将Coldfusion加密代码转换为C# [英] Converting Coldfusion encryption code to C#
问题描述
< cfset data64 = toBase64(key)>
< cfset encryptedID = encrypt(getUser.ID,data64,BLOWFISH,Base64)>
我们正在将网站迁移到基于.NET的CMS,到C#,但我陷入麻烦。
我已成功将第一行转换为:
byte [] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);
我还添加了在 https://defuse.ca/blowfish.htm ,但我有点模糊如何使用这个与键(和我是否使用ECB,CBC或CTR)。我也不知道类似的是在Coldfusion中使用base64编码...这是我目前正在尝试,这不是产生与原始代码相同的结果:
BlowFish b = new BlowFish(keyBase64);
byte [] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser [ID]。ToString());
byte [] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);
我没有太多的加密经验,Coldfusion代码设置了帮助没有C#经验的另一个开发人员。任何建议将不胜感激。谢谢!
您可能想尝试 BouncyCastle C#API 。我跑了几个测试,对于POC,它似乎产生与您的CF代码相同的结果。
请注意以下几点:如果您阅读了 ColdFusion中的强加密它解释了ColdFusion在默认情况下使用ECB模式和PKCS5Padding。因此,当指定速记 Blowfish 时,实际上是使用 Blowfish / ECB / PKCS5Padding 。为了复制C#(或任何语言)的加密,你必须使用这些相同的设置。
似乎没有很多文档的C#端口,但从我可以告诉 BlowfishEngine 默认为ECB模式。因此,如果你将它包装在 PaddedBufferedBlockCipher 中,结果应该填充PKCS5。这应该给你与你的CF代码相同的结果:
byte [] inputBytes = System.Text.Encoding.UTF8.GetBytes (userIDString);
byte [] keyBytes = System.Convert.FromBase64String(keyInBase64);
//初始化ECB模式和PKCS5 / PKCS7填充
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
KeyParameter param = new KeyParameter(keyBytes);
cipher.Init(true,param);
//加密并编码为base64
byte [] encryptedBytes = cipher.DoFinal(inputBytes);
string idBase64 = System.Convert.ToBase64String(encryptedBytes);
注意:我不是加密专家,不鼓励使用ECB模式。有关为什么的详细说明,请参见 Wiki。因此,您应该认真考虑选择不同的模式。
I have a Coldfusion page that includes a section of code that encrypts a variable like this:
<cfset data64 = toBase64(key)>
<cfset encryptedID = encrypt(getUser.ID, data64, "BLOWFISH", "Base64")>
We're moving the site to a .NET-based CMS, and I need to convert this page to C#, but I'm running into trouble.
I've successfully converted the first line to this:
byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);
I've also added the blowfish.cs class found at https://defuse.ca/blowfish.htm, but I'm a little fuzzy on how to use this with the key (and whether I want to be using ECB, CBC, or CTR). I'm also not sure what the analog is to using the base64 encoding in Coldfusion... this is what I'm currently trying, which is not producing the same results as the original code:
BlowFish b = new BlowFish(keyBase64);
byte[] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser["ID"].ToString());
byte[] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);
I don't have much experience with encryption in general, and the Coldfusion code was set up with the help of another developer who doesn't have C# experience. Any suggestions would be much appreciated. Thank you!
You might want to try the BouncyCastle C# API. I ran a few tests, for POC, and it seemed to produce the same results as your CF code.
A few things to keep in mind: If you read Strong Encryption in ColdFusion it explains that ColdFusion uses ECB mode and PKCS5Padding by default. So when specifying the shorthand Blowfish, you are actually saying use Blowfish/ECB/PKCS5Padding. In order to duplicate the encryption in C# (or any language), you must to use those same settings.
There does not seem to be a lot of documentation for the C# port, but from what I can tell the BlowfishEngine defaults to ECB mode. So if you wrap it in a PaddedBufferedBlockCipher the result should be PKCS5 padded. That should give you the same result as your CF code:
byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(userIDString);
byte[] keyBytes = System.Convert.FromBase64String(keyInBase64);
// initialize for ECB mode and PKCS5/PKCS7 padding
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
KeyParameter param = new KeyParameter(keyBytes);
cipher.Init(true, param);
// encrypt and encode as base64
byte[] encryptedBytes = cipher.DoFinal(inputBytes);
string idBase64 = System.Convert.ToBase64String(encryptedBytes);
NB: I am not an expert on encryption, but will say that use of "ECB" mode is discouraged. See wiki for a good illustration of why. So you should seriously consider choosing a different mode.
这篇关于将Coldfusion加密代码转换为C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
