Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Issues

Select view

Select search mode

 
8 of 8

decrypt() in Lucee 6 requires '=' padding that Lucee 5 does not

Description

decrypt() with AES works in Lucee 5 without trailing padding, but requires it in Lucee 6. Padding is often stripped in short URLs for instance.

Lucee 6 throws exception with “cannot convert the input to a binary, invalid length (43) of the string"

Test case

Workaround

Environment

lucee/lucee:6.1.1.118-nginx
(affects version drop down says unreleased but it’s on Docker Hub)

Details

Assignee

Reporter

Priority

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Affects versions

Created 21 March 2025 at 17:47
Updated 24 March 2025 at 08:48

Activity

Show:

Tom Chiverton24 March 2025 at 08:48

this is the expected behavior

It’s an unexpected change in behaviour. I’d prefer to see it kept consistent across Lucee versions e.g. by adding the workaround to put back padding into Lucee.

Pothys - MitrahSoft24 March 2025 at 08:28
Edited

I have investigated this ticket with Lucee version 6.2.1.82-SNAPSHOT and reproduced the same scenario mentioned above. However, from my perspective, this is the expected behavior because the encrypt() function encrypts a string using a symmetric key-based algorithm, in which the same key is used for both encryption and decryption (reference: ). ACF behaves the same as Lucee. In my opinion, the error message could be improved?

error message:
lucee:
cannot convert the input to a binary, invalid length (43) of the string
ACF:
An error occurred while trying to encrypt or decrypt your input string: The input and output encodings are not same..

Flag notifications