Does your database itself provide encrypted storage? That'd certainly
be easier if it does.
On a different topic, executing the code you listed demonstrated the
error with 'y' becoming 'x', but if the decrypt operation is changed
to use the foo variable directly, the proper result is returned. The
difference is that they encrypted string has a trailing space that
you're truncating. So you're not actually decrypting the right
encrypted value, which is why you're getting the invalid result.
cheers,
barneyb
On 9/26/05, Andy Mcshane <[EMAIL PROTECTED]> wrote:
> OK, follow up to this, can anybody suggest ways that they currently
> encrypt/decrypt sensitive data? I need to encrypt the data to save into the
> database and then at a later date retrieve that data, decrypt it and let the
> user edit it. I have looked at using the various algorithms excluding
> CFMX_COMPAT but I notice that uses the GenerateSecretKey function. I am
> assuming that the key that is generated is different every time therefore
> once I have encrypted the data, if I do not save the original key then when I
> come to decrypt the data it will use a different key and so fail? Or am I
> completely wrong here?
>
>
> > Hi all, I am trying to store specific data into a database in an
> > encrypted format. This data also has to be decrypted so as to be
> > displayed and edited onscreen therefore ruling out using the hash
> > function. The problem that I am having is on the decrypt.
> >
> > Example:
> >
> > <cfset foo = encrypt("johnmurray", "wibble")>
> >
> > foo then equals "*5)V%5*.Z59RR$"
> >
> > I save this text to the database. An unusual thing happens when I try
> > to decrypt this text as follows;
> >
> > <cfset foo = decrypt("*5)V%5*.Z59RR$", "wibble")>
> >
> > foo then equals "johnmurrax"
> >
> > as you can see the 'y' has become an 'x'.
> >
> > Now here is the strange thing,
> >
> > <cfset foo = encrypt("johnmurray ", "wibble")> - with an extra space
> > at the end of johnmurray everything encrypts/decrypts correctly using
> > an 11 character string.
> >
> > also
> >
> > <cfset foo = encrypt("johnmurra", "wibble")> - if I make it only 9
> > characters then this also encrypts/decrypts correctly.
> >
> > It seems to only happen with 10 letter strings?
> >
> > This is on Coldfusion 7, using a SQL database. I have tried
> > URLEncodedFormat before saving to the database and then using
> > URLDecode after retrieveing. As this text is defined by the user then
> > I cannot simply say that there can be no 10 character strings so has
> > anyone ever come across this?
> >
> > Does anyone have any better encryption ideas I could use? This is a
> > really annoying little quirk as to why it only seems to affect 10
> > character strings, weird
> huh?
>
>
--
Barney Boisvert
[EMAIL PROTECTED]
360.319.6145
http://www.barneyb.com/
Got Gmail? I have 100 invites.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Logware (www.logware.us): a new and convenient web-based time tracking
application. Start tracking and documenting hours spent on a project or with a
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:219262
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
