I am having trouble understanding how I can put a string in CF with zero bytes. In Java, I would do this ...
String ZeroPad = ""; for (int i = 0; i < 32; i++) ZeroPad = ZeroPad + "\0"; String strKey = strUsername + strPassword + ZeroPad; strKey = strKey.substring(0, 32);
But doing the following in ColdFusion creates something like this "\ 0 \ 0 ..." instead of null bytes.
<cfset var key = arguments.username&arguments.password/> <cfloop condition="#len(key)# less than 32"> <cfset key = key & "\0"/> </cfloop> <cfset key = key.substring(0,32)/>
Ongoing problems. Ok, I updated my CFML to this ...
<cfset var strB = createObject("java", "java.lang.StringBuilder")/> <cfloop from=1 to=32 index="i"> <cfset zeroPad = zeroPad & URLDecode("%00")/> </cfloop> <cfset strB.append(arguments.username)/> <cfset strB.append(arguments.password)/> <cfset strB.append(zeroPad)/> <cfif strB.length() GT 32> <cfset key = strB.substring(0,32)/> <cfelse> <cfset key = strB.toString()/> </cfif>
The generated key is used to encrypt AES. On my local dev machine (Mac OS X Mavericks) this works fine and I can encrypt the generated key. However, in my production environment (Windows Server 2008), I get an "Invalid key size" error message. The key size on both shows as 32, and I'm confused.
coldfusion encryption
E-madd
source share