0

I searched a lot to find an encryption algorithm which its encrypted results do not include slash character. Anything I've tested so far (like this, this and this) generate strings which include slash character and therefore they make asp.net (web forms) routing misunderstand the way it should interpret the route.

Can you please help by introducing a symmetric encryption algorithm which generate encrypted strings that can safely be used for encrypting query strings without misguiding asp.net routing?

Community
  • 1
  • 1
Farshid
  • 5,134
  • 9
  • 59
  • 87

1 Answers1

1

Encryption algorithms generally produce random (looking) bytes. These bytes can have any value. You can encode this value, for instance using hexadecimals or base 64. With hexadecimals you have already code that only contains 0..9 and a..f (in upper or lower case). However, hexadecimal encoding is not very efficient, doubling the ciphertext.

Base 64 uses 64 characters: A..Z, a..z, 0..9, + and /, and sometimes a padding character =. It is however very easy to replace the URL unsafe + and / characters with other ones, e.g. - and _ according to RFC 4648. You can also remove any = characters at the end, although you may have to put them back (until you get a multiple of 4 base 64 characters) depending on the base 64 decoding routine. Base 64 uses 4 characters for 3 bytes, so it expands the ciphertext by 33%.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thank you @owlstead for your comprehensive answer. I solved it by using Server.UrlEncode after encrypting and Server.UrlDecode after decrypting. – Farshid Jul 03 '14 at 04:49
  • 1
    That may not always work if you just treat the binary as a string before feeding it into UrlEncode. Better first perform base 64 or you may lose data. – Maarten Bodewes Jul 03 '14 at 07:49