8

最终编辑:已解决,将本地开发人员升级到 railo 3.3.4.003 解决了该问题。

我必须对一些字符串进行 RC4 加密并将它们进行 base64 编码,并且我遇到了一种情况,即相同的输入将在 2 个不同的开发设置上生成不同的输出。

例如,如果我test2@mail.com
在一台机器 (DEV-1) 上有一个字符串,我将得到:DunU+ucIPz/Z7Ar+HTw=
而在另一台机器 (DEV-2) 上,它将是:DunU+ucIlZfZ7Ar+HTw=

首先,我通过此处找到的函数对其进行 rc4 加密。接下来我将它喂给:toBase64( my_rc4_encrypted_data, "iso-8859-1")

据我所知,两者的 rc4 加密输出是相同的(或者我遗漏了一些东西)。下面是两台机器的 SERVER 变量以及加密函数。

这是我们必须忍受的事情,还是我可以做些什么来“妥善处理”(因为缺乏更好的词)。我担心将来这会咬我,想知道它可以避免。

编辑 1: my_rc4_encrypted_data.getBytes() 的输出返回:dev-1:

Native Array (byte[])
14--23--44--6--25-8-63-63--39--20-10--2-29-60

开发-2:

Native Array (byte[])
14--23--44--6--25-8-63-63--39--20-10--2-29-60

(没有编码传递给getBytes()

DEV-1(远程)

server.coldfusion
productname Railo
productversion  9,0,0,1

server.java
archModel   64
vendor  Sun Microsystems Inc.
version 1.6.0_26

server.os
arch    amd64
archModel   64
name    Windows Server 2008 R2
version 6.1

server.railo
version 3.3.2.002

server.servlet
name    Resin/4.0.18

DEV-2(本地)

server.coldfusion
productname     Railo
productversion  9,0,0,1

server.java
vendor  Oracle Corporation
version 1.7.0_01

server.os
arch    x86 
name    Windows 7
version 6.1

server.railo
version 3.2.2.000

server.servlet
name    Resin/4.0.18

RC4 功能:

function RC4(strPwd,plaintxt) {
  var sbox = ArrayNew(1);
  var key = ArrayNew(1);
  var tempSwap = 0;
  var a = 0;
  var b = 0;
  var intLength = len(strPwd);
  var temp = 0;
  var i = 0;
  var j = 0;
  var k = 0;
  var cipherby = 0;
  var cipher = "";

  for(a=0; a lte 255; a=a+1) {  
    key[a + 1] = asc(mid(strPwd,(a MOD intLength)+1,1));
    sbox[a + 1] = a;
  }

  for(a=0; a lte 255; a=a+1) {  
    b = (b + sbox[a + 1] + key[a + 1]) Mod 256;   
    tempSwap = sbox[a + 1];
    sbox[a + 1] = sbox[b + 1];
    sbox[b + 1] = tempSwap;    
  }

  for(a=1; a lte len(plaintxt); a=a+1) {  
    i = (i + 1) mod 256;
    j = (j + sbox[i + 1]) Mod 256;    
    temp = sbox[i + 1];
    sbox[i + 1] = sbox[j + 1];
    sbox[j + 1] = temp;
    k = sbox[((sbox[i + 1] + sbox[j + 1]) mod 256) + 1];    
    cipherby = BitXor(asc(mid(plaintxt, a, 1)), k);
    cipher = cipher & chr(cipherby);      
  }
  return cipher;
}
4

2 回答 2

2

Leigh wrote:

But be sure to use the same encoding in your test ie String.getBytes(encoding) (Edit) If you omit it, the jvm default is used.

Leigh is right - RAILO-1393 resulted in a change to toBase64 related to charset encodings in 3.3.0.017, which is between the 3.3.2.002 and 3.2.2.000 versions you are using.

于 2013-02-01T15:14:09.807 回答
0

据我所知,两者的 rc4 加密输出是相同的(或者我遗漏了一些东西)。下面是两台机器的 SERVER 变量以及加密函数。

我建议将输出保存到两个文件,然后比较文件大小,或者更好的是文件比较工具。Base64 编码是将二进制数据转换为字符串数据的标准方法。

Assuming that your binary files are both exactly 100% the same, on both of your servers try converting the data to base 64 and then back to binary again. I would predict that only one (or neither) of the servers are able to convert the data back to binary again. At that point, you should have a clue about which server is causing your problem and can dig in further.

If they both can reverse the base 64 data to binary and the binary is correct on both servers... well, I'm not sure.

于 2013-01-14T17:31:03.553 回答