Erik, Karl et al:
Encrypt() puts line breaks into the encrypted text -- in particular, at the
end. Trim() will remove the last line break, changing the string, which I
presume leads to the error.
To test this, I adapted the code in the CFStudio Help page, saving it as
"encrypt.cfm". The only change I made was inserting <!-- start --> and <!--
end --> HTML comments which will show up in source.
===== start encrypt.cfm =====
<!--- This example shows the use of Encrypt and Decrypt --->
<html>
<head>
<title>Decrypt Example</title>
</head>
<body bgcolor = silver>
<H3>Decrypt Example</H3>
<P>This function allows for the encryption and decryption of a
string. Try it by entering a string and a key and seeing the results.
<cfif IsDefined("FORM.myString")>
<cfset string = FORM.myString>
<cfset key = FORM.myKey>
<cfset encrypted = encrypt(string, key)>
<cfset decrypted = decrypt(encrypted, key)>
<cfoutput>
<H4><B>The string:</B></H4> <!-- start -->#string#<!-- end --><BR>
<H4><B>The key:</B></H4> <!-- start -->#key#<!-- end --><BR>
<H4><B>Encrypted:</B></H4> <!-- start -->#encrypted#<!-- end --><BR>
<H4><B>Decrypted:</B></H4> <!-- start -->#decrypted#<!-- end --><BR>
</cfoutput>
</cfif>
<form action = "encrypt.cfm" method = "post">
<P>Input your key:
<P><input type = "Text" name = "myKey" value = "foobar">
<P>Input your string to be encrypted:
<P><textArea name = "myString" cols = "40" rows = "5" WRAP = "VIRTUAL">
This string will be encrypted (try typing some more)
</textArea>
<input type = "Submit" value = "Encrypt my String">
</FORM>
</body>
</html>
===== end encrypt.cfm =====
Here is the source for what I got back after entering some sample text. If
your mail reader doesn't rewrap this message, you should see that the block
of encrypted text has a line break after each 61 text characters, plus a
final line break at the end of the block.
===== start source snippet =====
<H4><B>The string:</B></H4> <!-- start -->Now is the time for all good
men to encrypt some plaintext. Now is the time for all good men to encrypt
some plaintext. Now is the time for all good men to encrypt some plaintext.
Now is the time for all good men to encrypt some plaintext.<!-- end --><BR>
<H4><B>The key:</B></H4> <!-- start -->blech<!-- end --><BR>
<H4><B>Encrypted:</B></H4> <!--
start -->M=XF)^7>*7X<$@IU#<+&<Q,"9E4M:QI-]F[ (@+N:WB%3J)S7LC>4WN ]O]24
M7(&HWZNAK;)39_>'@W5)HJ.,69>HWPJ76,;+GHJN.9*]GN_2^_%3V)( >N]0
M5L3'A_/K,YB8C+9;DM[4&+J)_TFRG:!!2)G.@L4*H9:MO9^7WYZ1=MK'D)*J
M/I^8EOZNGHK&E9F4JO^>4G5^K0@4MY,%GV1-2N^4\]^,Z9\?FAR)$PADO0CO
M@UVLCJ><V9Z>F%-!CI>6DZD5@4E>LH'.U$1<*__8E[7LCP/'4M.\2[>"G0:*
.4_X;QKU%6A>C;IN?B_T
<!-- end --><BR>
<H4><B>Decrypted:</B></H4> <!-- start -->Now is the time for all good
men to encrypt some plaintext. Now is the time for all good men to encrypt
some plaintext. Now is the time for all good men to encrypt some plaintext.
Now is the time for all good men to encrypt some plaintext.<!-- end --><BR>
===== end source snippet =====
I don't know why your code works at all with your URL variable - perhaps you
URL-encode at some point, which preserves the characters?
Anyway, I think your solution is to encode (base64? HTMLencode? some other
way?) your encrypted text before passing it around as a FORM variable, to
preserve the CR+LF (or whatever characters are used).
Notice also that the encrypted text in my sample includes space
characters -- important to preserve those, too.
I too was freaked -- but also energized -- by the security session at
CFNORTH (I'm thinking of the one given by Byron Bignell).
Don't give up trying: the goal is worth it! Good luck.
-- Laurence
Laurence Middleton
code wrangler
ecentricarts inc.
