All geek questions in one place

AES encrypts in ColdFusion, decrypts in ruby

We cannot understand for this. We need to do ColdFusion data encryption, which ruby ​​decrypts. We tried so many different settings on the ColdFusion side, looked at SO messages, looked at Adobe documents, and couldn't get them to work. ColdFusion must be encrypted so that Ruby can do this:

aes = OpenSSL::Cipher::Cipher.new('aes-256-cbc').encrypt aes.key = Digest::MD5.hexdigest("#{password}#{salt}") aes.iv = Digest::MD5.hexdigest("#{salt}#{password}")[0,16] encrypted = aes.update(data) + aes.final

Pseudocode ColdFusion

 key = tobase64(binaryDecode(lcase(hash(password & salt, "md5")), "hex")) iv = lcase(left(hash(salt & password, "md5"), 16)) encrypt(data, key, "AES/CBC/PKCS5Padding", "Base64", iv)

Tried / without tobase64 / binaryDecode (saw someone mention that he would handle the conversion back internally or something stupid). lcase is to make it generate MD5s that look like Ruby is building.

What are we doing wrong? Endless bad decrypt on the ruby ​​side

+4
source share
1 answer

What are we doing wrong?

You will not be careful with encodings.

You must consider encodings.

In ColdFusion, you should only use a byte array as a key or IV, and you should only encrypt byte arrays.

Do not process keys, IV, or text files in any form other than a byte array. Do not treat them as base64 encoded strings, UTF-16 strings (which Java does by default), or any other form. You should always deal only with byte arrays, and you should always know the encoding and use the same encoding between ColdFusion and Ruby.

You can get a byte array from a string using encoding. I would like to use UTF-8 encoding. Look at the functions of CharsetEncode and CharsetDecode .

You also use keys and IV errors. Keys can be generated from passwords using an algorithm such as PBKDF2, but only if you do not have a good way to generate using crypto-variant PRNG and store them. IVs must be generated with crypto-variant PRNGs and can be added to encrypted text when you store or transmit it as a convenient way to store / transmit IVs.

+1
source

Source: https://habr.com/ru/post/1380628/

More articles:


All Articles