Solved

Encrypt ASP cookies

Posted on 2014-04-16
6
495 Views
Last Modified: 2014-04-17
How can I encrypt classic ASP cookies?

Response.cookies("name") = "JOHN"
0
Comment
Question by:JElster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Big Monty
ID: 40005148
you'll need to write your function to encrypt the cookies. You can use the one found here or for something stronger, you can use the zip file on this site which you can download from here
0
 
LVL 33

Assisted Solution

by:Big Monty
Big Monty earned 200 total points
ID: 40005161
I use the SHA256 encryption, it's really easy to use and all you need is the include file. To use it, you would do something like:

Response.cookies("name") = SHA256( "JOHN" )

or, for even more security, add a hash key:

Response.cookies("name") = SHA256( "JOHN" & "someRandomComboOfChars" )
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 300 total points
ID: 40005178
You can pick up a nice library of ASP stuff here http://www.classicasp.org/ including the encryption files used in this sample code.  

Just set the encryption prior to setting the cookie.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptAesUtilEx.asp"-->
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptRc4UtilEx.asp"-->
<%
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' ***Public constructor
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Private CryptUtilEx
Set CryptUtilEx = New clsCryptUtilEx
Err.Clear 

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Class: org.classicasp.util.CryptUtilEx
'
' Encryption/Decryption utilities.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''	
Class clsCryptUtilEx
			
	Private Sub Class_Initialize()		
	End Sub
		
	Private Sub Class_Terminate()	
	End Sub
	
	'''''''''''
	' Function: Aes_Encrypt
	'
	' Encrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''		
	Public Function Aes_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Aes_Encrypt = StringEx(CryptAesUtilEx.AESEncrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Aes_Decrypt
	'
	' Decrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Aes_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Aes_Decrypt = StringEx(CryptAesUtilEx.AESDecrypt(sCypher, sPassword))
	End Function
	
	'''''''''''
	' Function: Rc4_Encrypt
	'
	' Encrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Rc4_Encrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Rc4_Decrypt
	'
	' Decrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Rc4_Decrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sCypher, sPassword))
	End Function			
	
End Class
%>

Open in new window

0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 40005185
Big Monty gave you a one way hash option and I gave you an encryption option although we tend to call them both "encryption".   The hash option does not allow a way to decrypt.  You have to simply test it.  If you need to extract the value and use a password to decrypt, then you need the the encryption option.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 40005203
ha, both libraries use the base code.  

md5 and sha are one way hash's.

AES, DES, RC4 are cyphers can can be encrypted and decrypted.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40005427
I've bookmarked http://www.classicasp.org/ .  I don't do a lot of Classic ASP but when I do I always need to find something!  Thanks for the link.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Diminish Pop-up  in 3 seconds 7 70
return false must be hit after calling certain command 10 45
2012 SQL to JSON Select 5 32
ASP Classic - Read XML File inner content 10 49
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question