使用ColdFusion加密SagePay表单 [英] Encrypt for SagePay forms using ColdFusion
问题描述
要求是将字符串加密为AES(块大小为128-位)使用PKCS#5填充,使用提供的密码作为密钥和初始化向量,并将结果编码为十六进制。
这是使用提供的密码这是造成这个问题。
此刻我有
myStr ='assortednamevaluepairsetc';
providedPassword ='abcdefghijklmnop';
myCrypt = Encrypt(myStr,providedPassword,'AES / CBC / PKCS5Padding','HEX',providedPassword,1);
但这不会工作,因为SagePay给出的值会导致错误 - key指定不是此加密的有效密钥:无效的AES密钥长度作为其唯一的16个字符长
根据CF文档,您需要使用generateSecretKey来保证密钥AES的长度,所以我已经尝试了这个,但尽管它提供了一个结果,这不是正确的结果加密
myStr ='assortednamevaluepairsetc';
providedPassword ='abcdefghijklmnop';
mySecret = GenerateSecretKey('AES');
myCrypt = Encrypt(myStr,mySecret,'AES / CBC / PKCS5Padding','HEX',providedPassword,1);
对此感到满意的任何帮助。
使用generateSecretKey到
保证AES的密钥长度
该功能仅在需要生成完全新的加密密钥时使用。你已经有一个 generateSecretKey 的主要目的是确保生成一个强大的加密密钥,即足够随机的。
将无法正常工作,因为SagePay提供的值导致
错误 - 指定的密钥不是此加密的有效密钥:无效的
AES密钥长度作为其唯一的16个字符长
的关键长度AES可接受16个字节(即128位)。问题是 encrypt()期望密钥成为 base64 编码的字符串,比纯文本字符串长约三十三分之一。当您调用encrypt(..)时,CF将提供的key字符串解码为字节,即基本上这样做:
; cfset keyBytes = binaryDecode(yourPassword,base64)>
< cfoutput> length = #arrayLen(keyBytes)#bytes< / cfoutput>
由于您的密码字符串不是base64编码,所以产生的密钥长度太小,即(12)而不是(16)个字节。因此,错误消息。
解决方案是先对base64进行编码。 你如何执行这个取决于字符串的编码。 这听起来只是一个纯文本字符串(希望是一个足够随机的一个... )。如果是,请使用 charsetDecode 解码字符串相关的字符集(即utf-8等),然后 binaryEncode 它到base64:
< cfset keyIVBytes = charsetDecode(yourKeyString,utf-8)>
< cfset base64Key = binaryEncode(keyIVBytes,base64)>
另外, iv 参数应该是二进制。由于 key 和 iv 是一样的,只需使用上一步中的字节数组即可。另外,删除 iterations 参数,因为它不适用。这些更改应该按预期工作:
encrypt(myStr,base64Key,AES / CBC / PKCS5Padding,hex ,keyIVBytes)
注意:我不是加密专家,而是使用密钥作为iv是不是一个好主意 ...可能想检查他们看看是否还有其他选项。
I am trying to follow a specification for an encrypted field in SagePay 3.00 using ColdFusion 10.
The requirement is to encrypt the string as AES(block size 128-bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex.
It's the "using the provided password" that is causing the problem.
At the moment I have
myStr = 'assortednamevaluepairsetc';
providedPassword = 'abcdefghijklmnop';
myCrypt = Encrypt(myStr,providedPassword,'AES/CBC/PKCS5Padding','HEX',providedPassword,1);
but that won't work because the value I have been given by SagePay causes an error - "key specified is not a valid key for this encryption: Invalid AES key length" as its only 16 characters long
According to the CF docs you need to use generateSecretKey to guarantee the key length for AES, so I've tried this but although it gives a result, it's not the right result in terms of the encryption
myStr = 'assortednamevaluepairsetc';
providedPassword = 'abcdefghijklmnop';
mySecret = GenerateSecretKey('AES');
myCrypt = Encrypt(myStr,mySecret,'AES/CBC/PKCS5Padding','HEX',providedPassword,1);
Any help on this gratefully received.
use generateSecretKey to guarantee the key length for AES
That function is only used when you need to generate a completely new encryption key. You already have one. The primary purpose of generateSecretKey is to ensure you generate a strong encryption key, that is sufficiently random.
won't work because the value I have been given by SagePay causes an error - "key specified is not a valid key for this encryption: Invalid AES key length" as its only 16 characters long
A key length of 16 bytes (ie 128 bits) is acceptable for AES. The problem is encrypt() expects the "key" to be a base64 encoded string, which is about thirty-three percent longer than a plain string. When you invoke encrypt(..), CF decodes the provided "key" string into bytes, ie Essentially doing this:
<cfset keyBytes = binaryDecode(yourPassword, "base64")>
<cfoutput>length = #arrayLen(keyBytes)# bytes</cfoutput>
Since your password string is not base64 encoded, the resulting key length is too small, ie (12) instead of (16) bytes. Hence the error message.
The solution is to base64 encode it first. How you do that depends on the encoding of the string. It sounds like it is just a plain text string (hopefully a sufficiently random one...). If so, use charsetDecode to decode the string from the relevant charset (ie utf-8, etcetera), then binaryEncode it to base64:
<cfset keyIVBytes = charsetDecode(yourKeyString, "utf-8")>
<cfset base64Key = binaryEncode(keyIVBytes, "base64")>
Also, the iv parameter should be binary. Since key and iv are one in the same, simply use the byte array from the previous step. Also, drop the iterations parameter, as it does not apply. With those changes it should work as expected:
encrypt(myStr, base64Key,"AES/CBC/PKCS5Padding", "hex", keyIVBytes)
NB: I am not an encryption expert but ... using the key as an iv is NOT a great idea... Might want to check with them to see if there are other options.
这篇关于使用ColdFusion加密SagePay表单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
