3 Replies Latest reply on Jun 13, 2007 8:51 AM by Applied CD

    Is VBscript’s URL decoding an exact reciprocal of Lingo’s encoding from postNetText?

    Applied CD Level 1
      I’m trying to send the output of an RC4 encryption routine to an ASP script on a WinTel server via postNetText. The output of RC4 encryption is not URL safe, however, Lingo’s postNextText encodes the string (when sent as part of a property list) and VBScript’s request.form(“myString”) decodes the string automatically … more or less. When I decrypt the string server side I get about 75% of the original string, or I get the entire string with letter shifts scattered throughout. RC4 encryption is symmetrical, ie: the encrypted output may be sent back though the same code with the same key and results in the decrypted string. My VBscript is symmetrical with its own output, the same is true for my lingo script … it’s only when I send the lingo output to the vbscript that I get this odd result. I tried various combinations of URL encoding the string explicitly before sending to postNetText, no luck. I’m going to try base64 encoding the output but maybe there’s another problem. I’ve attached the encoding scripts for the curious.
        • 1. Re: Is VBscript’s URL decoding an exact reciprocal of Lingo’s encoding from postNetText?
          Applied CD Level 1
          Woo hoo .. got it. Had to convert the entire outgoing string from ascii to hex with $ delimiter rather than % (which gets encoded to %25) and added a function server side to convert hex back to ascii again recognizing $ as the delimiter. The two encryption routines are now completely symmetrical with themselves and each other.

          Base64 would probably be more efficient but for the amount of data I’m passing this works fine. If anyone wants to fill me on why the encoding in postNetText doesn’t exactly match the decoding by VBScript I’d love to know.
          • 2. Re: Is VBscript?s URL decoding an exact reciprocal of Lingo?s encoding from postNetText?
            Level 7

            "Applied CD" <webforumsuser@macromedia.com> schreef in bericht
            news:f4n6d8$1gf$1@forums.macromedia.com...
            > Woo hoo .. got it. Had to convert the entire outgoing string from ascii to
            > hex
            > with $ delimiter rather than % (which gets encoded to %25) and added a
            > function
            > server side to convert hex back to ascii again recognizing $ as the
            > delimiter.
            > The two encryption routines are now completely symmetrical with themselves
            > and
            > each other.
            >
            > Base64 would probably be more efficient but for the amount of data I?m
            > passing
            > this works fine. If anyone wants to fill me on why the encoding in
            > postNetText
            > doesn?t exactly match the decoding by VBScript I?d love to know.

            Hi Applied,
            base64 is not an ecryption algorithm like RC4.
            Base64 is an encoding technique, and in itself doesnt "hide"anything.
            Its in the same league as "quoted printable" encoding.

            Regards,

            Richard
            LOOPING Multimedia


            • 3. Re: Is VBscript?s URL decoding an exact reciprocal of Lingo?s encoding from postNetText?
              Applied CD Level 1
              Yeah, sorry I wasn’t clear about that. Encoding (either ascii<->hex or base64) doesn’t replace the RC4 encryption, it’s required to convert the output of RC4 encryption to a string that is URL safe.

              Here’s the scheme:

              Client/Lingo: SQL string -> RC4 encryption with local key -> HEX encoding -> postNetText ----> Server/VBS: HEX decoding -> RC4 decryption with local key -> execute SQL string

              I’m also modifying the scripts so that the server response can be RC4 encrypted if desired. Same process as above, just reversed.

              - bob