aes--any way to encrypt a hex encoded string in ColdFusion ?

I am trying to match the encryption results on a box running BBj and just can't quite get there... This is how they are encrypting: 1. AES/CFC/NoPadding 2. IV of zero (00000000000000000000000000000000) Which is no problem. When encrypting 1234567891234567, I get this result: 1DF20DDA4A5C45DCD2BCDB191D08559C They get: 1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA The issue is that they are converting the string to hex and adding padding and then encrypting. This is their hex encoded string: 3132333435363738393132333435363700000000000000000000000000000010 1234567891234567 + 15 zeroes of padding + 10--the hex value of 16, the total number of padding bytes. It's no problem for me to calculate what padding is necessary, but I can't seem to figure out any way to pass anything other than a regular string into the encrypt tag... Any ideas?

You need "formatBaseN( )" "Hex" is really just base 16 instead of base 10. So... <cfscript> X = 1234567891234567; X = Ucase(FormatBaseN(x,16)); X = x & "000000000000000010" </cfscript> You get the idea.... -mark Mark A. Kruger, MCSE, CFG (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com I am trying to match the encryption results on a box running BBj and just can't quite get there... This is how they are encrypting: 1. AES/CFC/NoPadding 2. IV of zero (00000000000000000000000000000000) Which is no problem. When encrypting 1234567891234567, I get this result: 1DF20DDA4A5C45DCD2BCDB191D08559C They get: 1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA The issue is that they are converting the string to hex and adding padding and then encrypting. This is their hex encoded string: 3132333435363738393132333435363700000000000000000000000000000010 1234567891234567 + 15 zeroes of padding + 10--the hex value of 16, the total number of padding bytes. It's no problem for me to calculate what padding is necessary, but I can't seem to figure out any way to pass anything other than a regular string into the encrypt tag... Any ideas?

Hey Mark-- Thanks for the response. My understanding is that they are converting "1234567891234567" as a string, not as a number, so that when they encode the card number they get: 1234567891234567 --> hex: 31323334353637383931323334353637 When I encrypt "1234567891234567" using cfencrypt and hex encoding, I get the first half of their result--so the card number string doesn't seem to be the problem: My encryption result: 1DF20DDA4A5C45DCD2BCDB191D08559C Their result: 1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA It's their padding that is the issue--the last byte of which IS a hex number representing how many total characters of padding were added: 00000000000000000000000000000010 (10hex=16 characters of padding) I can't figure out how to get this additional padding into the CF encrypt tag, so that I can get the same results, because I'm passing a regular string in... theirs appears to be a hex-encoded string for the card number + padding zeroes + a hex number representing the total number of characters of padding. This is the code I'm using: <cfset encoding = "hex"> <cfset iv=BinaryDecode("00000000000000000000000000000000", "Hex")> <cfset key = ToBase64(BinaryDecode("SECRETKEYHERE", "Hex"))> <cfset algorithm = "AES/CBC/NoPadding"> <cfset str =1234567891234567> <cfset enc = Encrypt(str, key, algorithm, encoding,iv)> My result--> 1DF20DDA4A5C45DCD2BCDB191D08559C

I see what you mean... have you tried using javacast?  Cast each item as a string inside a variable, then manipulate them with formatBaseN( ) and then concatenate (or whatever the order is). Make sure your are concat'ing variables not constancts Note... <Cfset x = var1 & var2 & var3/> But... <cfset x = var1 & '00000' & '10'/> I'm not sure this will work, but the trick is to make sure that the "under the hood" java believes the vars are strings. -Mark Hey Mark-- Thanks for the response. My understanding is that they are converting "1234567891234567" as a string, not as a number, so that when they encode the card number they get: 1234567891234567 --> hex: 31323334353637383931323334353637 When I encrypt "1234567891234567" using cfencrypt and hex encoding, I get the first half of their result--so the card number string doesn't seem to be the problem: My encryption result: 1DF20DDA4A5C45DCD2BCDB191D08559C Their result: 1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA It's their padding that is the issue--the last byte of which IS a hex number representing how many total characters of padding were added: 00000000000000000000000000000010 (10hex=16 characters of padding) I can't figure out how to get this additional padding into the CF encrypt tag, so that I can get the same results, because I'm passing a regular string in... theirs appears to be a hex-encoded string for the card number + padding zeroes + a hex number representing the total number of characters of padding. This is the code I'm using: <cfset encoding = "hex"> <cfset iv=BinaryDecode("00000000000000000000000000000000", "Hex")> <cfset key = ToBase64(BinaryDecode("SECRETKEYHERE", "Hex"))> <cfset algorithm = "AES/CBC/NoPadding"> <cfset str =1234567891234567> <cfset enc = Encrypt(str, key, algorithm, encoding,iv)> My result--> 1DF20DDA4A5C45DCD2BCDB191D08559C

... ----- Excess quoted text cut - see Original Post for more ----- Heh.  I remember asking about the hex.  I guess I always look for letters when I'm looking for hex values.  7FFFFFFF "looks" hex. Pretty silly, I be. Anyways, using the java stuff might be easiest.  I happen to have some java stuff hanging 'round.  It's for a Railo built-in tag, untested on ACF, but in principle... Works something like this: var crypto = createObject("component","crypto"); var key = crypto.generateKey("AES"); var iv = BinaryDecode("00000000000000000000000000000000", "Hex"); var encrypted = crypto.encrypt("1234567891234567",     key,     "AES/CBC/NoPadding",     "hex",iv); debug(encrypted); var decrypted = crypto.decrypt(encrypted,     key,     "AES/CBC/NoPadding",     "hex",iv); debug(toString(decrypted)); assertEquals("1234567891234567",toString(decrypted)); I dunno if it's enough to just magically work for you, but maybe it contains some stuff that'll help you along the your path. http://cfml.pastebin.com/utuEm08w I guess we could try seeing if a shared secret key gets us the same results, that might be fun.  Not the key they gave you, just one we make up and share.  I'm down if you are! :DeN* -- Amid the pressure of great events, a general principle gives no help. Georg Wilhelm Friedrich Hegel

Hi Mark and Denstar-- Thanks so much for your help! I finally figured it out... In the end, it was just a matter of getting the padded string into the encrypt function in a way that would give identical results. I'm still not entirely sure why this works (and why I didn't try it before...), but it does: <!--number to be encrypted--> <cfset str = 9876543219876543> <!--add padding--> <cfset str = str & toString(binarydecode(000000000000000000000000000000, 'Hex'))> <!--last byte contains total number of padding bytes--> <cfset str = str & chr(16)> Incidentally, this padding method is number three here: http://www.di-mgt.com.au/cryptopad.html (a great explanation of all of the different padding methods) Thanks again!

Awesome!  Glad to hear it, and even gladder it was so simple! Bravo, and congratulations! :DeN -- Being and time determine each other reciprocally, but in such a manner that neither can the former - Being - be addressed as something temporal nor can the latter - time - be addressed as a being. Martin Heidegger ----- Excess quoted text cut - see Original Post for more -----