?
Solved

Encrypt ASP cookies

Posted on 2014-04-16
6
Medium Priority
?
537 Views
Last Modified: 2014-04-17
How can I encrypt classic ASP cookies?

Response.cookies("name") = "JOHN"
0
Comment
Question by:JElster
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Big Monty
ID: 40005148
you'll need to write your function to encrypt the cookies. You can use the one found here or for something stronger, you can use the zip file on this site which you can download from here
0
 
LVL 34

Assisted Solution

by:Big Monty
Big Monty earned 800 total points
ID: 40005161
I use the SHA256 encryption, it's really easy to use and all you need is the include file. To use it, you would do something like:

Response.cookies("name") = SHA256( "JOHN" )

or, for even more security, add a hash key:

Response.cookies("name") = SHA256( "JOHN" & "someRandomComboOfChars" )
0
 
LVL 54

Accepted Solution

by:
Scott Fell,  EE MVE earned 1200 total points
ID: 40005178
You can pick up a nice library of ASP stuff here http://www.classicasp.org/ including the encryption files used in this sample code.  

Just set the encryption prior to setting the cookie.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptAesUtilEx.asp"-->
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptRc4UtilEx.asp"-->
<%
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' ***Public constructor
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Private CryptUtilEx
Set CryptUtilEx = New clsCryptUtilEx
Err.Clear 

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Class: org.classicasp.util.CryptUtilEx
'
' Encryption/Decryption utilities.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''	
Class clsCryptUtilEx
			
	Private Sub Class_Initialize()		
	End Sub
		
	Private Sub Class_Terminate()	
	End Sub
	
	'''''''''''
	' Function: Aes_Encrypt
	'
	' Encrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''		
	Public Function Aes_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Aes_Encrypt = StringEx(CryptAesUtilEx.AESEncrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Aes_Decrypt
	'
	' Decrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Aes_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Aes_Decrypt = StringEx(CryptAesUtilEx.AESDecrypt(sCypher, sPassword))
	End Function
	
	'''''''''''
	' Function: Rc4_Encrypt
	'
	' Encrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Rc4_Encrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Rc4_Decrypt
	'
	' Decrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Rc4_Decrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sCypher, sPassword))
	End Function			
	
End Class
%>

Open in new window

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 40005185
Big Monty gave you a one way hash option and I gave you an encryption option although we tend to call them both "encryption".   The hash option does not allow a way to decrypt.  You have to simply test it.  If you need to extract the value and use a password to decrypt, then you need the the encryption option.
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
ID: 40005203
ha, both libraries use the base code.  

md5 and sha are one way hash's.

AES, DES, RC4 are cyphers can can be encrypted and decrypted.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40005427
I've bookmarked http://www.classicasp.org/ .  I don't do a lot of Classic ASP but when I do I always need to find something!  Thanks for the link.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question