• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 889
  • Last Modified:

RC4 encryption in VBScript

I am encrypting a string in a website with RC4 algorithm. I am then sending the encrypted value as cookie to another website where I am trying to decrypt it with the same code. But I am not able to decrypt and get the original value.

I am not knowing whether I am missing any encoding/decoding as am new to VBScript. Please help
0
vatza
Asked:
vatza
  • 2
1 Solution
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
What script are you using?

Here is one where you should be able to use for both encrypt and decrypt by calling the function.  Is page 2 using classic asp?  If not, I wonder if it is possible you are encrypting in vbscript to a cookie, then decrypting it in php for example.   It may not be the same algorithm and give slightly different results.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<%
'***MIKE SCHAFFER at 4 Guys From Rolla.com <http://www.4guysfromrolla.com/webtech/010100-1.shtml>
' RC4 Encryption Using ASP & VBScript
%>
<%
On Error Resume Next
Private CryptRc4UtilEx
Set CryptRc4UtilEx = New clsCryptRc4UtilEx
Err.Clear 

Class clsCryptRc4UtilEx
	
	Private Sub Class_Initialize()
	End Sub
		
	Private Sub Class_Terminate()	 
	End Sub
	
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::                                                             :::
   ':::  This script performs 'RC4' Stream Encryption               :::
   ':::  (Based on what is widely thought to be RSA's RC4           :::
   ':::  algorithm. It produces output streams that are identical   :::
   ':::  to the commercial products)                                :::
   ':::                                                             :::
   ':::  This script is Copyright © 1999 by Mike Shaffer            :::
   ':::  ALL RIGHTS RESERVED WORLDWIDE                              :::
   ':::                                                             :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::                                                             :::
   ':::  This routine passes the standard test vectors for the      :::
   ':::  RC4 algorithm. The test vectors are included below for     :::
   ':::  easy cut-and-paste verification. It is recommended that    :::
   ':::  you remove these comments for actual production to         :::
   ':::  reduce initial script parsing/processing time.             :::
   ':::                                                             :::
   ':::                                                             :::
   '::: Test harness vectors:                                       :::
   ':::                                                             :::
   ':::   Test vector 0                                             :::
   ':::   Key: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef              :::
   ':::   Input: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef            :::
   ':::   Output: &h75 &hb7 &h87 &h80 &h99 &he0 &hc5 &h96           :::
   ':::                                                             :::
   ':::   Test vector 1                                             :::
   ':::   Key: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef              :::
   ':::   Input: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00            :::
   ':::   Output: &h74 &h94 &hc2 &he7 &h10 &h4b &h08 &h79           :::
   ':::                                                             :::
   ':::   Test vector 2                                             :::
   ':::   Key: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00              :::
   ':::   Input: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00            :::
   ':::   Output: &hde &h18 &h89 &h41 &ha3 &h37 &h5d &h3a           :::
   ':::                                                             :::
   ':::   Test vector 3                                             :::
   ':::   Key: &hef &h01 &h23 &h45                                  ::: 
   ':::   Input: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00  ::: 
   ':::   Output: &hd6 &ha1 &h41 &ha7 &hec &h3c &h38 &hdf &hbd &h61 :::
   ':::                                                             :::
