Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ColdFusion Error : Using 'decrypt' |

Posted on 2009-02-14
2
Medium Priority
?
1,073 Views
Last Modified: 2013-12-24
I'm getting this following CF error message when trying to decrypt a UID emailed to a registered user of my new web portal ... via an email URL:

http://domain.com/process_activate_user.cfm?uid=C6D2148A561495627A6EDB63825B6444DA3489583CCAB79D


An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
 
The error occurred in C:\Inetpub\wwwroot\process_activate_user.cfm: line 11
9 : <cfscript>
10 : theKey=generateSecretKey("BLOWFISH");
11 : decrypted=decrypt(url.uid, theKey, "BLOWFISH", "Hex");
12 : </cfscript>


I've compared value passed by the URL against the value I'll compare with the encrypted value stored in a MySQL table and they appear identical.

Any ideas?

I'm ENCRYPTING this string as follows:

<cfset useridzeros=#LSNumberFormat(url.session, "R0000000000")#>
<cfset userstring = #useridzeros# & #form.user_password#>

<cfscript>
theKey=generateSecretKey("BLOWFISH");
encrypted=encrypt(userstring, theKey, "BLOWFISH", "Hex");
</cfscript>

<cfquery name="insertUser" datasource="fred"  username="fred" password="fred">
insert into users
(username, email, password, visitor_id, last_login, times_visited, register_success, encryption_key, account_locked_out, account_locked_out_date)  
values ('#form.user_username#', '#form.user_email#', '#form.user_password#', #url.session#, now(), 0, 'n','#encrypted#','n',null)
</cfquery>


0
Comment
Question by:rcbuchanan
  • 2
2 Comments
 
LVL 18

Accepted Solution

by:
Plucka earned 1500 total points
ID: 23643668
Not sure why.

However, I dont think what your doing is any better than just using a plain UUID.

What additional security do you think you are getting by encrpting this.

Normally you would just store the info in a db with a uuid perhaps

when they click the link with the uuid, you look up the info, the encryption adds no value.
0
 
LVL 18

Assisted Solution

by:Plucka
Plucka earned 1500 total points
ID: 23643690
Actually looking at your code, you do realise you need to decrypt with the same key you used to encrypt.

You cant just generate a new key.

You could perhaps generate a key once at app start and store in application scope.

or just use a fixed key

hard coded
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Screencast - Getting to Know the Pipeline
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question