How can I fix this ColdFusion10 error "the parameter 1 of function ToBinary, which is now must be a base-64 encoded string"

Question

So it seems that CF10 keeps adding and actual space in between the generated encrypted string, so when the string is passed to the dercrypt function it fails due to the space within the generated string

Example of the string: KjdTNz4/K05fTjs Qk8gICAK

  <!--- Decrypt username --->
  <cfset TheKey = '#Session.TheKey#'>
  <cfset userencrypt = "#arguments.username#">
  <cfset username = Decrypt(ToString(ToBinary(userencrypt)), TheKey)>

Answer 1

As you can see from this example on trycf.com, encrypt does not add extra spaces. Something else in the code is causing that. We cannot be more specific without seeing the actual code.

That said, there is no need for the ToString(ToBinary(...)). Instead, use the Decrypt functions "encoding" attribute to indicate how the encrypted string should be decoded.

Also, it looks like the code is using the legacy "CFMX_COMPAT", which is very insecure. It is essentially a poor obfuscation algorithm and is strongly discouraged. For true encryption, use one of the standard algorithms such as AES, BLOWFISH, etcetera.

 <!--- demo only: generate new key --->
 <cfset theKey = generateSecretKey("AES")>
 <cfset plainText = "blah, blah, blah">
 <cfset userEncrypt= encrypt(plainText, theKey , "AES", "base64")>
 <cfset userName = Decrypt(userEncrypt, theKey , "AES", "base64")>