将 Coldfusion 加密代码转换为 C# [英] Converting Coldfusion encryption code to C#

问题描述

我有一个 Coldfusion 页面，其中包含一段加密变量的代码，如下所示:

I have a Coldfusion page that includes a section of code that encrypts a variable like this:

<cfset data64 = toBase64(key)>
<cfset encryptedID = encrypt(getUser.ID, data64, "BLOWFISH", "Base64")>

我们正在将该站点移至基于 .NET 的 CMS，我需要将此页面转换为 C#，但遇到了麻烦.

We're moving the site to a .NET-based CMS, and I need to convert this page to C#, but I'm running into trouble.

我已成功将第一行转换为:

I've successfully converted the first line to this:

byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);

我还添加了在 https://defuse.ca/blowfish.htm，但我对如何将其与密钥一起使用(以及我是否要使用 ECB、CBC 或 CTR)有点模糊.我也不确定在 Coldfusion 中使用 base64 编码的模拟是什么......这是我目前正在尝试的，它不会产生与原始代码相同的结果:

I've also added the blowfish.cs class found at https://defuse.ca/blowfish.htm, but I'm a little fuzzy on how to use this with the key (and whether I want to be using ECB, CBC, or CTR). I'm also not sure what the analog is to using the base64 encoding in Coldfusion... this is what I'm currently trying, which is not producing the same results as the original code:

BlowFish b = new BlowFish(keyBase64);
byte[] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser["ID"].ToString());
byte[] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);

我在一般加密方面没有太多经验，Coldfusion 代码是在另一个没有 C# 经验的开发人员的帮助下设置的.任何建议将不胜感激.谢谢！

I don't have much experience with encryption in general, and the Coldfusion code was set up with the help of another developer who doesn't have C# experience. Any suggestions would be much appreciated. Thank you!

推荐答案

你可能想试试 BouncyCastle C#API.我为 POC 运行了一些测试，它似乎产生了与您的 CF 代码相同的结果.

You might want to try the BouncyCastle C# API. I ran a few tests, for POC, and it seemed to produce the same results as your CF code.

需要记住的几点:如果您阅读 ColdFusion 中的强加密 它解释了 ColdFusion 默认使用 ECB 模式和 PKCS5Padding.因此，当指定简写 Blowfish 时，您实际上是在说使用 Blowfish/ECB/PKCS5Padding.为了在 C#(或任何语言)中复制加密，您必须使用相同的设置.

A few things to keep in mind: If you read Strong Encryption in ColdFusion it explains that ColdFusion uses ECB mode and PKCS5Padding by default. So when specifying the shorthand Blowfish, you are actually saying use Blowfish/ECB/PKCS5Padding. In order to duplicate the encryption in C# (or any language), you must to use those same settings.

C# 端口的文档似乎并不多，但据我所知，BlowfishEngine 默认为 ECB 模式.因此，如果将其包装在 PaddedBufferedBlockCipher 中，则结果应该是 PKCS5 填充的.这应该会给您与您的 CF 代码相同的结果:

There does not seem to be a lot of documentation for the C# port, but from what I can tell the BlowfishEngine defaults to ECB mode. So if you wrap it in a PaddedBufferedBlockCipher the result should be PKCS5 padded. That should give you the same result as your CF code:

    byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(userIDString);
    byte[] keyBytes = System.Convert.FromBase64String(keyInBase64);

    // initialize for ECB mode and PKCS5/PKCS7 padding
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
    KeyParameter param = new KeyParameter(keyBytes);
    cipher.Init(true, param);

    // encrypt and encode as base64
    byte[] encryptedBytes =  cipher.DoFinal(inputBytes);
    string idBase64 = System.Convert.ToBase64String(encryptedBytes);

注意:我不是加密专家，但会说不鼓励使用ECB"模式.请参阅 wiki 了解原因.所以你应该认真考虑选择不同的模式.

NB: I am not an expert on encryption, but will say that use of "ECB" mode is discouraged. See wiki for a good illustration of why. So you should seriously consider choosing a different mode.

这篇关于将 Coldfusion 加密代码转换为 C#的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！