Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts

    Encryption (RC4) - mangled text

    I'm trying to write an encrypted CSV file, using the RC4 encryption code from 4guysfromrolla.

    When I decrypt the file, I get a whole bunch of... well, it looks like the text has only been partially decrypted, above my hex dump of the output. You can see my test page here (it's screwing up the browser display so you have to look a little carefully to see where the "decrypted" text ends and the hex dump begins).

    I can't see any pattern to it. My understanding of character encoding is minimal and I suspect that it's at the root of this, but if someone could take a look and attempt to explain to me just what's actually going on, I'd be enormously grateful.

    The source for my test page is:

    Code:
    <!--#INCLUDE FILE="functions.asp"-->
    <!--#INCLUDE FILE="rc4.asp"-->
    
    <%
    sSessionId = session.sessionID
    iKeycode = "0"
    sFormName = safeEscape("TEST_FORM")
    sTitle = safeEscape("Mr")
    sFName = safeEscape("Test")
    sLName = safeEscape("Testsson")
    sAdd1 = safeEscape("1 Any Street")
    sTown = safeEscape("Mytown")
    sCounty = safeEscape("Sadsville")
    sPostcode = safeEscape("AB1 2CD")
    sAmount = "10"
    sDay = safeEscape("12")
    sMethod = safeEscape("CC")
    sCard_type = safeEscape("Switch")
    sCard_name = safeEscape("MR T TESTSSON")
    sCard_number = safeEscape("1234567812345678")
    sVFM = "03"
    sVFY = "2006"
    sVTM = "02"
    sVTY = "2009"
    sIssue = "1"
    sCVV = "123"
    
    dim sData
    sData = sSessionId & ",1," & iKeycode & vbCrLf
    sData = sData & sSessionId & ",2," & sFormName & vbCrLf
    sData = sData & sSessionId & ",10," & sTitle & vbCrLf
    sData = sData & sSessionId & ",11," & sFName & vbCrLf
    sData = sData & sSessionId & ",12," & sLName & vbCrLf
    sData = sData & sSessionId & ",21," & sAdd1 & vbCrLf
    sData = sData & sSessionId & ",22," & sTown & vbCrLf
    sData = sData & sSessionId & ",23," & sCounty & vbCrLf
    sData = sData & sSessionId & ",28," & sPostcode & vbCrLf
    sData = sData & sSessionId & ",180," & sAmount & vbCrLf
    sData = sData & sSessionId & ",190," & sDay & vbCrLf
    sData = sData & sSessionId & ",194," & sMethod & vbCrLf
    sData = sData & sSessionId & ",181," & sCard_type & vbCrLf
    sData = sData & sSessionId & ",182," & sCard_name & vbCrLf
    sData = sData & sSessionId & ",183," & sCard_number & vbCrLf
    sData = sData & sSessionId & ",184," & sVFM & vbCrLf
    sData = sData & sSessionId & ",185," & sVFY & vbCrLf
    sData = sData & sSessionId & ",186," & sVTM & vbCrLf
    sData = sData & sSessionId & ",187," & sVTY & vbCrLf
    sData = sData & sSessionId & ",188," & sIssue & vbCrLf
    sData = sData & sSessionId & ",189," & sCVV & vbCrLf
    sData = sData & sSessionId & ",999"
    
    response.write("<pre>" & sData & "</pre>" & vbCrLf & vbCrLf)
    
    
    
    sub writeEncryptedFile(sText, sKey)
    	dim sRoot, sKeyFile, sFileName, sFilePath, sEncrypted
    	sRoot = server.mappath("\crypt")
    	sEncrypted = EnDeCrypt(sText,sKey)
    	sFileName = year(now()) & addLeadingZero(month(now())) & addLeadingZero(day(now())) & "_" & session.sessionID & ".csv"
    	sFilePath = sRoot & "\" & sFileName
    	dim oFSO, oTextFile
    	set oFSO = Server.CreateObject("Scripting.FileSystemObject") 
    	set oTextFile = oFSO.CreateTextFile(sFilePath, false, false)
    		oTextFile.Write(sEncrypted)
    		oTextFile.Close
    	set oTextFile = nothing
    end sub
    
    
    sCryptFolder = server.mappath("/crypt")
    sEncryptionKey = "thisistheencryptionkey"
    
    
    
    
    writeEncryptedFile sData, sEncryptionKey
    
    
    dim oFSO, oFldr, oFileText
    set oFSO = server.createobject("Scripting.FileSystemObject")
    set oFldr = oFSO.getFolder(sCryptFolder)
      
      for each oFile in oFldr.files
      	sFileName = oFile.Name
    	
        if instr(sFileName,"asp")<1 then
    		
    		response.write("Reading: "  & sFileName & vbCrLf)
    		
    		sFilePath = sCryptFolder & "\" & sFileName
    		
        	set oFileText = oFSO.OpenTextFile(sFilePath, 1, false, 0)
    			
    			sFileContents = oFileText.ReadAll
    			
    		set oFileText = nothing
    		
    		oFSO.DeleteFile sFilePath
    		
    		sDecryptedContents = EnDeCrypt(sFileContents, sEncryptionKey)
    		
    		response.write(sDecryptedContents & vbCrLf & vbCrLf)
    		
    		
    		for x = 1 to len(sDecryptedContents)
    			response.write right(string(2,"0") & hex(asc(mid(sDecryptedContents, x, 1))),2) & " "
    			if x mod 26 = 0 then response.write vbCRLF
    		next
    		
        end if
    	
      next
      
    set oFldr = nothing
    set oFSO = nothing
    
    
    
    %>

    (nb: "functions.asp" is a few utility functions I keep knocking about - like "safeEscape()", which tries to escape() a string and doesn't throw an error if it's empty, and "addLeadingZero()", which does exactly what it says on the tin. "rc4.asp" is the file copied wholesale from the 4guysfromrolla website, which you can see here

  • #2
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    I guess that's a "no", then

    Anyone recommend any of the commercial ASP encryption components?

  • #3
    Regular Coder
    Join Date
    Mar 2007
    Posts
    505
    Thanks
    1
    Thanked 19 Times in 19 Posts
    Hey Spuds--

    It looks as though this is working correctly.

    The parts that I think you are saying are "partially decrypted" is HTML's way of saying ' ' (space) and other characters. %20 = space

    Try looking at your page's source and I think that you will find it's doing exactly as it's designed OR try doing a
    Code:
    response.write(replace(sDecryptedContents,"%20"," ") & vbCrLf & vbCrLf)
    HTH!

  • #4
    Senior Coder Spudhead's Avatar
    Join Date
    Jun 2002
    Location
    London, UK
    Posts
    1,856
    Thanks
    8
    Thanked 110 Times in 109 Posts
    Ummm.



    In the 3 days since I posted this, it's fixed itself. I swear I haven't touched the file.

    I'm not talking about the encoded characters (the spaces). The test data that's going in is encoded: the data that's coming out should also be encoded.

    I was referring to.... it was writing weird characters - above ASCII code 127. And it was doing it bang in the middle of the decrypted text.

    Now I'm REALLY confused. It was bad enough when I didn't know why it didn't work. Now I don't know why it works

  • #5
    Regular Coder
    Join Date
    Mar 2007
    Posts
    505
    Thanks
    1
    Thanked 19 Times in 19 Posts
    That is weird, as I don't see them in your test script at all.

    Well, you can always chalk it up to -- If it works, don't touch it.

    Here's a simple question though - You say you haven't touched the CSV file, but have you edited your functions.asp page, i.e. safeEscape() and addLeadingZero()?

    What about adding (or removing) cStr or cInt?

    Just some things to help jog the memory.

    nb - sorry it took so long to get back to you. Haven't logged on in a couple of days...

  • #6
    New to the CF scene
    Join Date
    Jul 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I had the same weird random encoding thing happening. For me, it was working correctly on some pages and on other pages, it was only partially decrypting it.

    One solution someone pointed out is that it wasn't being encoded for HTML when you're testing it. That is easily overcome by using Server.HTMLEncode(), but that wasn't my problem.

    Mine was that it would encrypt and decrypt it fine on one page, but when I went to a different page to decrypt it, it wouldn't work. Drove me crazy until I found that the only difference between the pages was the declaration at the top:

    <%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>

    The bug here was that one of the pages didn't have this declaration and the other did. Thus, the encoding and decoding were being done with different codepages.

    Just make sure you're using the same codepage and it should give consistent results.

    Best,
    Tom


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •