrypt_encrypt($alg, $hashKey, $mapString, $mode, $iv);

      $hashRequest = base64_encode($crypttext);

      // end encryption;


      My ColdFusion Code So Far


      <cfset mapString = "amount=30.0&autoRedirect=0&emailAddr=fakhar.munir88@gmail.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL =http://shopweb.windsorparking.com/php/getToken.php&storeId=352" />

      <cfset theKey = toBase64("HM53BC0C176Z58PV") />

      <cfset theAlgorithm = "AES/CBC/PKCS5Padding" />

      <cfset theEncoding = "base64" />

      <cfset theIV = "HM53BC0C176Z58PV" />

      <cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />



      The Results are different


      Can Any one Help

        • 1. Re: ColdFusion Encryption
          BKBK Adobe Community Professional & MVP

          Before we go any further, the storeID in the PHP query-string is 3528, whereas it is 352 in the ColdFusion query-string.

          • 2. Re: ColdFusion Encryption
            Tayyab Hussain Level 1

            Sorry my bad... stories

            is  3528

            • 3. Re: ColdFusion Encryption
              Tayyab Hussain Level 1

              Hello BKBK,


              I tried with the correction made to storeid


              The results in PHP

              +gsH3CaifLXzoJ4TiCyqf7TPK+HnBaUEv3j5Fz41P1omhRoMOzCGcZHkYB7QfBqqlHOCBbcw8pn9lWd2JshYiQ8A2a dAzdORxq2ug60YQKY1g9yhAcaoHaPouAkEJ5D/3ZZORvxfBZvwWcDzz7BmTwawCiKet5VBhLruTsiHPY/x6DETR2gI AKp34cPwJmHSTFH2+c41PqfrySW8MqX9MxcG1x/A2ADMA7wE2nMirNlEDv+IVPF//Cjknv8K2XSJR6rdy46eiwbWnH mDpBMk4AfcKDxk7fTu2JZp7SVvkj7xIWpUS+7H9ZHTFP5VFPVl


              The Results in CF


              KjCDw7J4UP1NGTeBZpfKIasd3Wkn9xyIZDs3AC5BPMwLSsJwoB51TOxWzusupJGpjA3QUs3Np2ZJkAHqwLvXrik1PV NXZ09KEK14RGLtx0zrXg7Ze+4IyVI1thvnFVtRbLl69NZPk9zQ+Nt/C3TVV1H22ty6jcEOdue7ouPsNfNnZqu3mAau kVvMqh4+FRXbhkXLSa5ze5VdNDkBq78TQ05JNDWMCiDrF55OeJR0/QgRlB7SFL4kNoMkhxEfkc6nuhP2jhirfubuDi 1Sto6LUBtyJB5A7orqzd27CzCzKFwnrlrn3bvLSJbKFj2FL1Qc

              • 5. Re: ColdFusion Encryption
                Tayyab Hussain Level 1

                Dear BKBK,


                What I think is that I'am not setting <cfset theIV = "HM53BC0C176Z58PV" /> correctly, If this sets then I think it might work




                Tayyab Hussain

                • 6. Re: ColdFusion Encryption
                  Tayyab Hussain Level 1



                  I think I have resolved the Issue


                  <cfset input = "amount=30.0&autoRedirect=0&emailAddr=me@.com&expiryDate=20190721 112300&mobileNum=03345400644&orderRefNum=1008&paymentMethod=MA_PAYMENT_METHOD&postBackURL =shopping cart id">


                      Generate a secret key. We are going to be using a more complex

                      form of encryption; however, we can still tell the key-generator

                      that we are simply using AES (Advanced Encryption Standard).


                  <cfset encryptionKey = toBase64("HM53BC0C176Z58PV") />


                      Now, let's encrypt our secret message with AES, This AES approach

                  breaks the data up into blocks,encrypts them individually,

                  and passes the result into the next block of encryption (.... I think).


                  <cfset hashRequest = encrypt(





                      ) />


                      Now, let's decode our secret using AES  and our secret key.


                  <cfset decoded = decrypt(





                      ) />


                      Original: #input#<br />

                      <br />

                      Secret: #hashRequest#<br />

                      <br />

                      Decoded: #decoded#<br />



                  (Email address and shopping cart id removed by moderator)

                  • 7. Re: ColdFusion Encryption
                    BKBK Adobe Community Professional & MVP

                    Hi Tayyab Hussain,


                    Thanks for sharing that with us.