   ':::   Test vector 4                                             :::
   ':::   Key: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef              :::
   ':::   Input:                                                    :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01    :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01                                                      :::
   ':::   Output:                                                   :::
   ':::   &h75 &h95 &hc3 &he6 &h11 &h4a &h09 &h78 &h0c &h4a &hd4    :::
   ':::   &h52 &h33 &h8e &h1f &hfd &h9a &h1b &he9 &h49 &h8f         :::
   ':::   &h81 &h3d &h76 &h53 &h34 &h49 &hb6 &h77 &h8d &hca         :::
   ':::   &hd8 &hc7 &h8a &h8d &h2b &ha9 &hac &h66 &h08 &h5d         :::
   ':::   &h0e &h53 &hd5 &h9c &h26 &hc2 &hd1 &hc4 &h90 &hc1         :::
   ':::   &heb &hbe &h0c &he6 &h6d &h1b &h6b &h1b &h13 &hb6         :::
   ':::   &hb9 &h19 &hb8 &h47 &hc2 &h5a &h91 &h44 &h7a &h95         :::
   ':::   &he7 &h5e &h4e &hf1 &h67 &h79 &hcd &he8 &hbf &h0a         :::
   ':::   &h95 &h85 &h0e &h32 &haf &h96 &h89 &h44 &h4f &hd3         :::
   ':::   &h77 &h10 &h8f &h98 &hfd &hcb &hd4 &he7 &h26 &h56         :::
   ':::   &h75 &h00 &h99 &h0b &hcc &h7e &h0c &ha3 &hc4 &haa         :::
   ':::   &ha3 &h04 &ha3 &h87 &hd2 &h0f &h3b &h8f &hbb &hcd         :::
   ':::   &h42 &ha1 &hbd &h31 &h1d &h7a &h43 &h03 &hdd &ha5         :::
   ':::   &hab &h07 &h88 &h96 &hae &h80 &hc1 &h8b &h0a &hf6         :::
   ':::   &h6d &hff &h31 &h96 &h16 &heb &h78 &h4e &h49 &h5a         :::
   ':::   &hd2 &hce &h90 &hd7 &hf7 &h72 &ha8 &h17 &h47 &hb6         :::
   ':::   &h5f &h62 &h09 &h3b &h1e &h0d &hb9 &he5 &hba &h53         :::
   ':::   &h2f &haf &hec &h47 &h50 &h83 &h23 &he6 &h71 &h32         :::
   ':::   &h7d &hf9 &h44 &h44 &h32 &hcb &h73 &h67 &hce &hc8         :::
   ':::   &h2f &h5d &h44 &hc0 &hd0 &h0b &h67 &hd6 &h50 &ha0         :::
   ':::   &h75 &hcd &h4b &h70 &hde &hdd &h77 &heb &h9b &h10         :::
   ':::   &h23 &h1b &h6b &h5b &h74 &h13 &h47 &h39 &h6d &h62         :::
   ':::   &h89 &h74 &h21 &hd4 &h3d &hf9 &hb4 &h2e &h44 &h6e         :::
   ':::   &h35 &h8e &h9c &h11 &ha9 &hb2 &h18 &h4e &hcb &hef         :::
   ':::   &h0c &hd8 &he7 &ha8 &h77 &hef &h96 &h8f &h13 &h90         :::
   ':::   &hec &h9b &h3d &h35 &ha5 &h58 &h5c &hb0 &h09 &h29         :::
   ':::   &h0e &h2f &hcd &he7 &hb5 &hec &h66 &hd9 &h08 &h4b         :::
   ':::   &he4 &h40 &h55 &ha6 &h19 &hd9 &hdd &h7f &hc3 &h16         :::
   ':::   &h6f &h94 &h87 &hf7 &hcb &h27 &h29 &h12 &h42 &h64         :::
   ':::   &h45 &h99 &h85 &h14 &hc1 &h5d &h53 &ha1 &h8c &h86         :::
   ':::   &h4c &he3 &ha2 &hb7 &h55 &h57 &h93 &h98 &h81 &h26         :::
   ':::   &h52 &h0e &hac &hf2 &he3 &h06 &h6e &h23 &h0c &h91         :::
   ':::   &hbe &he4 &hdd &h53 &h04 &hf5 &hfd &h04 &h05 &hb3         :::
   ':::   &h5b &hd9 &h9c &h73 &h13 &h5d &h3d &h9b &hc3 &h35         :::
   ':::   &hee &h04 &h9e &hf6 &h9b &h38 &h67 &hbf &h2d &h7b         :::
   ':::   &hd1 &hea &ha5 &h95 &hd8 &hbf &hc0 &h06 &h6f &hf8         :::
   ':::   &hd3 &h15 &h09 &heb &h0c &h6c &haa &h00 &h6c &h80         :::
   ':::   &h7a &h62 &h3e &hf8 &h4c &h3d &h33 &hc1 &h95 &hd2         :::
   ':::   &h3e &he3 &h20 &hc4 &h0d &he0 &h55 &h81 &h57 &hc8         :::
   ':::   &h22 &hd4 &hb8 &hc5 &h69 &hd8 &h49 &hae &hd5 &h9d         :::
   ':::   &h4e &h0f &hd7 &hf3 &h79 &h58 &h6b &h4b &h7f &hf6         :::
   ':::   &h84 &hed &h6a &h18 &h9f &h74 &h86 &hd4 &h9b &h9c         :::
   ':::   &h4b &had &h9b &ha2 &h4b &h96 &hab &hf9 &h24 &h37         :::
   ':::   &h2c &h8a &h8f &hff &hb1 &h0d &h55 &h35 &h49 &h00         :::
   ':::   &ha7 &h7a &h3d &hb5 &hf2 &h05 &he1 &hb9 &h9f &hcd         :::
   ':::   &h86 &h60 &h86 &h3a &h15 &h9a &hd4 &hab &he4 &h0f         :::
   ':::   &ha4 &h89 &h34 &h16 &h3d &hdd &he5 &h42 &ha6 &h58         :::
   ':::   &h55 &h40 &hfd &h68 &h3c &hbf &hd8 &hc0 &h0f &h12         :::
   ':::   &h12 &h9a &h28 &h4d &hea &hcc &h4c &hde &hfe &h58         :::
   ':::   &hbe &h71 &h37 &h54 &h1c &h04 &h71 &h26 &hc8 &hd4         :::
   ':::   &h9e &h27 &h55 &hab &h18 &h1a &hb7 &he9 &h40 &hb0         :::
   ':::   &hc0                                                      :::
   ':::                                                             :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


