Jan 27
Jussi Hirvi Encryption and character sets
Jan 27, 2015; 15:02
Jussi Hirvi
Encryption and character sets
I have a problem with a bank gateway, which is used for online
identification. The bank loads a page on our site (actually my
customer's site) with get params that contain the customer's name,
social security code, other data, and an encrypted message
authentication code (MAC).
We (on the customer's site) are supposed to calculate our own MAC and
then compare it with the MAC provided by the bank.
This works fine, but when the customer's name (and thus the message sent
by the bank) contains ä,ö,å or other non-ascii character, the two MAC's
do not match anymore.
This MUST be somehow connected with the handling of charsets. But how?
The bank I am working with now says that they use ISO-8859-1, and for
example "Ä" is replaced with "%c4" in the get parameter.
I have trouble testing this - the charset does NOT seem to change my
encryption results, which baffles me.
I tried with this simplified test:
Content_Type: 'text/html; charset=iso-8859-1';
'Content encoding: ' + Content_Encoding + ', ' + Encode_URL('émigré');
'<br>';
var('i') = 'ä';
'ä, encrypted ' + encrypt_md5($i);
'<br>';
I tested with
1) enabling the content_type tag like above
- removing the bom from the file (in vim)
- setting fileencoding of the file to "latin1" (in vim)
- retyping the special characters in the file (in vim)
- when loading the page I could verify that charset is ISO-8859-1 and
the special chars are displayed as one-byte characters
2) commenting out the content_type tag
- setting bom, and setting fileencoding to utf8 (in vim)
- saving, closing, opening the file
- retyping the special characters in the file (in vim)
- when loading the page I could verify that charset is utf-8 and
the special chars are displayed as two-byte characters
However, the encrypted version of 'ä' stays the same in both cases, 1)
and 2). Why? I would have expected that the result would be different.
Regards,
Jussi
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Jan 27
Brad Lindsay Re: Encryption and character sets
Jan 27, 2015; 10:30
Brad Lindsay
Re: Encryption and character sets
Jan 27
Jolle Carlestam Re: Encryption and character sets
Jan 27, 2015; 16:43
Jolle Carlestam
Re: Encryption and character sets
Jan 27
Jussi Hirvi Re: Encryption and character sets
Jan 27, 2015; 18:13
Jussi Hirvi
Re: Encryption and character sets
Jan 27
Jussi Hirvi Re: Encryption and character sets
Jan 27, 2015; 18:31
Jussi Hirvi
Re: Encryption and character sets
Jan 27
Bil Corry Re: Encryption and character sets
Jan 27, 2015; 17:22
Bil Corry
Re: Encryption and character sets
Jan 27
Jussi Hirvi Re: Encryption and character sets
Jan 27, 2015; 18:20
Jussi Hirvi
Re: Encryption and character sets
Jan 27
Jussi Hirvi Re: Encryption and character sets
Jan 27, 2015; 21:54
Jussi Hirvi
Re: Encryption and character sets
Jan 28
Alex Betz Re: Encryption and character sets
Jan 28, 2015; 11:45
Alex Betz
Re: Encryption and character sets
Jan 28
Jussi Hirvi Re: Encryption and character sets
Jan 28, 2015; 13:58
Jussi Hirvi
Re: Encryption and character sets
Jan 28
Jussi Hirvi Re: Encryption and character sets
Jan 28, 2015; 15:53
Jussi Hirvi
Re: Encryption and character sets