Author Topic: Saving encrypted string as cookie (Read 4597 times)

CaseyR · « **on:** September 13, 2013, 01:33:26 PM »

I am trying to save symetrically encrypted login information as string in a cookie using Cryptonite and StringTheory. I can encrypt and decrypt the string without trouble, and I can save and retrieve the unencrypted string as a cookie. The POST statement shows the cookie value is derived from the encrypted string but is very different from the value shown after encryption using Trace.

CookieST StringTheory
MyCryptonite4 Cryptonite

SaveCookie ROUTINE

CookieST.SetValue('String to save as cookie')
MyCryptonite4.EncryptString(CookieST,'MyPassKey')
CookieST.Trace
p_web.SetCookie('MyCookie',CookieST.GetValue())

RetrieveCookie ROUTINE
CookieSt.SetValue(p_web.GetValue('MyCookie'))
CookieSt.Trace !result very different
MyCryptonite4.DecryptString(CookieST,'MyPassKey')
!Process decrypted string (note: password hashed on server)

CLIPing the CookieST or p_web. GetValues before saving or after retrieval didn't solve the problem.

Thanks in advance.

Bruce · « **Reply #1 on:** September 13, 2013, 09:32:23 PM »

Hi Casey,

encrypted strings are of course "completely binary" - meaning that thy can contains nulls, CR/LF and so on. Certain combinations (I expect especially nulls) are not allowed in cookies, so you need to "encode" the binary into a "text" format before storing in the cookie.

So I'd suggest adding StringTheory calls to Base64Encode and Base64Decode at appropriate points.

cheers
Bruce

CaseyR · « **Reply #2 on:** September 14, 2013, 10:03:09 AM »

Perfect. Thanks, Bruce.

NetTalk Central

Author Topic: Saving encrypted string as cookie (Read 4597 times)

CaseyR

Saving encrypted string as cookie

Bruce

Re: Saving encrypted string as cookie

CaseyR

Re: Saving encrypted string as cookie