问题
I have a Coldfusion page that includes a section of code that encrypts a variable like this:
<cfset data64 = toBase64(key)>
<cfset encryptedID = encrypt(getUser.ID, data64, "BLOWFISH", "Base64")>
We're moving the site to a .NET-based CMS, and I need to convert this page to C#, but I'm running into trouble.
I've successfully converted the first line to this:
byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);
I've also added the blowfish.cs class found at https://defuse.ca/blowfish.htm, but I'm a little fuzzy on how to use this with the key (and whether I want to be using ECB, CBC, or CTR). I'm also not sure what the analog is to using the base64 encoding in Coldfusion... this is what I'm currently trying, which is not producing the same results as the original code:
BlowFish b = new BlowFish(keyBase64);
byte[] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser["ID"].ToString());
byte[] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);
I don't have much experience with encryption in general, and the Coldfusion code was set up with the help of another developer who doesn't have C# experience. Any suggestions would be much appreciated. Thank you!
回答1:
You might want to try the BouncyCastle C# API. I ran a few tests, for POC, and it seemed to produce the same results as your CF code.
A few things to keep in mind: If you read Strong Encryption in ColdFusion it explains that ColdFusion uses ECB mode and PKCS5Padding by default. So when specifying the shorthand Blowfish, you are actually saying use Blowfish/ECB/PKCS5Padding. In order to duplicate the encryption in C# (or any language), you must to use those same settings.
There does not seem to be a lot of documentation for the C# port, but from what I can tell the BlowfishEngine defaults to ECB mode. So if you wrap it in a PaddedBufferedBlockCipher the result should be PKCS5 padded. That should give you the same result as your CF code:
byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(userIDString);
byte[] keyBytes = System.Convert.FromBase64String(keyInBase64);
// initialize for ECB mode and PKCS5/PKCS7 padding
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
KeyParameter param = new KeyParameter(keyBytes);
cipher.Init(true, param);
// encrypt and encode as base64
byte[] encryptedBytes = cipher.DoFinal(inputBytes);
string idBase64 = System.Convert.ToBase64String(encryptedBytes);
NB: I am not an expert on encryption, but will say that use of "ECB" mode is discouraged. See wiki for a good illustration of why. So you should seriously consider choosing a different mode.
来源:https://stackoverflow.com/questions/27848994/converting-coldfusion-encryption-code-to-c-sharp