We help IT Professionals succeed at work.

ColdFusion Error : Using 'decrypt' |

rcbuchanan
rcbuchanan asked
on
Medium Priority
1,146 Views
Last Modified: 2013-12-24
I'm getting this following CF error message when trying to decrypt a UID emailed to a registered user of my new web portal ... via an email URL:

http://domain.com/process_activate_user.cfm?uid=C6D2148A561495627A6EDB63825B6444DA3489583CCAB79D


An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
 
The error occurred in C:\Inetpub\wwwroot\process_activate_user.cfm: line 11
9 : <cfscript>
10 : theKey=generateSecretKey("BLOWFISH");
11 : decrypted=decrypt(url.uid, theKey, "BLOWFISH", "Hex");
12 : </cfscript>


I've compared value passed by the URL against the value I'll compare with the encrypted value stored in a MySQL table and they appear identical.

Any ideas?

I'm ENCRYPTING this string as follows:

<cfset useridzeros=#LSNumberFormat(url.session, "R0000000000")#>
<cfset userstring = #useridzeros# & #form.user_password#>

<cfscript>
theKey=generateSecretKey("BLOWFISH");
encrypted=encrypt(userstring, theKey, "BLOWFISH", "Hex");
</cfscript>

<cfquery name="insertUser" datasource="fred"  username="fred" password="fred">
insert into users
(username, email, password, visitor_id, last_login, times_visited, register_success, encryption_key, account_locked_out, account_locked_out_date)  
values ('#form.user_username#', '#form.user_email#', '#form.user_password#', #url.session#, now(), 0, 'n','#encrypted#','n',null)
</cfquery>


Comment
Watch Question

Commented:
Not sure why.

However, I dont think what your doing is any better than just using a plain UUID.

What additional security do you think you are getting by encrpting this.

Normally you would just store the info in a db with a uuid perhaps

when they click the link with the uuid, you look up the info, the encryption adds no value.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Commented:
Actually looking at your code, you do realise you need to decrypt with the same key you used to encrypt.

You cant just generate a new key.

You could perhaps generate a key once at app start and store in application scope.

or just use a fixed key

hard coded
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.