NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: CaseyR on September 13, 2013, 01:33:26 PM

Title: Saving encrypted string as cookie
Post by: CaseyR on September 13, 2013, 01:33:26 PM

I am trying to save symetrically encrypted login information as string in a cookie using Cryptonite and StringTheory.   I can encrypt and decrypt the string without trouble, and I can save and retrieve the unencrypted string as a cookie.  The POST statement shows the cookie value is derived from the encrypted string but is very different from the value shown after encryption using Trace. 

CookieST        StringTheory
MyCryptonite4  Cryptonite


SaveCookie    ROUTINE

  CookieST.SetValue('String to save as cookie')
  MyCryptonite4.EncryptString(CookieST,'MyPassKey')
  CookieST.Trace
  p_web.SetCookie('MyCookie',CookieST.GetValue())

RetrieveCookie      ROUTINE
  CookieSt.SetValue(p_web.GetValue('MyCookie'))
  CookieSt.Trace              !result very different
  MyCryptonite4.DecryptString(CookieST,'MyPassKey')
  !Process decrypted string (note: password hashed on server)

CLIPing the CookieST or p_web. GetValues  before saving or after retrieval didn't solve the problem.

Thanks in advance.

Title: Re: Saving encrypted string as cookie
Post by: Bruce on September 13, 2013, 09:32:23 PM

Hi Casey,

encrypted strings are of course "completely binary" - meaning that thy can contains nulls, CR/LF and so on. Certain combinations (I expect especially nulls) are not allowed in cookies, so you need to "encode" the binary into a "text" format before storing in the cookie.

So I'd suggest adding StringTheory calls to Base64Encode and Base64Decode at appropriate points.

cheers
Bruce

Title: Re: Saving encrypted string as cookie
Post by: CaseyR on September 14, 2013, 10:03:09 AM

Perfect.   Thanks, Bruce.