問題描述
我們很難在 ColdFusion 中解密之前使用 3DES 和 C# 加密的字符串.這是我們最初用來加密字符串的代碼:
We are having difficulty decrypting a string in ColdFusion that was previously encrypted with 3DES and C#. Here is the code we used to encrypt the string initially:
public static string EncryptTripleDES(string plaintext, string key)
{
TripleDESCryptoServiceProvider DES = new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider hashMD5 = new MD5CryptoServiceProvider();
DES.Key = hashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
DES.Mode = CipherMode.ECB;
ICryptoTransform DESEncrypt = DES.CreateEncryptor();
byte[] Buffer = ASCIIEncoding.ASCII.GetBytes(plaintext);
string EncString = Convert.ToBase64String(DESEncrypt.TransformFinalBlock(Buffer, 0, Buffer.Length));
EncString = EncString.Replace("+", "@@12");
return EncString;
}
我們已嘗試使用此處的建議:
We have tried using the suggestions here:
TripleDES 加密 - .NET 和 ColdFusion 效果不佳
..沒有運(yùn)氣.這是我們的 CF 代碼和錯(cuò)誤:
..with no luck. Here is our CF code and the error:
<cfset variables.theKey = "blahblah" />
<cfset variables.theAlgorithm = "DESede/CBC/PKCS5Padding">
<cfset variables.theEncoding = "Base64">
<cfset strTest = decrypt(#DB.PASSWORD#, variables.theKey, variables.theAlgorithm, variables.theEncoding)>
錯(cuò)誤返回:嘗試加密或解密輸入字符串時(shí)出錯(cuò):''無法解碼字符串blahblah"
Error returned: An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string "blahblah"
所以,看起來它是在嘗試解密密鑰而不是字符串,但這不是 ColdFusion 中解密函數(shù)的概述方式.有什么想法嗎?
So, it looks like it's trying to decrypt the key and not the string, but that's not how the decrypt function is outlined in ColdFusion. Any ideas?
更新:嘗試使用以下 CF 代碼,但返回的錯(cuò)誤仍然是嘗試加密或解密您的輸入字符串時(shí)發(fā)生錯(cuò)誤:未正確填充最終塊."
UPDATE: Attempted to use the following CF code, but the error returned is still "An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded."
<cfset dbPassword = "Hx41SYUrmnFPa31QCH1ArCHN1YOF8IAL">
<cfset finalText = replace(dbPassword, "@@12", "+", "all")>
<cfset theKey = "abcdefgh">
<cfset theKeyInBase64 = toBase64(theKey)>
<cfset hashedKey = hash( theKeyInBase64, "md5" )>
<cfset padBytes = left( hashedKey, 16 )>
<cfset keyBytes = binaryDecode( hashedKey & padBytes , "hex" )>
<cfset finalKey = binaryEncode( keyBytes, "base64" )>
<cfset decrypted = decrypt( finalText, finalKey, "DESede/ECB/PKCS5Padding", "base64" )>
Decrypted String: <cfdump var="#decrypted#">
更新:
如果您關(guān)注評(píng)論,解決方案是更改:
The solution if you follow the comments was to change:
<cfset hashedKey = hash( theKeyInBase64, "md5" )>
收件人:
<cfset hashedKey = hash( theKey, "md5" )>
最后的代碼是這樣的:
<cfset dbPassword = "Hx41SYUrmnFPa31QCH1ArCHN1YOF8IAL">
<cfset finalText = replace(dbPassword, "@@12", "+", "all")>
<cfset theKey = "abcdefgh">
<cfset hashedKey = hash( theKey, "md5" )>
<cfset padBytes = left( hashedKey, 16 )>
<cfset keyBytes = binaryDecode( hashedKey & padBytes , "hex" )>
<cfset finalKey = binaryEncode( keyBytes, "base64" )>
<cfset decrypted = decrypt( finalText, finalKey, "DESede/ECB/PKCS5Padding", "base64" )>
Decrypted String: <cfdump var="#decrypted#">
推薦答案
看起來你的 c# 函數(shù)中需要處理一些額外的曲折以實(shí)現(xiàn)兼容性:
Looks like there a few extra twists in your c# function you need to handle to achieve compatibility:
.NET 函數(shù)修改加密字符串.你需要反轉(zhuǎn)這些更改,以便解密將其識(shí)別為有效的 base64:
The .NET function modifies the encrypted string. You need to reverse those changes so decrypt will recognize it as valid base64:
<!--- reverse replacements in encrypted text ie #DB.Password# --->
<cfset dbPassword = "uAugP@@12aP4GGBOLCLRqxlNPL1PSHfTNEZ">
<cfset finalText = replace(dbPassword, "@@12", "+", "all")>
該函數(shù)還使用創(chuàng)建 16 字節(jié)密鑰的哈希.CF/java 需要 24 字節(jié)密鑰.因此,您必須首先對(duì)密鑰進(jìn)行哈希處理,然后 將其填充到適當(dāng)?shù)拈L(zhǎng)度.否則,decrypt() 會(huì)抱怨密鑰太小.
