如何在ASP.NET 2.0，ColdFusion 5和Classic ASP之间进行互操作的强大的可逆加密？ [英] How can I implement strong, reversible encryption that inter-operates between ASP.NET 2.0, Coldfusion 5, and Classic ASP?

问题描述

我的组织决定加密我们数据库中的某些数据，并且我已经得到了实现加密的任务。我需要能够加密数据，将加密版本存储在数据库中的VARCHAR字段中，然后检索并将其解密回到其通常的状态。

My organization has decided to encrypt certain data in our database, and I've been given the task of implementing the encryption. I need to be able to encrypt the data, store the encrypted version in a VARCHAR field in our database, and later retrieve it and decrypt it back to its usual state.

在表面看来，这似乎是一个简单的任务。有多种实现加密的方法。之前使用过的是基于此StackOverflow问题中的AES加密代码

On the surface it seems like a simple task. There are a number of ways to implement encryption. One I've used before is based on the AES encryption code found in this StackOverflow question.

在这种情况下，什么使得更难，我需要编写代码来加密/解密访问我们数据库的各种应用程序中的数据，这是使用不同的技术开发的。我们有使用Coldfusion 5，Classic ASP和ASP.NET 2.0编写的应用程序。我需要能够使用Coldfusion代码加密数据并将其存储在数据库中，然后在ASP.NET中将其读取并解密为原始形式。或者在Classic ASP中进行加密，并在Coldfusion中进行解密。或者这些平台的任何其他组合。

What makes it harder in this case, is I need to write code to encrypt/decrypt the data in various applications that access our database, some of which are developed using different technologies. We have applications written in Coldfusion 5, in Classic ASP, and in ASP.NET 2.0. I need to be able to encrypt data and store it in the database with Coldfusion code, and then read and decrypt it back to its original form in ASP.NET. Or encrypt it in Classic ASP and decrypt it in Coldfusion. Or any other combination of these platforms.

这已经证明比我预期的要难。声称使用相同算法的不同类/对象/函数/库似乎可以产生不同的结果，即使给出相同的数据和相同的共享密钥。过去，我们已经使用CAPICOM来提供ColdFusion和Classic ASP之间的加密互操作性。但是我遇到麻烦，试图让它在ASP.NET中工作。我已经阅读了这篇关于如何让CAPICOM在.NET中工作的文章。 a>，但是建议对我来说没有办法。我甚至不能生成一个interop类或导入对COM对象的引用，而不会得到错误。还有一些我们的生产服务器的操作系统似乎与CAPICOM不兼容，所以这可能是一个死胡同。

This has proven to be harder than I expected. Different classes/objects/functions/libraries that claim to use the same algorithms seem to generate different results even when given the same data and the same shared secret. In the past, we've used CAPICOM to provide encryption interoperability between Coldfusion and Classic ASP. But I've run into trouble trying to get that to work in ASP.NET. I've read this article about how to get CAPICOM to work in .NET, but the suggestions haven't been working for me. I can't even seem to generate an interop class or import a reference to the COM object without getting an error. Also some of our production servers have operating systems that don't appear to be compatible with CAPICOM, so that may be a dead end anyway.

有没有人有任何建议我如何以这样的方式实现加密，即任何3个平台可以解密其他人加密的内容，同时仍然使用合理的算法？

Does anyone have any suggestions as to how I can implement encryption in such a way that any of the 3 platforms can decrypt what the others have encrypted, while still using a reasonably-strong algorithm?

编辑2011-12-29：

如下面的注释所示，我目前希望找到一个与某些兼容的ASP.NET解决方案的现有ColdFusion / ASP Classic代码使用CAPICOM。这样做的原因是，我们的团队领导不希望我为我们目前的目标向我们的代码中引入新的加密方法，除非我还使用加密来修改我们的旧应用程序，以使用相同的方法。他想为这两个目的使用相同的加密方法。由于修改我们的旧应用程序使用新的加密方法意味着不仅要更改代码，还可以跟踪旧应用程序加密的所有数据，对其进行解密，然后使用新的方法重新加密，我犹豫不决那条路线，除非我必须。希望我会找到一种让ASP.NET读取现有加密数据的方法。

As noted in the comments below, I am currently hoping to find an ASP.NET solution that is compatible with some of our existing Coldfusion/ASP Classic code that uses CAPICOM. The reason for this is that our team lead doesn't want me to introduce a new encryption method into our code for our current purpose unless I also revise our older apps using encryption for a different purpose to use the same method. He wants to use the same encryption method for both purposes. Since revising our old apps to use a new encryption method means not just changing the code, but also tracking down all the data encrypted by the older apps, decrypting it, and re-encrypting it using the new method, I'm hesitant to go that route unless I have to. Hopefully, I'll find a way to get ASP.NET to read the existing encrypted data.

我们其他ColdFusion和ASP Classic应用程序的加密数据使用CAPICOM COM对象。据我所知，这些设置普遍是AES加密，最大密钥大小（我认为AES为256位）。

The encrypted data from our other Coldfusion and ASP Classic applications was encoded using the CAPICOM COM object. As far as I can tell, the settings have universally been AES encryption, maximum key size (which I believe is 256-bit in AES).

在@ Leigh的请求下，以下是我们现有的CF应用程序使用CAPICOM的简化示例：

At @Leigh's request, here is a simplified example of how our existing CF apps use CAPICOM:

<cfscript>
    encryptObject = CreateObject("com","CAPICOM.EncryptedData");
    encryptObject.Algorithm.Name = 4; // 4 is AES
    encryptObject.Algorithm.KeyLength = 0; // 0 is MAX, I believe 256-bit in the case of AES
    encryptObject.SetSecret(sharedSecret);
    encryptObject.Content = stringToEncrypt;

    encryptedData = localScope.encryptObject.Encrypt();
</cfscript>

推荐答案

由于您有所有的共同数据库平台系统，我会在那里离开你的加密/解密。以下是关于SQL 2005中列特定加密的文章：

Since you have the common database platform between all of the systems, I would leave your encryption/decryption there. Here's an article about column-specific encryption within SQL 2005:

http://msdn.microsoft.com/en-us/library/ms179331（v = sql.90）.aspx

这篇关于如何在ASP.NET 2.0，ColdFusion 5和Classic ASP之间进行互操作的强大的可逆加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！