ColdFusion Error : Using 'decrypt' |

Posted on 2009-02-14
Last Modified: 2013-12-24
I'm getting this following CF error message when trying to decrypt a UID emailed to a registered user of my new web portal ... via an email URL:

An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
The error occurred in C:\Inetpub\wwwroot\process_activate_user.cfm: line 11
9 : <cfscript>
10 : theKey=generateSecretKey("BLOWFISH");
11 : decrypted=decrypt(url.uid, theKey, "BLOWFISH", "Hex");
12 : </cfscript>

I've compared value passed by the URL against the value I'll compare with the encrypted value stored in a MySQL table and they appear identical.

Any ideas?

I'm ENCRYPTING this string as follows:

<cfset useridzeros=#LSNumberFormat(url.session, "R0000000000")#>
<cfset userstring = #useridzeros# & #form.user_password#>

encrypted=encrypt(userstring, theKey, "BLOWFISH", "Hex");

<cfquery name="insertUser" datasource="fred"  username="fred" password="fred">
insert into users
(username, email, password, visitor_id, last_login, times_visited, register_success, encryption_key, account_locked_out, account_locked_out_date)  
values ('#form.user_username#', '#form.user_email#', '#form.user_password#', #url.session#, now(), 0, 'n','#encrypted#','n',null)

Question by:rcbuchanan
    LVL 18

    Accepted Solution

    Not sure why.

    However, I dont think what your doing is any better than just using a plain UUID.

    What additional security do you think you are getting by encrpting this.

    Normally you would just store the info in a db with a uuid perhaps

    when they click the link with the uuid, you look up the info, the encryption adds no value.
    LVL 18

    Assisted Solution

    Actually looking at your code, you do realise you need to decrypt with the same key you used to encrypt.

    You cant just generate a new key.

    You could perhaps generate a key once at app start and store in application scope.

    or just use a fixed key

    hard coded

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now