我如何能实现ASP.NET 2.0,ColdFusion的5,和经典的ASP之间的-操作间的强的,可逆的加密? [英] How can I implement strong, reversible encryption that inter-operates between ASP.NET 2.0, Coldfusion 5, and Classic ASP?
问题描述
我的组织已决定在我们的数据库加密某些数据,我一直在考虑实施加密的任务。我需要能够对数据进行加密,存储加密版本在数据库中的一个VARCHAR字段,并在以后检索和解密回其正常状态。
在表面上这似乎是一个简单的任务。有许多方式来实现加密。一个我以前用过是基于发现AES加密code这个计算器问题。
什么使得它更难在这种情况下,是我需要写code键加密/在访问我们的数据库中的各种应用,其中一些是使用不同技术开发解密数据。我们已经写了ColdFusion的5应用程序,在传统的ASP和ASP.NET 2.0中。我需要能够对数据进行加密并将其存储在使用ColdFusion code中的数据库,然后读取和解密回ASP.NET中的原始形式。或在传统的ASP它加密和ColdFusion的解密。或这些平台的任何其它组合。
这已被证明是比我预料的要难。不同类/对象/功能/声称使用相同的算法的库似乎给予相同的数据和相同的共享秘密时,即使产生不同的结果。在过去,我们已经使用CAPICOM提供ColdFusion和经典的ASP之间进行加密的互操作性。但我已经遇到了麻烦试图让在ASP.NET工作。我读过本文有关如何获取CAPICOM在.NET ,但建议没有为我工作。我甚至不能似乎产生互操作类或导入到COM对象的引用没有得到一个错误。另外我们的一些生产服务器都没有出现能与CAPICOM兼容,因此这可能是一个死胡同反正操作系统。
有没有人有任何建议,我怎么能以这样的方式,任何的3平台可以解密什么其他人加密的,而仍然使用相当强的算法实现加密?
修改2011-12-29:
由于在下面的评论中指出,目前我希望能找到一个ASP.NET的解决方案,与一些我们现有的ColdFusion的/使用CAPICOM ASP经典code兼容。这样做的原因是,我们的团队负责人不希望我介绍一个新的加密方法到code代表我们当前的目的,除非我使用加密为不同的目的使用同样的方法也修改了旧的应用程序。他希望利用相同的加密方法有两种用途。由于修改我们的旧应用程序使用新的加密方法不仅意味着改变code外,还跟踪了老旧的应用程序加密的所有数据,解密它,并重新加密它使用新的方法,我犹豫走这条路,除非我不得不这样做。但愿,我会找到一个办法让ASP.NET读取现有的加密的数据。
从我们的其他ColdFusion和ASP经典应用程序加密的数据是连接使用CAPICOM COM对象codeD。据我所知道的,设置已普遍被AES加密,最大密钥大小(我认为这是256位AES中)。
在@利的要求,这里是我们现有的CF应用程序如何使用CAPICOM一个简单的例子:
<&CFSCRIPT GT;
encryptObject =的CreateObject(COM,CAPICOM.EncryptedData);
encryptObject.Algorithm.Name = 4; // 4是AES
encryptObject.Algorithm.KeyLength = 0; // 0是MAX,相信在AES的情况下,256位
encryptObject.SetSecret(sharedSecret);
encryptObject.Content = stringToEncrypt; 的EncryptedData = localScope.encryptObject.Encrypt();
< / CFSCRIPT>
既然你所有的系统之间的公共数据库平台,我会不会有离开你的加密/解密。这里是SQL 2005中关于特定列加密的一篇文章:
<一个href=\"http://msdn.microsoft.com/en-us/library/ms179331(v=sql.90).aspx\">http://msdn.microsoft.com/en-us/library/ms179331(v=sql.90).aspx
My organization has decided to encrypt certain data in our database, and I've been given the task of implementing the encryption. I need to be able to encrypt the data, store the encrypted version in a VARCHAR field in our database, and later retrieve it and decrypt it back to its usual state.
On the surface it seems like a simple task. There are a number of ways to implement encryption. One I've used before is based on the AES encryption code found in this StackOverflow question.
What makes it harder in this case, is I need to write code to encrypt/decrypt the data in various applications that access our database, some of which are developed using different technologies. We have applications written in Coldfusion 5, in Classic ASP, and in ASP.NET 2.0. I need to be able to encrypt data and store it in the database with Coldfusion code, and then read and decrypt it back to its original form in ASP.NET. Or encrypt it in Classic ASP and decrypt it in Coldfusion. Or any other combination of these platforms.
This has proven to be harder than I expected. Different classes/objects/functions/libraries that claim to use the same algorithms seem to generate different results even when given the same data and the same shared secret. In the past, we've used CAPICOM to provide encryption interoperability between Coldfusion and Classic ASP. But I've run into trouble trying to get that to work in ASP.NET. I've read this article about how to get CAPICOM to work in .NET, but the suggestions haven't been working for me. I can't even seem to generate an interop class or import a reference to the COM object without getting an error. Also some of our production servers have operating systems that don't appear to be compatible with CAPICOM, so that may be a dead end anyway.
Does anyone have any suggestions as to how I can implement encryption in such a way that any of the 3 platforms can decrypt what the others have encrypted, while still using a reasonably-strong algorithm?
Edit 2011-12-29:
As noted in the comments below, I am currently hoping to find an ASP.NET solution that is compatible with some of our existing Coldfusion/ASP Classic code that uses CAPICOM. The reason for this is that our team lead doesn't want me to introduce a new encryption method into our code for our current purpose unless I also revise our older apps using encryption for a different purpose to use the same method. He wants to use the same encryption method for both purposes. Since revising our old apps to use a new encryption method means not just changing the code, but also tracking down all the data encrypted by the older apps, decrypting it, and re-encrypting it using the new method, I'm hesitant to go that route unless I have to. Hopefully, I'll find a way to get ASP.NET to read the existing encrypted data.
The encrypted data from our other Coldfusion and ASP Classic applications was encoded using the CAPICOM COM object. As far as I can tell, the settings have universally been AES encryption, maximum key size (which I believe is 256-bit in AES).
At @Leigh's request, here is a simplified example of how our existing CF apps use CAPICOM:
<cfscript>
encryptObject = CreateObject("com","CAPICOM.EncryptedData");
encryptObject.Algorithm.Name = 4; // 4 is AES
encryptObject.Algorithm.KeyLength = 0; // 0 is MAX, I believe 256-bit in the case of AES
encryptObject.SetSecret(sharedSecret);
encryptObject.Content = stringToEncrypt;
encryptedData = localScope.encryptObject.Encrypt();
</cfscript>
Since you have the common database platform between all of the systems, I would leave your encryption/decryption there. Here's an article about column-specific encryption within SQL 2005:
http://msdn.microsoft.com/en-us/library/ms179331(v=sql.90).aspx
这篇关于我如何能实现ASP.NET 2.0,ColdFusion的5,和经典的ASP之间的-操作间的强的,可逆的加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
