Encrypt for SagePay forms using ColdFusion

空扰寡人 提交于 2019-12-06 14:13:10
Leigh

use generateSecretKey to guarantee the key length for AES

That function is only used when you need to generate a completely new encryption key. You already have one. The primary purpose of generateSecretKey is to ensure you generate a strong encryption key, that is sufficiently random.

won't work because the value I have been given by SagePay causes an error - "key specified is not a valid key for this encryption: Invalid AES key length" as its only 16 characters long

A key length of 16 bytes (ie 128 bits) is acceptable for AES. The problem is encrypt() expects the "key" to be a base64 encoded string, which is about thirty-three percent longer than a plain string. When you invoke encrypt(..), CF decodes the provided "key" string into bytes, ie Essentially doing this:

  <cfset keyBytes = binaryDecode(yourPassword, "base64")>
  <cfoutput>length = #arrayLen(keyBytes)# bytes</cfoutput>

Since your password string is not base64 encoded, the resulting key length is too small, ie (12) instead of (16) bytes. Hence the error message.

The solution is to base64 encode it first. How you do that depends on the encoding of the string. It sounds like it is just a plain text string (hopefully a sufficiently random one...). If so, use charsetDecode to decode the string from the relevant charset (ie utf-8, etcetera), then binaryEncode it to base64:

  <cfset keyIVBytes = charsetDecode(yourKeyString, "utf-8")>
  <cfset base64Key = binaryEncode(keyIVBytes, "base64")>

Also, the iv parameter should be binary. Since key and iv are one in the same, simply use the byte array from the previous step. Also, drop the iterations parameter, as it does not apply. With those changes it should work as expected:

 encrypt(myStr, base64Key,"AES/CBC/PKCS5Padding", "hex", keyIVBytes)

NB: I am not an encryption expert but ... using the key as an iv is NOT a great idea... Might want to check with them to see if there are other options.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!