[Esapi-user] ESAPI deprecated decrypt vs the new decrypt - getting a String to a CipherText

Kevin W. Wall kevin.w.wall at gmail.com
Sat Mar 24 01:27:26 UTC 2012


Jörg,

Take a look at CryptoToken, which was designed for thins like this.

If you find it too heavy weight, then look at its source code as an example
to show you how to do this conversion.

-kevin
Sent from my Droid; please excuse typos.
On Mar 23, 2012 5:24 PM, "Jörg Liedl" <joerg.liedl at student.htw-berlin.de>
wrote:
>
> Hi,
>
> i have a small problem:
>
> when a user registers, i send him a email with a link to click
>
> it looks like:
>
https://domain.com/setactive.html?code=wmXgBIGwSwNrBIdSdt%2FmOcf%2Be6g3GpMg0QGMkmWWw9BmWfGWaToRqN2X0Ip1PKl5%2Bd%2F5griuEn3maAu7p8Fvtg%3D%3D
>
> The stuff at the end ist done by:
>
>            CipherText cipherText = ESAPI.encryptor().encrypt(new
PlainText(email));
>            String ct =
ESAPI.encoder().encodeForURL(cipherText.getEncodedIVCipherText());
>
> So, of course if i klick the link, i have in my controller, not a
ciphertext, but only a String...
>
> Is there any possibility to transform a String to a CipherText?
>
> Can't find a good way to do it...
>
> Thanks
>
> Jörg
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120323/52c2751c/attachment.html>


More information about the Esapi-user mailing list