Status/Resolution/Reason: Closed/Withdrawn/
Reporter/Name(from Bugbase): Mike Causer / Mike Causer (mike causer)
Created: 06/23/2011
Versions: 9.0.1
Failure Type: Unspecified
Found In Build/Fixed In Build: 9,0,1,274733 /
Priority/Frequency: Trivial / Unknown
Locale/System: English / Platforms All
Vote Count: 0
Problem:
GenerateSecretKey('AES') returns a 24 character key.GenerateSecretKey('aes') returns a 44 character key.In the coldfusion.runtime.Encryptor class - in the generateSecretKey(String algorithm, int keysize) method - there is a case sensitive algorithm.equals("AES") in an if() statement. It should be doing a algorithm.toUpperCase().equals("AES") check.It is only a problem when you call the method without providing a keysize int.
Method:
#GenerateSecretKey('AES')# returns a 24 character key - 128bit - CORRECT#GenerateSecretKey('aes')# returns a 44 character key - 256bit - UNEXPECTED#GenerateSecretKey('AES',128)# returns a 24 character key - 128bit - CORRECT#GenerateSecretKey('aes',128)# returns a 24 character key - 128bit - CORRECT#GenerateSecretKey('AES',256)# returns a 44 character key - 256bit - CORRECT#GenerateSecretKey('aes',256)# returns a 44 character key - 256bit - CORRECT
Result:
GenerateSecretKey('AES') and GenerateSecretKey('aes') produce different length keys
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3043873
Deployment Phase: Release Candidate
External Customer Info:
External Company:
External Customer Name: Mike Causer
External Customer Email: 5E3754C04462CDFF992016B6
External Test Config: 06/23/2011Attachments:
Comments: