Solved

Encrypt ASP cookies

Posted on 2014-04-16
6
509 Views
Last Modified: 2014-04-17
How can I encrypt classic ASP cookies?

Response.cookies("name") = "JOHN"
0
Comment
Question by:JElster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Big Monty
ID: 40005148
you'll need to write your function to encrypt the cookies. You can use the one found here or for something stronger, you can use the zip file on this site which you can download from here
0
 
LVL 33

Assisted Solution

by:Big Monty
Big Monty earned 200 total points
ID: 40005161
I use the SHA256 encryption, it's really easy to use and all you need is the include file. To use it, you would do something like:

Response.cookies("name") = SHA256( "JOHN" )

or, for even more security, add a hash key:

Response.cookies("name") = SHA256( "JOHN" & "someRandomComboOfChars" )
0
 
LVL 53

Accepted Solution

by:
Scott Fell,  EE MVE earned 300 total points
ID: 40005178
You can pick up a nice library of ASP stuff here http://www.classicasp.org/ including the encryption files used in this sample code.  

Just set the encryption prior to setting the cookie.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptAesUtilEx.asp"-->
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptRc4UtilEx.asp"-->
<%
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' ***Public constructor
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Private CryptUtilEx
Set CryptUtilEx = New clsCryptUtilEx
Err.Clear 

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Class: org.classicasp.util.CryptUtilEx
'
' Encryption/Decryption utilities.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''	
Class clsCryptUtilEx
			
	Private Sub Class_Initialize()		
	End Sub
		
	Private Sub Class_Terminate()	
	End Sub
	
	'''''''''''
	' Function: Aes_Encrypt
	'
	' Encrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''		
	Public Function Aes_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Aes_Encrypt = StringEx(CryptAesUtilEx.AESEncrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Aes_Decrypt
	'
	' Decrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Aes_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Aes_Decrypt = StringEx(CryptAesUtilEx.AESDecrypt(sCypher, sPassword))
	End Function
	
	'''''''''''
	' Function: Rc4_Encrypt
	'
	' Encrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Rc4_Encrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Rc4_Decrypt
	'
	' Decrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Rc4_Decrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sCypher, sPassword))
	End Function			
	
End Class
%>

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 40005185
Big Monty gave you a one way hash option and I gave you an encryption option although we tend to call them both "encryption".   The hash option does not allow a way to decrypt.  You have to simply test it.  If you need to extract the value and use a password to decrypt, then you need the the encryption option.
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 40005203
ha, both libraries use the base code.  

md5 and sha are one way hash's.

AES, DES, RC4 are cyphers can can be encrypted and decrypted.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40005427
I've bookmarked http://www.classicasp.org/ .  I don't do a lot of Classic ASP but when I do I always need to find something!  Thanks for the link.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question