問題描述

我有一個 Coldfusion 頁面，其中包含一段加密變量的代碼，如下所示:

I have a Coldfusion page that includes a section of code that encrypts a variable like this:

<cfset data64 = toBase64(key)>
<cfset encryptedID = encrypt(getUser.ID, data64, "BLOWFISH", "Base64")>

我們正在將該站點移至基于 .NET 的 CMS，我需要將此頁面轉換為 C#，但遇到了麻煩.

We're moving the site to a .NET-based CMS, and I need to convert this page to C#, but I'm running into trouble.

我已成功將第一行轉換為:

I've successfully converted the first line to this:

byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);

我還添加了在 https://defuse.ca/blowfish.htm，但我對如何將其與密鑰一起使用(以及我是否要使用 ECB、CBC 或 CTR)有點模糊.我也不確定在 Coldfusion 中使用 base64 編碼的模擬是什么......這是我目前正在嘗試的，它不會產生與原始代碼相同的結果:

I've also added the blowfish.cs class found at https://defuse.ca/blowfish.htm, but I'm a little fuzzy on how to use this with the key (and whether I want to be using ECB, CBC, or CTR). I'm also not sure what the analog is to using the base64 encoding in Coldfusion... this is what I'm currently trying, which is not producing the same results as the original code:

BlowFish b = new BlowFish(keyBase64);
byte[] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser["ID"].ToString());
byte[] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);

我在一般加密方面沒有太多經驗，Coldfusion 代碼是在另一個沒有 C# 經驗的開發人員的幫助下設置的.任何建議將不勝感激.謝謝！

I don't have much experience with encryption in general, and the Coldfusion code was set up with the help of another developer who doesn't have C# experience. Any suggestions would be much appreciated. Thank you!

推薦答案

你可能想試試 BouncyCastle C#API.我為 POC 運行了一些測試，它似乎產生了與您的 CF 代碼相同的結果.

You might want to try the BouncyCastle C# API. I ran a few tests, for POC, and it seemed to produce the same results as your CF code.

需要記住的幾點:如果您閱讀 ColdFusion 中的強加密 它解釋了 ColdFusion 默認使用 ECB 模式和 PKCS5Padding.因此，當指定簡寫 Blowfish 時，您實際上是在說使用 Blowfish/ECB/PKCS5Padding.為了在 C#(或任何語言)中復制加密，您必須使用相同的設置.

A few things to keep in mind: If you read Strong Encryption in ColdFusion it explains that ColdFusion uses ECB mode and PKCS5Padding by default. So when specifying the shorthand Blowfish, you are actually saying use Blowfish/ECB/PKCS5Padding. In order to duplicate the encryption in C# (or any language), you must to use those same settings.

C# 端口的文檔似乎并不多，但據我所知，BlowfishEngine 默認為 ECB 模式.因此，如果將其包裝在 PaddedBufferedBlockCipher 中，則結果應該是 PKCS5 填充的.這應該會給您與您的 CF 代碼相同的結果:

There does not seem to be a lot of documentation for the C# port, but from what I can tell the BlowfishEngine defaults to ECB mode. So if you wrap it in a PaddedBufferedBlockCipher the result should be PKCS5 padded. That should give you the same result as your CF code:

    byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(userIDString);
    byte[] keyBytes = System.Convert.FromBase64String(keyInBase64);

    // initialize for ECB mode and PKCS5/PKCS7 padding
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
    KeyParameter param = new KeyParameter(keyBytes);
    cipher.Init(true, param);

    // encrypt and encode as base64
    byte[] encryptedBytes =  cipher.DoFinal(inputBytes);
    string idBase64 = System.Convert.ToBase64String(encryptedBytes);

注意:我不是加密專家，但會說不鼓勵使用ECB"模式.請參閱 wiki 了解原因.所以你應該認真考慮選擇不同的模式.

NB: I am not an expert on encryption, but will say that use of "ECB" mode is discouraged. See wiki for a good illustration of why. So you should seriously consider choosing a different mode.

這篇關于將 Coldfusion 加密代碼轉換為 C#的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！