We are using TrafficScript encrypt a string and store that encrypted value in a cookie. Like so:
$encrypt ="string to encrypt";$passphrase ="passphrase";$encrypted=string.base64encode(string.encrypt($encrypt, $passphrase));http.setResponseCookie("encrypted", $encrypted,"path=/");
What I'd then like to do is decrypt that cookie value in C#, however, I've not been able to achieve it thus far. I suspect this is because the exact details of the algorithm used by the TrafficScript isn't documented fully. The reference guide states:
string.encrypt( string, passphrase ) - Encrypts a string using the provided pass phrase. The returned string is encrypted using the AES block cipher, using an expanded form of the passphrase as the cipher key. A MAC is also added to ensure the integrity of the string.
I've tried AesManaged but get an exception 'Length of the data to decrypt is invalid'.
Can anyone provide any pointers?
I didn't manage to find a way to do this purely with TrafficScript.
So I ended up writing a Java Extension and running that from inside my TrafiicScript rule. It was made possible by reusing some code posted in a blog by Joseph Ssenyange which details how to write cross platform encryption for Java and C#.
We don't document the resulting format of the encryption and MAC signing; if you need to decrypt data outside of Stingray, then your Java approach is the best.