Search the web
Sign In
New User? Sign Up
active-server-pages · Active Server Pages Developers' List
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Polls
  • Calendar
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Real people. Real stories. See how Yahoo! Groups impacts members worldwide.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
RC4 Encryption   Message List  
Reply | Forward Message #12383 of 12411 |
RE: [ASP] RC4 Encryption

Hi Moshe,

> Anyone still around here?

Yep. :)


> I have a ready-made function for RC4 encryption.
> Then it converted to Hex for storing in an SQL db (see below).
>
> The very weird thing, is that when in the order process, the
> encryption/decrypt process is perfect.
>
> But when I access the same string, using the same functions,
> with the same key, via an admin interface I built the credit
> card info that spits out - is wrong. There is some kind of a
> corruption.

Sounds like it's one of either two problems:

* The characters in the first implementation are a different charset
than in the second - the data is being received and processed as ANSI,
UTF-8, UTF-16 or Unicode, but is being stored in a different charset
that has a different binary representation for the same characters. When
you draw the data back out, it's keeping the storage charset, instead of
the original, which is damaging the reconstruction since the actual
bytes aren't the same.

* If the charsets are the same, the resulting value may have embedded
nulls, which ASP is incapable of correctly representing within strings.


You have four options as far as I can see.

* Instead of storing the data as hex, store it as a string with only
decimal values (a number) so it can be easily converted to a normalized
value (a double or decimal). That will enable you to reverse it back to
a proper string (if the resulting number is short enough to fit in these
types of variables).

* Ensure that the charsets are exactly the same within the storage
system and the front-end. This could be an issue if you don't have full
control over the database. If the charset for the field is changed back
to an unsupported charset, you're screwed.

* Edit the RC4 encryption/decryption functions to normalize the charset
(StrConv) before and after processing, without consideration for the
storage or frontend charsets. Chances are the RC4 functions stores the
data in a byte array throughout processing, which you should use to
convert to/from the hex values instead of reconverting it to string then
hex.

* Use a system that can encrypt/decrypt the data without ever converting
it to a binary. This will avoid the embedded null issues. This is
important, but not as safe as just avoiding charsets with embedded nulls
entirely.

-Shawn
Mon Apr 20, 2009 2:48 am

Show Message Option
shawn_ra
Online Now Online Now
Send Email Send Email

Forward 		Message #12383 of 12411 |
Expand Messages Author Sort by Date

Hey guys Anyone still around here? I have an issue that's really been messing with my head! I have a ready-made function for RC4 encryption. Then it converted... 		Moshe Tapnack
tapnack
Offline Send Email 		Apr 19, 2009
10:57 pm

Hi Moshe, ... Yep. :) ... Sounds like it's one of either two problems: * The characters in the first implementation are a different charset than in the second...
Shawn K. Hall
shawn_ra
Online Now Send Email 		Apr 20, 2009
2:49 am

Hey Shawn Good to hear from you! And especially with as detailed a reply! Both interfaces are UTF8, but I will check what the database is. I assume that that...
Moshe Tapnack
tapnack
Offline Send Email 		Apr 20, 2009
9:34 pm

Hey there I have a script that should download a CSV file from the browser. It works perfectly on Firefox and Chrome - but on IE(v7) it chokes and throws and ...
Moshe Tapnack
tapnack
Offline Send Email 		May 5, 2009
7:00 pm

You're getting an IE error, but have shown a script that we are not going to be able to run. This is not going to allow analysis. What you need to provide is...
David Smart
smartware_co...
Offline Send Email 		May 5, 2009
9:48 pm

Hi Dave There is no HTML - it's a purely ASP server side page - its responsing to the CSV file. And in FF the script works perfectly anyway... ... From:...
Moshe Tapnack
tapnack
Offline Send Email 		May 5, 2009
10:54 pm

Hi Moshe, Change this: Response.ContentType = "text/csv" To this: Response.ContentType = "application/x-msdownload" This is the only way to consistently...
Shawn K. Hall
shawn_ra
Online Now Send Email 		May 6, 2009
3:40 am

Hi Shawn A VERY belated thank you for this reply - I was away on reserve duty, vacation, and a little work time in-between the 2... and I have just tried this...
Moshe Tapnack
tapnack
Offline Send Email 		Aug 9, 2009
3:03 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help