decrypt encrypted string from coldfusion using c#

Question

I'm using encrypt(string,key) and decrypt(string,key) for encryption in ColdFusion. Now what I would like to do is to encrypt in ColdFusion, but decrypt in asp.net C#. Can someone show me how to do this?

If this is my ColdFusion code:

encrypt("hello","abcdefgh")
decrypt(".....","abcdefgh"

What would the equivalent code in asp.net look like? Thank You.

Answer 1

As Josh pointed out, if you do not specify an algorithm CF uses the default algorithm cfmx_compat. Unlike the standard algorithms such as AES, Blowfish, etcetera there is no library for it in .NET. To decrypt the value in C#, the .NET side would need to use a custom class. ( See here for my C# port of Railo's cfmx_compat class . )

That said, I would recommend against using cfmx_compat simply because it is a very weak algorithm. It is only included in CF for backward compatibility. You are much better off using one of the stronger algorithms like AES, Blowfish, etcetera in ColdFusion. Since those algorithms are standard, interoperability with C# (or any other language) will be much easier. See the links Al posted in the comments above for some examples.

Answer 2

According to Coldfusion's documentation,

The Standard Edition of ColdFusion installs a cryptography library with the following algorithms:

CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).

Unless you implement the CF decryption algorithm in C#, you can't decrypt it. You would have to specify a different encryption algorithm, like 3DES, in order to decrypt it.