   Private sbox(255)
   Private key(255)


   Private Sub RC4Initialize(strPwd)
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::  This routine called by EnDeCrypt function. Initializes the :::
   ':::  sbox and the key array)                                    :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

      dim tempSwap
      dim a
      dim b

      intLength = len(strPwd)
      For a = 0 To 255
         key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
         sbox(a) = a
      next

      b = 0
      For a = 0 To 255
         b = (b + sbox(a) + key(a)) Mod 256
         tempSwap = sbox(a)
         sbox(a) = sbox(b)
         sbox(b) = tempSwap
      Next
   
   End Sub
   
   Public Function EnDeCrypt(plaintxt, psw)
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::  This routine does all the work. Call it both to ENcrypt    :::
   ':::  and to DEcrypt your data.                                  :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

      dim temp
      dim a
      dim i
      dim j
      dim k
      dim cipherby
      dim cipher

      i = 0
      j = 0

      RC4Initialize psw

      For a = 1 To Len(plaintxt)
         i = (i + 1) Mod 256
         j = (j + sbox(i)) Mod 256
         temp = sbox(i)
         sbox(i) = sbox(j)
         sbox(j) = temp
   
         k = sbox((sbox(i) + sbox(j)) Mod 256)

         cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
         cipher = cipher & Chr(cipherby)
      Next

      EnDeCrypt = cipher

   End Function
	
End Class
%>

Open in new window

0
 
vatzaAuthor Commented:
Thanks. I am using the same script for RC4 encryption and decryption from 4guysfromrolla.com.

I am having an aspx page where I am encrypting a text and setting it as a cookie. I am retrieving the cookie at a classic asp page where I have the same script to decypt it.

The key, of course, remains the same.

I am not sure whether that will make a difference.
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
I would suggest creating a standalone page just with the function to encrypt/decrypt.  Let's say you call it rc4.asp since it is a classic asp page.  

rc4.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
myText=request.form("myText")
password="my_password"

if request.form("plaintxt")<>"" then
	response.cookie rc4(myText,password)
end if

function rc4(plaintxt, psw)

' function code goes here

end function

%>

Open in new window

In your aspx page, when you want to set the cookie, do a silent post to rc4.asp.  Then in your classic asp page, you can read it using the same code.  This just eliminates if one serverside script creates a slightly different hash.

If this is not the case, then try using your script only a a classic asp page just for testing where you can encrypt a phrase then decrypt it all on the same page.  If that works, then you are at least on the right track.
0
 
Dave BaldwinFixer of ProblemsCommented:
Another test is to see if you can both encrypt and decrypt from an ASP.NET page to see if that code even works in ASP.NET.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now