Solved

RC4 encryption in VBScript

Posted on 2013-11-28
6
600 Views
Last Modified: 2014-10-29
I am encrypting a string in a website with RC4 algorithm. I am then sending the encrypted value as cookie to another website where I am trying to decrypt it with the same code. But I am not able to decrypt and get the original value.

I am not knowing whether I am missing any encoding/decoding as am new to VBScript. Please help
0
Comment
Question by:vatza
  • 2
6 Comments
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39684635
What script are you using?

Here is one where you should be able to use for both encrypt and decrypt by calling the function.  Is page 2 using classic asp?  If not, I wonder if it is possible you are encrypting in vbscript to a cookie, then decrypting it in php for example.   It may not be the same algorithm and give slightly different results.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<%
'***MIKE SCHAFFER at 4 Guys From Rolla.com <http://www.4guysfromrolla.com/webtech/010100-1.shtml>
' RC4 Encryption Using ASP & VBScript
%>
<%
On Error Resume Next
Private CryptRc4UtilEx
Set CryptRc4UtilEx = New clsCryptRc4UtilEx
Err.Clear 

Class clsCryptRc4UtilEx
	
	Private Sub Class_Initialize()
	End Sub
		
	Private Sub Class_Terminate()	 
	End Sub
	
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::                                                             :::
   ':::  This script performs 'RC4' Stream Encryption               :::
   ':::  (Based on what is widely thought to be RSA's RC4           :::
   ':::  algorithm. It produces output streams that are identical   :::
   ':::  to the commercial products)                                :::
   ':::                                                             :::
   ':::  This script is Copyright © 1999 by Mike Shaffer            :::
   ':::  ALL RIGHTS RESERVED WORLDWIDE                              :::
   ':::                                                             :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::                                                             :::
   ':::  This routine passes the standard test vectors for the      :::
   ':::  RC4 algorithm. The test vectors are included below for     :::
   ':::  easy cut-and-paste verification. It is recommended that    :::
   ':::  you remove these comments for actual production to         :::
   ':::  reduce initial script parsing/processing time.             :::
   ':::                                                             :::
   ':::                                                             :::
   '::: Test harness vectors:                                       :::
   ':::                                                             :::
   ':::   Test vector 0                                             :::
   ':::   Key: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef              :::
   ':::   Input: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef            :::
   ':::   Output: &h75 &hb7 &h87 &h80 &h99 &he0 &hc5 &h96           :::
   ':::                                                             :::
   ':::   Test vector 1                                             :::
   ':::   Key: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef              :::
   ':::   Input: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00            :::
   ':::   Output: &h74 &h94 &hc2 &he7 &h10 &h4b &h08 &h79           :::
   ':::                                                             :::
   ':::   Test vector 2                                             :::
   ':::   Key: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00              :::
   ':::   Input: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00            :::
   ':::   Output: &hde &h18 &h89 &h41 &ha3 &h37 &h5d &h3a           :::
   ':::                                                             :::
   ':::   Test vector 3                                             :::
   ':::   Key: &hef &h01 &h23 &h45                                  ::: 
   ':::   Input: &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00 &h00  ::: 
   ':::   Output: &hd6 &ha1 &h41 &ha7 &hec &h3c &h38 &hdf &hbd &h61 :::
   ':::                                                             :::
