How can I encrypt a string with RSA using a given public key - using ColdFusion 7?
I will receive from a 3rd Party website a public key (exponent and modulus) and I need to encrypt a string with the given key to send the data encrypted.
The Production environment is ColdFusion 7.
I need to use RSA
I'm having some trouble to do this, I don´t know how to encrypt using the key.
Any suggestions of a reliable 3rd party custom tag or alternative?
Note: The 3rd party site has provided the following documentation but it is for PHP.
PHP
This sample requires the use of phpseclib
Ensure that prior to encoding with the RSA algorithm your string is encoded as Unicode (UTF-16 Little Endian).
01 require_once('Crypt/RSA.ph
02
03 function EncryptMyQueryString($acco
04 return RSAEncrypt($accountLoginTy
05 }
06 function RSAEncrypt($dataToEncrypt)
07 $publicKey = '<RSAKeyValue>
08 <Modulus>uno9DsYcaZ1yAqY20
09 8ElcuZVVNRmGeVBlkcHT3JpMDf
10 QWBYcuTGoQFKOtsrGqG16XwL2h
11 <Exponent>AQAB</Exponent>
12 </RSAKeyValue>';
13 $xml = new DOMDocument();
14 $xml->loadXML($publickey);
15
16 $modulus = new Math_BigInteger(base64_dec
17 $exponent = new Math_BigInteger(base64_dec
18 $key = array('modulus' => $modulus, 'publicExponent' => $exponent);
19
20 $rsa = new Crypt_RSA();
21
22 $rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RA
23 $rsa->setEncryptionMode(CR
24
25 $plainbytes = mb_convert_encoding($dataT
26 $res = $rsa->encrypt($plainbytes)
27
28 return base64_encode ( $res );
29 }
30
31 echo EncryptMyQueryString('logi
The Production environment is ColdFusion 7.
I need to use RSA
I'm having some trouble to do this, I don´t know how to encrypt using the key.
Any suggestions of a reliable 3rd party custom tag or alternative?
Note: The 3rd party site has provided the following documentation but it is for PHP.
PHP
This sample requires the use of phpseclib
Ensure that prior to encoding with the RSA algorithm your string is encoded as Unicode (UTF-16 Little Endian).
01 require_once('Crypt/RSA.ph
02
03 function EncryptMyQueryString($acco
04 return RSAEncrypt($accountLoginTy
05 }
06 function RSAEncrypt($dataToEncrypt)
07 $publicKey = '<RSAKeyValue>
08 <Modulus>uno9DsYcaZ1yAqY20
09 8ElcuZVVNRmGeVBlkcHT3JpMDf
10 QWBYcuTGoQFKOtsrGqG16XwL2h
11 <Exponent>AQAB</Exponent>
12 </RSAKeyValue>';
13 $xml = new DOMDocument();
14 $xml->loadXML($publickey);
15
16 $modulus = new Math_BigInteger(base64_dec
17 $exponent = new Math_BigInteger(base64_dec
18 $key = array('modulus' => $modulus, 'publicExponent' => $exponent);
19
20 $rsa = new Crypt_RSA();
21
22 $rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RA
23 $rsa->setEncryptionMode(CR
24
25 $plainbytes = mb_convert_encoding($dataT
26 $res = $rsa->encrypt($plainbytes)
27
28 return base64_encode ( $res );
29 }
30
31 echo EncryptMyQueryString('logi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ya, I just am not a fan of messing with too much 3rd party encryption addon-y bits, especially if you don't really know what you're doing...that implementation thing...
but certainly those are options to look at. Railo is still the better option as there are very likely security issues with CF7 that are no longer being fixed.
on the other hand, we found out last week that it's all a pointless anyways right ;P
but certainly those are options to look at. Railo is still the better option as there are very likely security issues with CF7 that are no longer being fixed.
on the other hand, we found out last week that it's all a pointless anyways right ;P
Well I'm no expert, but I'm less hesitant about using java libs since that's ultimately what CF functions are doing anyway. (Edit: I don't mean it to sound like I take it lightly. But most of these algorithms and libraries are established well documented. So there's a greater range of resources available when it comes to questions, than there are for questions on CF's encrypt/decrypt functions.) Agreed the bigger problem is people using any encryption without understanding what they're doing (...or not doing). It's very easy to get encryption wrong, or do things insecurely, no matter what tool you're using.
> Railo is still the better option
100% agreed on that. I'm just throwing out options if they absolutely can't switch.
> we found out last week that it's all a pointless anyways right ;P
I've been living under a rock for the past week. What did I miss?
> Railo is still the better option
100% agreed on that. I'm just throwing out options if they absolutely can't switch.
> we found out last week that it's all a pointless anyways right ;P
I've been living under a rock for the past week. What did I miss?
ASKER
Thanks to all who have posted. It looks I have quite a bit of research to do and will need to see what the client is willing to pursue. Not sure how to reward points
Living under a rock? More like living under a rock 3 miles underground...it's been everywhere :0
http://www.newyorker.com/online/blogs/elements/2013/09/the-nsa-versus-encryption.html
(of course still doesn't mean we shouldn't be -trying- to keep things secure...)
http://www.newyorker.com/online/blogs/elements/2013/09/the-nsa-versus-encryption.html
(of course still doesn't mean we shouldn't be -trying- to keep things secure...)
Lol, ohh ... *that* pointless. Yeah, I'd read about that.
(Phew.. I'm not so out of touch I don't know the year ... it's 1984 ;-)
(Phew.. I'm not so out of touch I don't know the year ... it's 1984 ;-)
ASKER
Getting the go ahead for the upgrade and or migration over to Railo :-)
Good choice!
I assume they mean makes additional algorithms available to the encrypt/decrypt() functions. If that doesn't work, you could do it yourself w/createObject using either the BSAFE or BouncyCastle libraries:
http://www.12robots.com/index.cfm/2010/7/19/Using-Asymmetric-Cryptography-in-your-ColdFusion-Application--Security-Series-1610
Yeah, if possible, I'd recommend looking into Railo. CF7 is a bit long in the tooth and no longer supported.