coldfusion decrypt to c#

1
votes

I copied and used the C# code in the sample from this page, C# equivalent to this ColdFusion Decrypt function but it is not working for me. I'm not sure if the coldfusion decrypt sample on that page is the same as what I have. Anyway, my coldfusion code goes like this:

to encrypt:

<cfset strBase64Value = ToBase64(encrypt(strValue,"mykey")) />

to decrypt:

<cfset strDecrypted = decrypt(ToString(toBinary(strBase64Value)),"mykey") />

Where strValue is the string to begin with, strDecrypted is the returned decrypted string, strBase64Value is the encrypted string and "mykey" is the key password used to encrypt/decrypt strings.

My C# code follows:

    private string ConvertString(string string1, string string2)
    {
        byte[] key = ASCIIEncoding.ASCII.GetBytes(string1);
        byte[] encryptedData = Convert.FromBase64String(string2);

        Aes aes = Aes.Create();
        aes.Mode = CipherMode.ECB;

        using (var ms = new MemoryStream())
        {
            using (var cs = new CryptoStream(ms, aes.CreateDecryptor(key, null), CryptoStreamMode.Write))
            {
                cs.Write(encryptedData, 0, encryptedData.Length);
            }
            byte[] decryptedData = ms.ToArray();
            string clearText = Encoding.ASCII.GetString(decryptedData);
            return clearText;
        }
    }

I get an error that says "The specified key is not a valid size for this algorithm. Parameter name: key"

1
c#coldfusionencryption
what are your values for string1, string2? - oberfreak
possible duplicate of Compare password hashes between C# and ColdFusion (CFMX_COMPAT) - Adam Tuttle

1 Answers

3
votes

The linked example uses AES, which is a completely different algorithm. Your code uses the old cfmx_compat algorithm. There is no equivalent in the standard c# libraries. But here is a c# port of cfmx_compat (ripped from the open source Railo engine :).

That said, cfmx_compat is very insecure and only maintained for backward compatibility. I would strongly recommend switching to a more secure algorithm like AES, etcetera.