Triple DES decryption in classic ASP

asp-classicvbscript

How can I decrypt a string in classic-ASP/VBScript? The string comes from a php application that uses 3DES encryption.

Best Answer

I have a Javascript implementation of DES/TripleDES. It does CBC and ECB modes, and for padding supports PKCS7, Spaces, or Zeroes. It's integrated with a RFC2898-compliant PBKDF2, so it can generate encryption keys and IV's from passwords if you like. You can also set the crypto key and IV explicitly.

It is usable when calling directly from Javascript - any browser, or from Rhino, or WScript.exe, or maybe closer to your case, classic ASP using Javascript.

I've also packaged it as a COM component, so it is possible to call it from any COM-compliant environment, like VBScript running in classic ASP, or Perl, or VBA, etc.

It is an independent implementation, and is fully compliant with and interoperable with the .NET DESCryptoServiceProvider and TripleDESCryptoServiceProvider.

Get it here: http://cheeso.members.winisp.net/srcview.aspx?dir=DES

When calling it directly from Javascript, it looks like this:

var pbkdf2 = new PBKDF2(password, salt, iterations);
var key = pbkdf2.deriveBytes(8); // use 24 for 3DES
var iv = pbkdf2.deriveBytes(8);  // always 8 (==blocksize)
var des = new DES(key,iv);
var plaintext = "Hello. This is a test. of the emergency broadcasting system.";
var ciphertext = des.encrypt(plaintext);

When calling the COM component from VBScript, it looks like this:

Dim des
set des = CreateObject("Ionic.Com.DES")
des.Password = "This is my password"
des.Mode = "CBC"
des.TripleDES = True
des.Rfc2898Iterations = 1000
Dim result
result = des.EncryptString(plainText)
Dim decrypted
decrypted = des.DecryptBytes(result)
WScript.echo "decrypted       : " & decrypted

The encryption is pretty fast but the key generation is not.

Edit:

you can also use the Javascript DES stuff in a browser.
here's an example: http://jsbin.com/oguye3

Related Solutions

Sql-server – VBScript/ASP Classic

ADO is an excellent way to access a database in VBScript/Classic ASP.

Dim db: Set db = Server.CreateObject("ADODB.Connection")
db.Open "yourconnectionstring -> see connectionstrings.com"
Dim rs: Set rs = db.Execute("SELECT firstName from Employees")
While Not rs.EOF
    Response.Write rs("firstName")
    rs.MoveNext
Wend
rs.Close

More info here: http://www.technowledgebase.com/2007/06/12/vbscript-how-to-create-an-ado-connection-and-run-a-query/

One caveat is that if you are returning a MEMO field in a recordset, be sure you only select ONE MEMO field at a time, and make sure it is the LAST column in your query. Otherwise you will run into problems. (Reference: http://lists.evolt.org/archive/Week-of-Mon-20040329/157305.html )

Php – UTF-8 Server.UrlEncode problem in ASP Classic

%C3%83%C2%A9

That's encoded too much: the string is written as UTF-8, read back in as ISO-8859-1, then written as UTF-8 again before being hex-encoded!

%E9

That's encoded too little: the string is written out as plain ISO-8859-1 and hex-encoded. This is fine if the PHP script you are talking to is expecting ISO-8859-1, but modern web systems should be talking UTF-8, in which case the sequence you want it to look like:

%C3%A9

(That's encoded just right!)

I am using Server.URLEncode in classic ASP

Classic ASP has, unfortunately, some serious deficiencies in processing Unicode. You can set @ CODEPAGE=65001 (and Response.Charset="UTF-8") to produce UTF-8 pages, but your internal string type is still encoded in the system codepage, and any data grabbed from form submissions or the database will be read into that encoding.

So you can URLEncode() a literal chr 233 to get the correct output OK, but if you're getting the data from a UTF-8-encoded ‘é’ in a form submission, you'll end up with ‘Ã©’ — the UTF-8 sequence misinterpreted as ISO-8859-1 (actually cp1252, the Windows equivalent).

Best Answer

Related Solutions

Sql-server – VBScript/ASP Classic

Php – UTF-8 Server.UrlEncode problem in ASP Classic

Related Topic