Solved

Encrypt ASP cookies

Posted on 2014-04-16
6
483 Views
Last Modified: 2014-04-17
How can I encrypt classic ASP cookies?

Response.cookies("name") = "JOHN"
0
Comment
Question by:JElster
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Big Monty
ID: 40005148
you'll need to write your function to encrypt the cookies. You can use the one found here or for something stronger, you can use the zip file on this site which you can download from here
0
 
LVL 33

Assisted Solution

by:Big Monty
Big Monty earned 200 total points
ID: 40005161
I use the SHA256 encryption, it's really easy to use and all you need is the include file. To use it, you would do something like:

Response.cookies("name") = SHA256( "JOHN" )

or, for even more security, add a hash key:

Response.cookies("name") = SHA256( "JOHN" & "someRandomComboOfChars" )
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 300 total points
ID: 40005178
You can pick up a nice library of ASP stuff here http://www.classicasp.org/ including the encryption files used in this sample code.  

Just set the encryption prior to setting the cookie.  

<%
'***ClassicASP.org <http://www.classicasp.org>
'Copyright 2010 ClassicASP.org

'This file is part of ClassicASP Framework.

'ClassicASP-Framework is free software: you can redistribute it and/or modify
'it under the terms of the GNU General Public License as published by
'the Free Software Foundation, version 3 of the License.

'ClassicASP-Framework is distributed in the hope that it will be useful,
'but WITHOUT ANY WARRANTY; without even the implied warranty of
'MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'GNU General Public License for more details.

'You should have received a copy of the GNU General Public License
'along with ClassicASP-Framework.  If not, see <http://www.gnu.org/licenses/>.      

'For additional information please visit <http://www.classicasp.org>.
%>
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptAesUtilEx.asp"-->
<!--#include virtual = "/lib/asp/org/classicasp/util/CryptUtilEx/CryptRc4UtilEx.asp"-->
<%
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' ***Public constructor
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
Private CryptUtilEx
Set CryptUtilEx = New clsCryptUtilEx
Err.Clear 

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Class: org.classicasp.util.CryptUtilEx
'
' Encryption/Decryption utilities.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''	
Class clsCryptUtilEx
			
	Private Sub Class_Initialize()		
	End Sub
		
	Private Sub Class_Terminate()	
	End Sub
	
	'''''''''''
	' Function: Aes_Encrypt
	'
	' Encrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''		
	Public Function Aes_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Aes_Encrypt = StringEx(CryptAesUtilEx.AESEncrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Aes_Decrypt
	'
	' Decrypts a string using an implementation of the AES Rijndael Block Cipher.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Aes_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Aes_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Aes_Decrypt = StringEx(CryptAesUtilEx.AESDecrypt(sCypher, sPassword))
	End Function
	
	'''''''''''
	' Function: Rc4_Encrypt
	'
	' Encrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Encrypt("plaintext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Encrypt(ByVal sPlain, ByVal sPassword)
		Set Rc4_Encrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sPlain, sPassword))
	End Function

	'''''''''''
	' Function: Rc4_Decrypt
	'
	' Decrypts a string using an implementation of the RSA 'RC4' Encryption.
	'
	' Returns:
	' StringEx
	' 
	' Example:
	' <pre>		
	' {{ Set myVar = CryptUtilEx.Rc4_Decrypt("cyphertext", "password") }}
	' </pre>		
	'
	'''''''''''	
	Public Function Rc4_Decrypt(ByVal sCypher, ByVal sPassword)
		Set Rc4_Decrypt = StringEx(CryptRc4UtilEx.EnDeCrypt(sCypher, sPassword))
	End Function			
	
End Class
%>

Open in new window

0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 40005185
Big Monty gave you a one way hash option and I gave you an encryption option although we tend to call them both "encryption".   The hash option does not allow a way to decrypt.  You have to simply test it.  If you need to extract the value and use a password to decrypt, then you need the the encryption option.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 40005203
ha, both libraries use the base code.  

md5 and sha are one way hash's.

AES, DES, RC4 are cyphers can can be encrypted and decrypted.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40005427
I've bookmarked http://www.classicasp.org/ .  I don't do a lot of Classic ASP but when I do I always need to find something!  Thanks for the link.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now