1

I have to encrypt url query sting in C# and pass to ColdFusion page. Can someone help me on writing encryption code using AES algorithm in C#.net that is equivalent to below ColdFusion function? Thanks in advance.

<cfset strLink = Encrypt("top secret", "WTq8zYcZfaWVvMncigHqwQ==", "AES","Hex")>

CF Result:

  • strLink = 91E72250B8A7EDBC4E5AF37F04E6AB5B

I tried below code in C#, but the results are not matching.

        byte[] plainText = Encoding.Unicode.GetBytes("top secret");

        byte[] key = Convert.FromBase64String("WTq8zYcZfaWVvMncigHqwQ==");
        RijndaelManaged algorithm = new RijndaelManaged();
        algorithm.Mode = CipherMode.ECB;
        algorithm.Padding = PaddingMode.PKCS7;
        algorithm.BlockSize = 128;
        algorithm.KeySize = 128;
        algorithm.Key = key;
        string result;
        using (ICryptoTransform encryptor = algorithm.CreateEncryptor())
        {
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(plainText, 0, plainText.Length);
                    cryptoStream.FlushFinalBlock();
                   result = Convert.ToBase64String(memoryStream.ToArray());
                }
            }
        }
        return result;

C# Result:

  • HEX = 89F9F3C55CD232362FE1E14240C479BE5B56210FF3913E7B6BA4BCD3C87F9AA7
  • Base64 = ifnzxVzSMjYv4eFCQMR5vltWIQ/zkT57a6S808h/mqc=
Leigh
  • 28,765
  • 10
  • 55
  • 103
Jayaprakash
  • 21
  • 3
  • 2
    Also, be sure to search the archives first. [Encryption compatibility questions](http://stackoverflow.com/search?q=[coldfusion]+C%23+encryption+AES) are not uncommon, so it is entirely possible your question was already asked and answered. If not, please post back with the actual code you tried *and* any error messages. – Leigh Aug 11 '15 at 16:26
  • Question updated to make the cfml code "visible" – Leigh Aug 11 '15 at 16:29
  • Artjom- thanks for your response. i have edited the question and added more details. Could you please help me out on this now ? – Jayaprakash Aug 11 '15 at 19:47
  • @Jayaprakash - What C# code have you *actually tried*? If you have not tried anything yet, review the threads in the link above first. [At least one of them](http://stackoverflow.com/questions/26186665/encrypt-in-coldfusion-and-decrypt-in-c-sharp) has an example that should serve as a good starting point. Granted it is for decryption, but the basic process for encryption is not that much different. – Leigh Aug 11 '15 at 19:55
  • @Leigh : i have updated the question with my C# code. The results are not matching. Kindly help.thanks – Jayaprakash Aug 12 '15 at 09:43
  • 1
    @Jayaprakash - Thank you. Believe it or not, it is simply due to using the wrong encoding in the C# code. `Encoding.Unicode` uses [UTF-16](https://msdn.microsoft.com/en-us/library/ms404377%28v=vs.110%29.aspx), whereas CF uses [UTF-8](https://helpx.adobe.com/coldfusion/kb/strong-encryption-coldfusion-mx-7.html) (very different). Consequently, your C# code is encrypting a totally different value than CF. Hence the different results. Instead use `Encoding.UTF8.GetBytes()` and the results will match. – Leigh Aug 12 '15 at 13:03
  • @Leigh - Cool. That fixed the issue. Now the results are same. Thanks a lot for your help. – Jayaprakash Aug 13 '15 at 09:15
  • Jayaprakash - BTW @ArtjomB probably did not see your [follow up comment](http://stackoverflow.com/questions/31945755/c-sharp-and-coldfusion-aes-encryption-not-matching#comment51810674_31945755). Once a thread has comments from three or more people, S.O. only sends a "new comment" notification if you use @ + someUserName (unless they are the author of the parent question/answer). – Leigh Aug 17 '15 at 16:13
  • 2
    @halfer : Thanks, Marked Leigh answer as accepted. – Jayaprakash Sep 08 '15 at 03:18

1 Answers1

2

(From comments...)

This is a perfect example of how character encoding makes a big difference.

Believe it or not, it is simply due to using the wrong encoding in the C# code. Encoding.Unicode uses UTF-16, whereas CF's Encrypt function always uses UTF-8 (very different). Consequently, the C# code is encrypting a totally different value than CF. Hence the different results, and why the length of the C# string (hex) is longer than the one returned from CF.

Use Encoding.UTF8.GetBytes() instead of Encoding.Unicode.GetBytes() and the results will match:

byte[] plainText = Encoding.UTF8.GetBytes("top secret");
Leigh
  • 28,765
  • 10
  • 55
  • 103