[EMAIL PROTECTED]
416 644-5000 ext.225
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Erik Fenkell
Sent: Tuesday, May 14, 2002 4:32 PM
To: [EMAIL PROTECTED]
Subject: RE: [CFTALKTor] Decrypting A form variable
Well, I'll just leave my form variables unencrypted for the time being. But
after those CFNORTH security sessions I am a little freaked.
Erik
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of A. Karl Zarudny
Sent: Tuesday, May 14, 2002 4:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [CFTALKTor] Decrypting A form variable
I thought maybe trimming before encryption. I did a search on google for
this error and didn't turn up much - at least nothing actually relevant.
> From: "Erik Fenkell" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 16:06:02 -0400
> To: <[EMAIL PROTECTED]>
> Subject: RE: [CFTALKTor] Decrypting A form variable
>
> Trimming does not fix the problem. Should I trim when I encrypt the
variable
> or Decrypt? Tried both but to no avail.
>
>
> Erik
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of A. Karl Zarudny
> Sent: Tuesday, May 14, 2002 3:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [CFTALKTor] Decrypting A form variable
>
>
> Arrgh! I got this one too. Have you tried a trimming the variable? I never
> managed (or bothered) to try and figure it out. But it's good to know it
> wasn't just me :-) It seems like CF throws in some special invisible
> characters when encrypting the value, that mess things up when trying to
> decrypt.
>
> Karl
>
>> From: "Erik Fenkell" <[EMAIL PROTECTED]>
>> Reply-To: [EMAIL PROTECTED]
>> Date: Tue, 14 May 2002 15:17:01 -0400
>> To: <[EMAIL PROTECTED]>
>> Subject: [CFTALKTor] Decrypting A form variable
>>
>> I am having a helluva time decrypting a form variable that I have
> encrypted.
>> I have no problem with an encrypted url variable just the form variable.
>>
>> Here is some code to explain.
>>
>>
>> ----------------------------------------------
>> <cfif IsDefined('url.variable')>
>> <cfset decrypted_url_variable = #Decrypt(url.variable,8)#>
>> <cfset url.variable = #decrypted_url_variable#>
>> <cfelse>
>> <!--- ::: DO NOTHING --->
>> </cfif>
>>
>> <cfif IsDefined('form.variable)>
>> <cfset decrypted_form_variable = #Decrypt(form.variable,8)#>
>> <cfset form.variable = #decrypted_form_variable#>
>> <cfelse>
>> <!--- ::: DO NOTHING --->
>> </cfif>
>> ----------------------------------------------
>>
>> Yes, both variables have the same name. But they are different types. I
>> thought this might cause a problem but even when I give
>> the variables different names the error is thrown. Here is the error:
>>
>> ----------------------------------------------
>> Error Diagnostic Information
>>
>> An error occurred while evaluating the expression:
>>
>>
>> decrypted_form_variable = #Decrypt(form.variable,8)#
>> The value to be decrypted is not valid
>> ----------------------------------------------
>> I am at a serious loss. Thanks for any advice.
>> Best,
>> Erik
>>
>>
>>
>>
>
> -
> You are subscribed to the CFUGToronto CFTALK ListSRV.
> This message has been posted by: "A. Karl Zarudny"
> <[EMAIL PROTECTED]>
> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
> Manager: Kevin Towes ([EMAIL PROTECTED])
http://www.CFUGToronto.org/
> This System has been donated by Infopreneur, Inc.
> (http://www.infopreneur.net)
>
> -
> You are subscribed to the CFUGToronto CFTALK ListSRV.
> This message has been posted by: "Erik Fenkell" <[EMAIL PROTECTED]>
> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
> Manager: Kevin Towes ([EMAIL PROTECTED])
http://www.CFUGToronto.org/
> This System has been donated by Infopreneur, Inc.
> (http://www.infopreneur.net)
-
You are subscribed to the CFUGToronto CFTALK ListSRV.
This message has been posted by: "A. Karl Zarudny"
<[EMAIL PROTECTED]>
To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/
This System has been donated by Infopreneur, Inc.
(http://www.infopreneur.net)
-
You are subscribed to the CFUGToronto CFTALK ListSRV.
This message has been posted by: "Erik Fenkell" <[EMAIL PROTECTED]>
To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/
This System has been donated by Infopreneur, Inc.
(http://www.infopreneur.net)
-
You are subscribed to the CFUGToronto CFTALK ListSRV.
This message has been posted by: "Laurence Middleton" <[EMAIL PROTECTED]>
To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/
Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/
This System has been donated by Infopreneur, Inc.
(http://www.infopreneur.net)
