Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Encrypt ASP cookies

Posted on 2014-04-16
6
Medium Priority
?
529 Views
Last Modified: 2014-04-17
How can I encrypt classic ASP cookies?

Response.cookies("name") = "JOHN"
0
Comment
Question by:JElster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Big Monty
ID: 40005148
you'll need to write your function to encrypt the cookies. You can use the one found here or for something stronger, you can use the zip file on this site which you can download from here
0
 
LVL 34

Assisted Solution

by:Big Monty
Big Monty earned 800 total points
ID: 40005161
I use the SHA256 encryption, it's really easy to use and all you need is the include file. To use it, you would do something like:

Response.cookies("name") = SHA256( "JOHN" )

or, for even more security, add a hash key:

Response.cookies("name") = SHA256( "JOHN" & "someRandomComboOfChars" )
0
 
LVL 54

Accepted Solution

by:
Scott Fell,  EE MVE earned 1200 total points
ID: 40005178
You can pick up a nice library of ASP stuff here http://www.classicasp.org/ including the encryption files used in this sample code.  

Just set the encryption prior to setting the cookie.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptAesUtilEx.asp"-->
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptRc4UtilEx.asp"-->
<%
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' ***Public constructor
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Private CryptUtilEx
Set CryptUtilEx = New clsCryptUtilEx
Err.Clear 

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Class: org.classicasp.util.CryptUtilEx
'
' Encryption/Decryption utilities.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''	
Class clsCryptUtilEx
			
	Private Sub Class_Initialize()		
	End Sub
		
	Private Sub Class_Terminate()	
	End Sub
	
	'''''''''''
	' Function: Aes_Encrypt
	'
	' Encrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''		
	Public Function Aes_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Aes_Encrypt = StringEx(CryptAesUtilEx.AESEncrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Aes_Decrypt
	'
	' Decrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Aes_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Aes_Decrypt = StringEx(CryptAesUtilEx.AESDecrypt(sCypher, sPassword))
	End Function
	
	'''''''''''
	' Function: Rc4_Encrypt
	'
	' Encrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Rc4_Encrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Rc4_Decrypt
	'
	' Decrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Rc4_Decrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sCypher, sPassword))
	End Function			
	
End Class
%>

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 40005185
Big Monty gave you a one way hash option and I gave you an encryption option although we tend to call them both "encryption".   The hash option does not allow a way to decrypt.  You have to simply test it.  If you need to extract the value and use a password to decrypt, then you need the the encryption option.
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 40005203
ha, both libraries use the base code.  

md5 and sha are one way hash's.

AES, DES, RC4 are cyphers can can be encrypted and decrypted.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40005427
I've bookmarked http://www.classicasp.org/ .  I don't do a lot of Classic ASP but when I do I always need to find something!  Thanks for the link.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question