Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

decrypting an AES encrypted file in ASP

Posted on 2010-08-19
11
Medium Priority
?
515 Views
Last Modified: 2012-05-10
I have never worked with AES encryption before. I have files being sent to my server which are encrypted with a 128-bit key that I need to decrypt in order to extract the data. I'm really not quite sure how to proceed, the file isn't a plain text file that I can open with a text editor. So I assume I also cannot use the File System Object OpenTextFile to get access to the encrypted data. How do I even get at the data in order to decrypt it? Need a starting point. Thank you!
0
Comment
Question by:bbdesign
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 29

Expert Comment

by:Badotz
ID: 33476145
It is probably a text file, and so FSO should allow you to open/read the content.

It is decrypting the content that will be the issue. There are countless examples on the web, so that part should not be too hard, either.
0
 

Author Comment

by:bbdesign
ID: 33476401
If I try to open it with a text editor, I get garbage characters:

DJ$.X0f8WáMŸa•ÅH&"ñl°¿@hn¿æ5ÀÓ+·î:õèÔ9\ $'êç`L÷ü¿

Non-ASCII. But if you think FSO will work, I will give it a try.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 33476660
It isn't "garbage", it is AES-encrypted text.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 

Author Comment

by:bbdesign
ID: 33477461
OK, so I'm sort of on the right track. I setup a script to open the file with FSO:

set objFILE=objFSO.OpenTextFile

...then I did:

response.write(objFILE.ReadAll)

See attached screenshot. The top box in red is what I see if I open the file directly into a text editor. The bottom red box is the source code of the ASP page where I did the response.write above.

Shouldn't I expect these to be identical?
Picture-1.jpg
0
 
LVL 29

Accepted Solution

by:
Badotz earned 2000 total points
ID: 33478510
Looking at encoded AES text is pointless.

Find a web site that lets you encrypt and decrypt AES, paste in the encoded text, your password, key and anything else it requires and see if it works.

What "Response.Write" passes up to the client may be different than what you see in Notepad.
0
 

Author Comment

by:bbdesign
ID: 33479057
I'm having a hard time finding anything that I can do a quick check with. Neither of these work:

http://www.chilkatsoft.com/js-aes-decrypt.asp
http://www.file-encrypter.com

These types of searches produce Google results that are so full of ads and spam that they're pretty much useless.

If a tool asks me to copy-and-paste text into a field in a web browser, I just open my file in a text editor, copy, then paste? It seems the encrypted data can't be moved around as easily as regular text.

If you have any other advice I would really appreciate it.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 33479703
I'm not sure how much text you can decrypt here, but

http://www.movable-type.co.uk/scripts/aes.html

provides details on AES. Give it a look, and copy/paste the code into your own page to see if it will work for you.
0
 

Author Comment

by:bbdesign
ID: 33479801
That didn't do anything, at least with my code (when I open it to copy, it is several lines, that input field only had one).
0
 
LVL 29

Expert Comment

by:Badotz
ID: 33480666
Then perhaps "copy/paste the code into your own page to see if it will work for you."
0
 

Author Comment

by:bbdesign
ID: 33503404
OK, I'm going to close this out for now. Thanks for your help. At this point, I'm not even sure the file my client sent me is a valid AES encrypted file. What a mess.
0
 
LVL 29

Expert Comment

by:Badotz
ID: 33503934
Not sure I deserved points, but thanks.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question