128-bit AES Encryption with Railo

Just before our penultimate demo with a client before go live, we discovered that our payment gateway had shut down their test environment for the now deprecated (news to us) protocol version we were using. This led to frantically changing the code to comply with their new protocol which meant encrypting data with the following instructions:

[The data] should then be encrypted using AES (block size 128 - bit) in CBC mode with PKCS#5 padding using the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).

Doing this in Railo turned out to be a breeze, though I needed a little reading around and experimenting to get there.

I first tried googling and found a couple of useful posts that got me most of the way there:

Getting it working as per the payment gateway spec

The key here was setting the encryption key to a Base64 encoding of the password and setting the Salt as the passphrase using an extra parameter to the Encrypt()/Decrypt() methods (documentation here: http://www.railodocs.org/function/encrypt):

var encryptionKey = ToBase64( passphrase );
var salt          = passphrase;

var encrypted     = Encrypt( input, encryptionKey, "AES/CBC/PKCS5Padding", "hex", salt );

The decryption was exactly the same but using ‘Decrypt’:

var encryptionKey = ToBase64( passphrase );
var salt          = passphrase;

var encrypted     = Decrypt( input, encryptionKey, "AES/CBC/PKCS5Padding", "hex", salt );

Simple. Hopefully this will be useful to someone one day.