TripleDES加密 - .NET和ColdFusion不运行好 [英] TripleDES Encryption - .NET and ColdFusion not playing nice
问题描述
我试图在我的ASP.NET应用程序和另一个开发人员的CF应用程序之间使用TripleDES交换加密的数据。
I'm trying to exchange encrypted data between my ASP.NET application and another developer's CF app using TripleDES.
这是他的CF代码(当然是虚拟键和IV):
Here's his CF code (fictitious key and IV of course):
<cfset variables.theKey = "rpaSPvIvVLlrcmtzPU9/c67Gkj7yL1S5">
<cfset variables.theIV = BinaryDecode("password","Base64")>
<cfset variables.theAlgorithm = "DESEDE">
<cfset variables.theEncoding = "Base64">
<cfif IsDefined("form.string") and IsDefined("form.method")>
<cfif form.method is "encrypt">
<cfset variables.theString = encrypt(form.string, variables.theKey, variables.theAlgorithm, variables.theEncoding, variables.theIV)>
</cfif>
<cfif form.method is "decrypt">
<cfset variables.theString = decrypt(form.string, variables.theKey, variables.theAlgorithm, variables.theEncoding, variables.theIV)>
</cfif>
<cfoutput><p>Output: #variables.theString#</cfoutput>
</cfif>
这是我的VB.NET(我省略了异常处理等):
Here's my VB.NET (I've left out exception handling, etc.):
Private IV() As Byte = ASCIIEncoding.ASCII.GetBytes("password")
Private EncryptionKey() As Byte = Convert.FromBase64String("rpaSPvIvVLlrcmtzPU9/c67Gkj7yL1S5")
Public Function EncryptString(ByVal Input As String) As String
Dim buffer() As Byte = Encoding.UTF8.GetBytes(Input)
Dim des As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider
des.Key = EncryptionKey
des.IV = IV
Return Convert.ToBase64String(des.CreateEncryptor().TransformFinalBlock(buffer, 0, buffer.Length()))
End Function
Public Function DecryptString(ByVal Input As String) As String
Dim buffer() As Byte = Convert.FromBase64String(Input)
Dim des As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider
des.Key = EncryptionKey
des.IV = IV
Return Encoding.UTF8.GetString(des.CreateDecryptor().TransformFinalBlock(buffer, 0, buffer.Length()))
End Function
显而易见的事情是,他使用Base64从密码创建IV,而我使用ASCII - 但是如果我这样做
The obvious thing that comes to mind is that he's using Base64 to create the IV from the password, whereas I'm using ASCII - but if I do this
Private IV() As Byte = Convert.FromBase64String("password")
然后.NET不高兴,因为它得到一个6字节数组的IV,它想要8字节。
then .NET is not happy because it's getting a 6-byte array for the IV and it wants 8 bytes.
任何想法我们做错了什么 - 最好是我可以对我的(VB.NET)代码进行更改以使这项工作?
Any ideas what we're doing wrong - preferably changes I could make to my (VB.NET) code to make this work? Or failing that, a different approach that would work better between the two environments?
推荐答案
CF的默认值似乎是 DESede / ECB / PKCS5Padding 但在VB.NET中,它们是DESede / CBC / PKCS7 。我不知道为什么,但两个paddings(PKCS5和PKCS7)似乎兼容。
The default for CF seems to be "DESede/ECB/PKCS5Padding" but in VB.NET they are "DESede/CBC/PKCS7". I am not sure why, but the two paddings (PKCS5 and PKCS7) seem to be compatible.
要使其正常工作,您需要在VB.NET端将模式更改为ECB
To get it to work, you either need to change the mode to "ECB" on VB.NET side
Public Function EncryptString(ByVal Input As String) As String
Dim buffer() As Byte = Encoding.UTF8.GetBytes(Input)
Dim des As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider
des.Mode = CipherMode.ECB
des.Key = EncryptionKey
des.IV = IV
Return Convert.ToBase64String(des.CreateEncryptor().TransformFinalBlock(buffer, 0, buffer.Length()))
End Function
更改CF模式和IV以匹配VB.NET默认值
..OR change the CF mode and IV to match the VB.NET defaults
<cfset variables.theKey = "rpaSPvIvVLlrcmtzPU9/c67Gkj7yL1S5" />
<cfset variables.theIV = javacast("string", "password").getBytes() />
<cfset variables.theAlgorithm = "DESede/CBC/PKCS5Padding">
<cfset variables.theEncoding = "Base64">
这篇关于TripleDES加密 - .NET和ColdFusion不运行好的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