The function also uses a hash which creates a 16 byte key. CF/java require a 24 byte key for that algorithm. So you must first hash the key and pad it to the proper length. Otherwise, decrypt() will complain the key is too small.
注意:CF 還期望最終密鑰是 base64 編碼的.錯(cuò)誤 Can not decode string "blahblah" 表明您的輸入鍵不在 base64 中.
Note: CF also expects the final key to be base64 encoded. The error Can not decode string "blahblah" suggests your input key is not in base64.
<!--- hash and pad the key (ie "blahblah"), then convert to base64 for CF --->
<cfset theKeyInBase64 = "rpaSPvIvVLlrcmtzPU9/c67Gkj7yL1S5">
<cfset hashedKey = hash( theKeyInBase64, "md5" )>
<cfset padBytes = left( hashedKey, 16 )>
<cfset keyBytes = binaryDecode( hashedKey & padBytes , "hex" )>
<cfset finalKey = binaryEncode( keyBytes, "base64" )>
最后,反饋模式必須匹配.由于 .NET 代碼使用安全性較低的 ECB 模式,CF 代碼也必須使用該模式.
Finally, the feedback modes must match. Since the .NET code uses the less secure ECB mode, the CF code must use that mode as well.
<!--- .net code uses the less secure ECB mode --->
<cfset decrypted = decrypt( finalText, finalKey, "DESede/ECB/PKCS5Padding", "base64" )>
Decrypted String: <cfdump var="#decrypted#">
另一個(gè)需要注意的問題是編碼.在 CF 中,加密/解密始終將輸入字符串解釋為 UTF8,而 .NET 函數(shù)使用 ASCII.為了完全兼容,雙方應(yīng)使用相同的編碼,在本例中為 UTF8.
One other issue to watch out for is encoding. In CF, encrypt/decrypt always interpret the input string as UTF8, whereas the .NET function uses ASCII. For full compatibility, both sides should use the same encoding, in this case UTF8.
<小時(shí)>
更新:
我使用任意 8 個(gè)字符的密鑰(而不是 base64 字符串)對(duì)上述內(nèi)容進(jìn)行了測(cè)試,CF9 仍然正確解密了該字符串.
I tested the above with an arbitrary 8 character key (instead of a base64 string) and CF9 still decrypted the string properly.
// .NET Code
String text = "some text to encrypt";
String key = "abcdefgh";
String encrypted = EncryptTripleDES(text, key);
// result: encrypted=Hx41SYUrmnFPa31QCH1ArCHN1YOF8IAL
Console.WriteLine("encrypted={0}", encrypted);
<!--- same code, only the encrypted text and key changed --->
<cfset dbPassword = "Hx41SYUrmnFPa31QCH1ArCHN1YOF8IAL">
<cfset finalText = replace(dbPassword, "@@12", "+", "all")>
<cfset theKey = "abcdefgh">
<cfset hashedKey = hash( theKey, "md5" )>
....
這篇關(guān)于在 C# 中解密用 3DES 加密的 ColdFusion 中的字符串的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!