   ':::   Test vector 4                                             :::
   ':::   Key: &h01 &h23 &h45 &h67 &h89 &hab &hcd &hef              :::
   ':::   Input:                                                    :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01    :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01 &h01         :::
   ':::   &h01                                                      :::
   ':::   Output:                                                   :::
   ':::   &h75 &h95 &hc3 &he6 &h11 &h4a &h09 &h78 &h0c &h4a &hd4    :::
   ':::   &h52 &h33 &h8e &h1f &hfd &h9a &h1b &he9 &h49 &h8f         :::
   ':::   &h81 &h3d &h76 &h53 &h34 &h49 &hb6 &h77 &h8d &hca         :::
   ':::   &hd8 &hc7 &h8a &h8d &h2b &ha9 &hac &h66 &h08 &h5d         :::
   ':::   &h0e &h53 &hd5 &h9c &h26 &hc2 &hd1 &hc4 &h90 &hc1         :::
   ':::   &heb &hbe &h0c &he6 &h6d &h1b &h6b &h1b &h13 &hb6         :::
   ':::   &hb9 &h19 &hb8 &h47 &hc2 &h5a &h91 &h44 &h7a &h95         :::
   ':::   &he7 &h5e &h4e &hf1 &h67 &h79 &hcd &he8 &hbf &h0a         :::
   ':::   &h95 &h85 &h0e &h32 &haf &h96 &h89 &h44 &h4f &hd3         :::
   ':::   &h77 &h10 &h8f &h98 &hfd &hcb &hd4 &he7 &h26 &h56         :::
   ':::   &h75 &h00 &h99 &h0b &hcc &h7e &h0c &ha3 &hc4 &haa         :::
   ':::   &ha3 &h04 &ha3 &h87 &hd2 &h0f &h3b &h8f &hbb &hcd         :::
   ':::   &h42 &ha1 &hbd &h31 &h1d &h7a &h43 &h03 &hdd &ha5         :::
   ':::   &hab &h07 &h88 &h96 &hae &h80 &hc1 &h8b &h0a &hf6         :::
   ':::   &h6d &hff &h31 &h96 &h16 &heb &h78 &h4e &h49 &h5a         :::
   ':::   &hd2 &hce &h90 &hd7 &hf7 &h72 &ha8 &h17 &h47 &hb6         :::
   ':::   &h5f &h62 &h09 &h3b &h1e &h0d &hb9 &he5 &hba &h53         :::
   ':::   &h2f &haf &hec &h47 &h50 &h83 &h23 &he6 &h71 &h32         :::
   ':::   &h7d &hf9 &h44 &h44 &h32 &hcb &h73 &h67 &hce &hc8         :::
   ':::   &h2f &h5d &h44 &hc0 &hd0 &h0b &h67 &hd6 &h50 &ha0         :::
   ':::   &h75 &hcd &h4b &h70 &hde &hdd &h77 &heb &h9b &h10         :::
   ':::   &h23 &h1b &h6b &h5b &h74 &h13 &h47 &h39 &h6d &h62         :::
   ':::   &h89 &h74 &h21 &hd4 &h3d &hf9 &hb4 &h2e &h44 &h6e         :::
   ':::   &h35 &h8e &h9c &h11 &ha9 &hb2 &h18 &h4e &hcb &hef         :::
   ':::   &h0c &hd8 &he7 &ha8 &h77 &hef &h96 &h8f &h13 &h90         :::
   ':::   &hec &h9b &h3d &h35 &ha5 &h58 &h5c &hb0 &h09 &h29         :::
   ':::   &h0e &h2f &hcd &he7 &hb5 &hec &h66 &hd9 &h08 &h4b         :::
   ':::   &he4 &h40 &h55 &ha6 &h19 &hd9 &hdd &h7f &hc3 &h16         :::
   ':::   &h6f &h94 &h87 &hf7 &hcb &h27 &h29 &h12 &h42 &h64         :::
   ':::   &h45 &h99 &h85 &h14 &hc1 &h5d &h53 &ha1 &h8c &h86         :::
   ':::   &h4c &he3 &ha2 &hb7 &h55 &h57 &h93 &h98 &h81 &h26         :::
   ':::   &h52 &h0e &hac &hf2 &he3 &h06 &h6e &h23 &h0c &h91         :::
   ':::   &hbe &he4 &hdd &h53 &h04 &hf5 &hfd &h04 &h05 &hb3         :::
   ':::   &h5b &hd9 &h9c &h73 &h13 &h5d &h3d &h9b &hc3 &h35         :::
   ':::   &hee &h04 &h9e &hf6 &h9b &h38 &h67 &hbf &h2d &h7b         :::
   ':::   &hd1 &hea &ha5 &h95 &hd8 &hbf &hc0 &h06 &h6f &hf8         :::
   ':::   &hd3 &h15 &h09 &heb &h0c &h6c &haa &h00 &h6c &h80         :::
   ':::   &h7a &h62 &h3e &hf8 &h4c &h3d &h33 &hc1 &h95 &hd2         :::
   ':::   &h3e &he3 &h20 &hc4 &h0d &he0 &h55 &h81 &h57 &hc8         :::
   ':::   &h22 &hd4 &hb8 &hc5 &h69 &hd8 &h49 &hae &hd5 &h9d         :::
   ':::   &h4e &h0f &hd7 &hf3 &h79 &h58 &h6b &h4b &h7f &hf6         :::
   ':::   &h84 &hed &h6a &h18 &h9f &h74 &h86 &hd4 &h9b &h9c         :::
   ':::   &h4b &had &h9b &ha2 &h4b &h96 &hab &hf9 &h24 &h37         :::
   ':::   &h2c &h8a &h8f &hff &hb1 &h0d &h55 &h35 &h49 &h00         :::
   ':::   &ha7 &h7a &h3d &hb5 &hf2 &h05 &he1 &hb9 &h9f &hcd         :::
   ':::   &h86 &h60 &h86 &h3a &h15 &h9a &hd4 &hab &he4 &h0f         :::
   ':::   &ha4 &h89 &h34 &h16 &h3d &hdd &he5 &h42 &ha6 &h58         :::
   ':::   &h55 &h40 &hfd &h68 &h3c &hbf &hd8 &hc0 &h0f &h12         :::
   ':::   &h12 &h9a &h28 &h4d &hea &hcc &h4c &hde &hfe &h58         :::
   ':::   &hbe &h71 &h37 &h54 &h1c &h04 &h71 &h26 &hc8 &hd4         :::
   ':::   &h9e &h27 &h55 &hab &h18 &h1a &hb7 &he9 &h40 &hb0         :::
   ':::   &hc0                                                      :::
   ':::                                                             :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


