問題描述

我有一個(gè) Coldfusion 頁面，其中包含一段加密變量的代碼，如下所示:

I have a Coldfusion page that includes a section of code that encrypts a variable like this:

<cfset data64 = toBase64(key)>
<cfset encryptedID = encrypt(getUser.ID, data64, "BLOWFISH", "Base64")>

我們正在將該站點(diǎn)移至基于 .NET 的 CMS，我需要將此頁面轉(zhuǎn)換為 C#，但遇到了麻煩.

We're moving the site to a .NET-based CMS, and I need to convert this page to C#, but I'm running into trouble.

我已成功將第一行轉(zhuǎn)換為:

I've successfully converted the first line to this:

byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);

我還添加了在 https://defuse.ca/blowfish.htm，但我對如何將其與密鑰一起使用(以及我是否要使用 ECB、CBC 或 CTR)有點(diǎn)模糊.我也不確定在 Coldfusion 中使用 base64 編碼的模擬是什么......這是我目前正在嘗試的，它不會(huì)產(chǎn)生與原始代碼相同的結(jié)果:

I've also added the blowfish.cs class found at https://defuse.ca/blowfish.htm, but I'm a little fuzzy on how to use this with the key (and whether I want to be using ECB, CBC, or CTR). I'm also not sure what the analog is to using the base64 encoding in Coldfusion... this is what I'm currently trying, which is not producing the same results as the original code:

BlowFish b = new BlowFish(keyBase64);
byte[] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser["ID"].ToString());
byte[] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);

我在一般加密方面沒有太多經(jīng)驗(yàn)，Coldfusion 代碼是在另一個(gè)沒有 C# 經(jīng)驗(yàn)的開發(fā)人員的幫助下設(shè)置的.任何建議將不勝感激.謝謝！

I don't have much experience with encryption in general, and the Coldfusion code was set up with the help of another developer who doesn't have C# experience. Any suggestions would be much appreciated. Thank you!

推薦答案

你可能想試試 BouncyCastle C#API.我為 POC 運(yùn)行了一些測試，它似乎產(chǎn)生了與您的 CF 代碼相同的結(jié)果.

You might want to try the BouncyCastle C# API. I ran a few tests, for POC, and it seemed to produce the same results as your CF code.

需要記住的幾點(diǎn):如果您閱讀 ColdFusion 中的強(qiáng)加密 它解釋了 ColdFusion 默認(rèn)使用 ECB 模式和 PKCS5Padding.因此，當(dāng)指定簡寫 Blowfish 時(shí)，您實(shí)際上是在說使用 Blowfish/ECB/PKCS5Padding.為了在 C#(或任何語言)中復(fù)制加密，您必須使用相同的設(shè)置.

A few things to keep in mind: If you read Strong Encryption in ColdFusion it explains that ColdFusion uses ECB mode and PKCS5Padding by default. So when specifying the shorthand Blowfish, you are actually saying use Blowfish/ECB/PKCS5Padding. In order to duplicate the encryption in C# (or any language), you must to use those same settings.

C# 端口的文檔似乎并不多，但據(jù)我所知，BlowfishEngine 默認(rèn)為 ECB 模式.因此，如果將其包裝在 PaddedBufferedBlockCipher 中，則結(jié)果應(yīng)該是 PKCS5 填充的.這應(yīng)該會(huì)給您與您的 CF 代碼相同的結(jié)果:

There does not seem to be a lot of documentation for the C# port, but from what I can tell the BlowfishEngine defaults to ECB mode. So if you wrap it in a PaddedBufferedBlockCipher the result should be PKCS5 padded. That should give you the same result as your CF code:

    byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(userIDString);
    byte[] keyBytes = System.Convert.FromBase64String(keyInBase64);

    // initialize for ECB mode and PKCS5/PKCS7 padding
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
    KeyParameter param = new KeyParameter(keyBytes);
    cipher.Init(true, param);

    // encrypt and encode as base64
    byte[] encryptedBytes =  cipher.DoFinal(inputBytes);
    string idBase64 = System.Convert.ToBase64String(encryptedBytes);

注意:我不是加密專家，但會(huì)說不鼓勵(lì)使用ECB"模式.請參閱 wiki 了解原因.所以你應(yīng)該認(rèn)真考慮選擇不同的模式.

NB: I am not an expert on encryption, but will say that use of "ECB" mode is discouraged. See wiki for a good illustration of why. So you should seriously consider choosing a different mode.

這篇關(guān)于將 Coldfusion 加密代碼轉(zhuǎn)換為 C#的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！