user3562286 user3562286 - 3 months ago 25
C# Question

Converting Coldfusion encryption code to C#

I have a Coldfusion page that includes a section of code that encrypts a variable like this:

<cfset data64 = toBase64(key)>
<cfset encryptedID = encrypt(getUser.ID, data64, "BLOWFISH", "Base64")>


We're moving the site to a .NET-based CMS, and I need to convert this page to C#, but I'm running into trouble.

I've successfully converted the first line to this:

byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(key);
string keyBase64 = System.Convert.ToBase64String(keyBytes);


I've also added the blowfish.cs class found at https://defuse.ca/blowfish.htm, but I'm a little fuzzy on how to use this with the key (and whether I want to be using ECB, CBC, or CTR). I'm also not sure what the analog is to using the base64 encoding in Coldfusion... this is what I'm currently trying, which is not producing the same results as the original code:

BlowFish b = new BlowFish(keyBase64);
byte[] idBytes = System.Text.Encoding.UTF8.GetBytes(thisUser["ID"].ToString());
byte[] idBytesEncrypted = b.Encrypt_ECB(idBytes);
string idBase64 = System.Convert.ToBase64String(idBytesEncrypted);


I don't have much experience with encryption in general, and the Coldfusion code was set up with the help of another developer who doesn't have C# experience. Any suggestions would be much appreciated. Thank you!

Answer

You might want to try the BouncyCastle C# API. I ran a few tests, for POC, and it seemed to produce the same results as your CF code.

A few things to keep in mind: If you read this article on Strong Encryption in ColdFusion it explains that ColdFusion uses EBC mode and PKCS5Padding by default. So when you use the algorithm shorthand Blowfish, you are actually using Blowfish/ECB/PKCS5Padding. In order to duplicate the encryption in C# (or any language), you need to use those same settings.

There does not seem to be a lot of documentation for the C# port, but from what I can tell the BlowfishEngine defaults to EBC mode. So if you wrap it in a PaddedBufferedBlockCipher the result should be PKCS5 padded. That should give you the same result as your CF code:

    byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(userIDString);
    byte[] keyBytes = System.Convert.FromBase64String(keyInBase64);

    // initialize for EBC mode and PKCS5/PKCS7 padding
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine());
    KeyParameter param = new KeyParameter(keyBytes);
    cipher.Init(true, param);

    // encrypt and encode as base64
    byte[] encryptedBytes =  cipher.DoFinal(inputBytes);
    string idBase64 = System.Convert.ToBase64String(encryptedBytes);

NB: I am not an expert on encryption, but will say that use of "ECB" mode is discouraged. See wiki for a good illustration of why. So you should seriously consider choosing a different mode.

Comments