Monday, January 11, 2016

cfusion_ecrypt in ruby

First off, you should not use cfusion_encrypt. It does not provide actual encryption. Even if it did, you're probably thinking of using it for storing passwords, and passwords should be hashed, not encrypted. It is not at all secure. It has even been dropped from newer versions of Coldfusion.

That said, we don't always have total control over all the systems we must interact with. Maybe you as supporting or tying into some legacy app that used cfusion_encrypt, and you need a way to decrypt. Maybe you're doing so from some other language, like Ruby. I have a present for you. Here is a ruby implementation of cfusion_decrypt. Just promise to use these powers only for good.


 def cfusion_decrypt(encrypted, key)  
   padded_key = ""  
   encrypted.length.times do |i|  
    padded_key += key[i % key.length]  
   end  
   acc = ""  
   0.step(encrypted.length-2, 2) do |i|  
    e_hex = encrypted[i, 2].hex  
    key_ascii = padded_key[i/2].ord  
    acc += (e_hex ^ key_ascii).chr  
   end  
   acc  
  end
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)