正确的参数传递到加密AES在Coldfusion 8（或10） [英] Correct Paramaters to pass to Encrypt AES in Coldfusion 8 (or 10)

问题描述

所以我有（这不工作b / c十六进制可能是错误的，键和IV没有正确转换）：

So I have (this doesn’t work b/c hex is probably wrong and the key and the IV are not converted correctly):

（aesKey和aesIV从第三方提供十六进制字符串）

(aesKey and aesIV are provided as hex strings from Third Party)

他们看起来像这样（不一样，但应该足够工作，我更换了键中的一些值，完全相同：

They look something like this (not the same but should be enough to work with I replaced some values in the keys so they aren’t exactly the same:

<cfparam name="aesKey" default="C20648780E8843795325F3BA5EC43183C8BFA2D26B5470BC309ED5BA6B142EFA"/>
<cfparam name="aesIV" default="A53F0A6E6972A0095CFFDBE4F47C3CF8"/>

<cfset token = Encrypt(encryptString, aesKey, "AES/CBC/PKCS5Padding", "hex", aesIV)>

错误是：

em>指定的密钥不是此加密的有效密钥：非法密钥大小或默认参数。

The key specified is not a valid key for this encryption: Illegal key size or default parameters.

（我也不确定hex是正确的）

(I’m also not sure "hex" is right)

我也有第三方的

以下用于AES加密的参数：

块长度256位

填充PKCS7

密码模式CBC

密钥长度256bit由第三方以十六进制格式）

初始化向量长度128位（以十六进制格式由第三方提供）

Third Party uses the following parameters for AES encryption:
Block Length 256bit
Padding PKCS7
Cipher mode CBC
Key Length 256bit (to be provided by Third Party in hexadecimal format)
Initialization Vector Length 128bit (to be provided by Third Party in hexadecimal format)

秘密私有）密钥和初始化向量用于对明文令牌执行AES加密。然后将加密的字符串传递到第三方SSO进程，在其中使用匹配的键和初始化向量对其进行解密。

The secret (private) key and the initialization vector are used to perform AES encryption on the plaintext token. The encrypted string is then passed to Third Party SSO process where it is decrypted with the matching key and initialization vector.

不做任何格式化或使用键或iv转换，但错误表明我需要管理它。

So I’m not doing any formatting or converting with the key or the iv but the error suggests that I need to manage it.

但这是我想要的地方字符串它只是我传递的字符串是错误的）

But that’s where I’m guessing (it does want a string it’s just the string I’m passing is wrong)

我知道我很近，我有一个无论它需要使它的工作解决方案我从CF到.net，并使用提供的示例代码）但我不想这样做。 。 。但我有它。 （这将是我第二次从语言B回到语言A，因为我有一些工作）

I know I’m close and I do have a "Whatever it takes to make it work" solution (where I go from CF to .net and use the sample code provided) but I don’t want to do that, . . . but I do have it. (This would be the second time I went from language B back to language A because I have something that works)

推荐答案

1. 默认情况下，您只能使用AES的128位密钥。要使用较大的键（如256位元），您必须先安装（JCE）Java 6的无限制强制管辖权政策文件，或 Java 7 / Java 8 （取决于您的JRE版本）。将它们复制到您的 / lib / security / 目录中。 （注意：如果您安装了多个JVM，请务必更新正确的JVM，即CF管理员列出的JVM。然后重新启动CF服务器。

1. By default, you are limited to 128bit keys for AES. To use larger keys, like 256bit, you must first install the (JCE) Unlimited Strength Jurisdiction Policy Files for Java 6, or Java 7 / Java 8 (depending on your JRE version). Copy them into your /lib/security/ directory. (Note: If you have multiple JVM's installed, be sure you update the jars in the correct one ie The one listed in the CF Administrator). Then restart the CF server.

Encrypt（）期望键为base64格式。因此，请使用 binaryDecode / Encode 将密钥从hex转换为base64：

Encrypt() expects keys to be in base64 format. So use binaryDecode/Encode to convert the key from hex to base64:

< cfset base64Key = binaryEncode（binaryDecode（yourHexKey，hex），base64）/>

iv 应为二进制。再次使用binaryDecode转换：

The iv should be in binary. Again, use binaryDecode to convert it:

< cfset binaryIV = binaryDecode（yourHexIV，hex）/>

完成这些更改后，您的代码应该可以正常工作：

Once you have made those changes, your code should work fine:

Encrypt(encryptString, base64Key, "AES/CBC/PKCS5Padding", "hex", binaryIV)

（尽管标题中有过时的版本，但我发现这篇关于强加密的文章是解决加密问题的绝佳参考）

(Despite the antiquated version in the title, I have found this article on strong encryption to be a great reference for troubleshooting encryption issues)

这篇关于正确的参数传递到加密AES在Coldfusion 8（或10）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！