使用ColdFusion加密SagePay表单 [英] Encrypt for SagePay forms using ColdFusion
问题描述
我想使用ColdFusion 10遵循SagePay 3.00中的加密字段的规范。
I am trying to follow a specification for an encrypted field in SagePay 3.00 using ColdFusion 10.
要求是将字符串加密为AES(块大小128- bit)在CBC模式下,使用提供的密码作为密钥和初始化向量,用PKCS#5填充,并以十六进制编码结果。
The requirement is to encrypt the string as AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex.
这是使用提供的密码这是造成这个问题。
It's the "using the provided password" that is causing the problem.
目前我有
myStr = 'assortednamevaluepairsetc';
providedPassword = 'abcdefghijklmnop';
myCrypt = Encrypt(myStr,providedPassword,'AES/CBC/PKCS5Padding','HEX',providedPassword,1);
但是这不会工作,因为SagePay给出的值会导致错误 - 键指定不是此加密的有效密钥:无效的AES密钥长度只有16个字符长
but that won't work because the value I have been given by SagePay causes an error - "key specified is not a valid key for this encryption: Invalid AES key length" as its only 16 characters long
根据CF文档,您需要使用generateSecretKey来保证密钥AES的长度,所以我试过这个,但虽然它给出一个结果,这不是正确的结果加密
According to the CF docs you need to use generateSecretKey to guarantee the key length for AES, so I've tried this but although it gives a result, it's not the right result in terms of the encryption
myStr = 'assortednamevaluepairsetc';
providedPassword = 'abcdefghijklmnop';
mySecret = GenerateSecretKey('AES');
myCrypt = Encrypt(myStr,mySecret,'AES/CBC/PKCS5Padding','HEX',providedPassword,1);
任何有关这项收获的帮助。
Any help on this gratefully received.
推荐答案
使用generateSecretKey到
保证AES的密钥长度
use generateSecretKey to guarantee the key length for AES
$ b b
该函数仅在需要生成完整的新加密密钥时使用。你已经有一个。 generateSecretKey 的主要目的是确保生成强加密密钥,即足够随机。
That function is only used when you need to generate a completely new encryption key. You already have one. The primary purpose of generateSecretKey is to ensure you generate a strong encryption key, that is sufficiently random.
不会工作,因为SagePay给出的值指定的
错误 - 键不是此加密的有效键:无效的
AES密钥长度只有16个字符长
won't work because the value I have been given by SagePay causes an error - "key specified is not a valid key for this encryption: Invalid AES key length" as its only 16 characters long
16 字节(即128位)对于AES是可接受的。问题是 encrypt()期望键是 base64 编码的字符串,比纯字符串长大约三十三%。当你调用encrypt(..),CF解码提供的key字符串为字节,即基本上这样做:
A key length of 16 bytes (ie 128 bits) is acceptable for AES. The problem is encrypt() expects the "key" to be a base64 encoded string, which is about thirty-three percent longer than a plain string. When you invoke encrypt(..), CF decodes the provided "key" string into bytes, ie Essentially doing this:
<cfset keyBytes = binaryDecode(yourPassword, "base64")>
<cfoutput>length = #arrayLen(keyBytes)# bytes</cfoutput>
由于您的密码字符串不是base64编码,因此生成的密钥长度太小,而不是(16)字节。因此会显示错误消息。
Since your password string is not base64 encoded, the resulting key length is too small, ie (12) instead of (16) bytes. Hence the error message.
解决方案是首先对其进行base64编码。 如何这样做取决于字符串的编码。 听起来它只是一个纯文本字符串(希望是一个 enough random one ... )。如果是,请使用 charsetDecode 解码字符串相关字符集(即utf-8,etcetera),然后 binaryEncode < a> it to base64:
The solution is to base64 encode it first. How you do that depends on the encoding of the string. It sounds like it is just a plain text string (hopefully a sufficiently random one...). If so, use charsetDecode to decode the string from the relevant charset (ie utf-8, etcetera), then binaryEncode it to base64:
<cfset keyIVBytes = charsetDecode(yourKeyString, "utf-8")>
<cfset base64Key = binaryEncode(keyIVBytes, "base64")>
此外, iv 参数应为二进制。由于键和 iv 是一样的,只需使用上一步的字节数组。另外,删除 iterations 参数,因为它不适用。有了这些更改,它应该按预期工作:
Also, the iv parameter should be binary. Since key and iv are one in the same, simply use the byte array from the previous step. Also, drop the iterations parameter, as it does not apply. With those changes it should work as expected:
encrypt(myStr, base64Key,"AES/CBC/PKCS5Padding", "hex", keyIVBytes)
注意:我不是加密专家,是不是一个好主意 ...可能想与他们检查,看看是否有其他选项。
NB: I am not an encryption expert but ... using the key as an iv is NOT a great idea... Might want to check with them to see if there are other options.
这篇关于使用ColdFusion加密SagePay表单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