   Private sbox(255)
   Private key(255)


   Private Sub RC4Initialize(strPwd)
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::  This routine called by EnDeCrypt function. Initializes the :::
   ':::  sbox and the key array)                                    :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

      dim tempSwap
      dim a
      dim b

      intLength = len(strPwd)
      For a = 0 To 255
         key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
         sbox(a) = a
      next

      b = 0
      For a = 0 To 255
         b = (b + sbox(a) + key(a)) Mod 256
         tempSwap = sbox(a)
         sbox(a) = sbox(b)
         sbox(b) = tempSwap
      Next
   
   End Sub
   
   Public Function EnDeCrypt(plaintxt, psw)
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
   ':::  This routine does all the work. Call it both to ENcrypt    :::
   ':::  and to DEcrypt your data.                                  :::
   ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

      dim temp
      dim a
      dim i
      dim j
      dim k
      dim cipherby
      dim cipher

      i = 0
      j = 0

      RC4Initialize psw

      For a = 1 To Len(plaintxt)
         i = (i + 1) Mod 256
         j = (j + sbox(i)) Mod 256
         temp = sbox(i)
         sbox(i) = sbox(j)
         sbox(j) = temp
   
         k = sbox((sbox(i) + sbox(j)) Mod 256)

         cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
         cipher = cipher & Chr(cipherby)
      Next

      EnDeCrypt = cipher

   End Function
	
End Class
%>

Open in new window

0
 

Author Comment

by:vatza
ID: 39684691
Thanks. I am using the same script for RC4 encryption and decryption from 4guysfromrolla.com.

I am having an aspx page where I am encrypting a text and setting it as a cookie. I am retrieving the cookie at a classic asp page where I have the same script to decypt it.

The key, of course, remains the same.

I am not sure whether that will make a difference.
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 39685379
I would suggest creating a standalone page just with the function to encrypt/decrypt.  Let's say you call it rc4.asp since it is a classic asp page.  

rc4.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
myText=request.form("myText")
password="my_password"

if request.form("plaintxt")<>"" then
	response.cookie rc4(myText,password)
end if

function rc4(plaintxt, psw)

' function code goes here

end function

%>

Open in new window

In your aspx page, when you want to set the cookie, do a silent post to rc4.asp.  Then in your classic asp page, you can read it using the same code.  This just eliminates if one serverside script creates a slightly different hash.

If this is not the case, then try using your script only a a classic asp page just for testing where you can encrypt a phrase then decrypt it all on the same page.  If that works, then you are at least on the right track.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39686498
Another test is to see if you can both encrypt and decrypt from an ASP.NET page to see if that code even works in ASP.NET.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Welcome to part one of a multi-part tutorial series, VBScript for Windows System Administrators.  The goal of this series is to teach non-programmers how to write useful VBS code to automate their environment, and perform tasks faster, and in a more…
In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now