ColdFusion Encrypt/Decrypt functions in .NET

[dusiapapa]

Hello, all!

I'm faced with next problem.

I have ASP.NET page which takes url-parameters from ColdFusion site.
These parameters are encrypted with ColdFusion Encrypt function and I
can not decrypt them correctly. I tried to translate several code
examples (in java and C++) I had found on the Internet into C# but they
don't work properly.

I believe that I'm not the first one who met such a problem. If anybody
have ideas (or even codes) please help.

Thanks in advance!

Simon.

 

[John Timney \(MVP\)]

According to Macromedia, The ColdFusion Encrypt function uses an XOR-based
algorithm that utilizes a pseudo random 32-bit key based on a seed passed by
the user as a parameter to the function. The resulting data is UUencoded.

You'll need to uudecode the encoded value first
http://www.eggheadcafe.com/printsearchcontent.asp?linkid=351

and then XOR it using the key it was encrypted with.
http://www.java2s.com/Code/CSharp/Language-Basics/UseXORtoencodeanddecodeamessage.htm

If you dont have the key - your wasting yuor time.

--
Regards

John Timney (MVP)
VISIT MY WEBSITE:
http://www.johntimney.com
http://www.johntimney.com/blog

 

[Samuel R. Neff]

If you have code that worked in Java but doesn't work once ported to
C# then it'd be helpful to post the original and ported code
(preferrably trimmed down version specific to the part that doesn't
work).

Sam

 

[dusiapapa]

Hi, John!
Thanks for reply.

But unfortunately this solution doesn't work. Moreover uudecode threw
an exception so I had to change it's code a little:

if (sBuffer.Length % 4 != 0)
{
string stuff = new String(' ', 4 - sBuffer.Length % 4);
sBuffer = String.Concat(sBuffer, stuff);
}

XOR algorithm uses integer key, and the key used on the CF site is
four-digit string (like "1111"). I tried to set corresponding integer
value (1111), but it still didn't work.

Also I've found out that this issue worries not only me:
http://forums.asp.net/thread/222886.aspx

So I still need help.


"""John Timney (MVP) wrote:
"""

 

[John Timney \(MVP\)]

Peter, who wrote that article can usually be found lurking in this
newsgroup - you might wish to Ping him by name on the subject line of a post
for some advice.

As an alternative, theres another popular uudecode implementation to try
http://geekswithblogs.net/kobush/articles/63486.aspx

Looking a little deeper as I dont know much about Cold Fusion, I think part
of your problem here may be that it perhaps uses DES encryption or MD5 and
not simple XOR, so until you can work out exactly how CF Encrypt works
you'll struggle to find an approach for decrypting it using another
framework like .net. Theres a fair article on CF encryptiuon here that
might help:
http://coldfusion.sys-con.com/read/172571.htm

Other than that I would suggest trying the dotnet.general newsgroup with
your question and see if anyone there knows more.

--
Regards

John Timney (MVP)
VISIT MY WEBSITE:
http://www.johntimney.com
http://www.johntimney.com/blog

 

[fairfaxva]

Simon, if you have the solution to your problem could you by now could you please post it here. I am encountering the same here passing encrypted query string between .NET 2.0 and CF 6.1.

Thanks.