encryption - Encrypt in Coldfusion and decrypt in C#

Question

Here is the code used to encrypt in coldfusion

<cfset strBase64Value = encrypt(strValue,24 character key,AES) />

It is generating encrypted values like 714FEA9A9A2184769CA49D5133F08580 which seems odd to me considering it is only uppercase and numbers.

What C# library should I use to properly decrypt it ?

Also looking at this information, it seems that by default it uses the UUEncode algorithm to encode.

Should I ask the encrypter to use Base64 as encoding parameter ?

Answer 1

It is generating encrypted values like 714FEA9A9A2184769CA49D5133F08580

Then they are using "Hex", not the default "UUEncode". Either "hex" or "base64" is fine. As long as you both agree upon the encoding, it does not really matter.

You can use RijndaelManaged to decrypt the strings. However, the default encryption settings for ColdFusion and C# differ slightly. With the encrypt function:

• "AES" is short for "AES/ECB/PKCS5Padding"
• "ECB" mode does not use an IV
• Key strings are always base64 encoded

NB: Despite the name difference, for the SUN provider, PKCS5Padding (CF/Java) corresponds to PaddingMode.PKCS7 (C#). As mentioned in this thread, the "... SUN provider in Java indicate[s] PKCS#5 where PKCS#7 should be used - "PKCS5Padding" should have been "PKCS7Padding". This is a legacy from the time that only 8 byte block ciphers such as (triple) DES symmetric cipher were available."

So you need to ensure your C# settings are adjusted to match. With that in mind, just decode the encrypted text from hex and the key string from base64. Using the slightly ugly example in the API, just adjust the algorithm settings to match those used by the encrypt() function:

Encrypt with ColdFusion

<cfscript>
    plainText     = "Nothing to see";
    // 128 bit key base64 encoded
    keyInBase64   = "Y25Aju8H2P5DR8mY6B0ezg==";
    // "AES" is short for "AES/ECB/PKCS5Padding"
    encryptedText = encrypt(plainText, keyInBase64, "AES", "hex");
    WriteDump( encryptedText );
    // result: 8889EDF02F181158AAD902AB86C63951 
</cfscript>

Decrypt with C#

byte[] bytes = SomeMethodToConvertHexToBytes( encryptedText );
byte[] key = Convert.FromBase64String( keyInBase64 );

string decryptedText = null;

using (RijndaelManaged algorithm = new RijndaelManaged())
{

    // initialize settings to match those used by CF
    algorithm.Mode = CipherMode.ECB;
    algorithm.Padding = PaddingMode.PKCS7;
    algorithm.BlockSize = 128;
    algorithm.KeySize = 128;
    algorithm.Key = key;

    ICryptoTransform decryptor = algorithm.CreateDecryptor();

    using (MemoryStream msDecrypt = new MemoryStream(bytes))
    {
        using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
        {
           using (StreamReader srDecrypt = new StreamReader(csDecrypt))
           {

               decryptedText = srDecrypt.ReadToEnd();
           }
        }
    }
}

Console.WriteLine("Encrypted String: {0}", encryptedText);
Console.WriteLine("Decrypted String: {0}", decryptedText);

Keep in mind you can (and probably should) adjust the settings, such as using the more secure CBC mode instead of ECB. You just need to coordinate those changes with the CF developer.