Encrypt

Description

Encrypts a string using a specific algorithm and encoding method.

Returns

String; can be much longer than the original string.

Function syntax

Encrypt(string, key[, algorithm[, encoding[, IVorSalt[, iterations]]]]))

History

ColdFusion MX 7 Updater: Added the IVorSalt and iterations parameters.

ColdFusion MX 7: Added the algorithm and encoding parameters.

Parameters

Parameter	Description
string	String to encrypt.
key	String. Key or seed used to encrypt the string. For the CFMX_COMPAT algorithm, any combination of any number of characters; used as a seed used to generate a 32-bit encryption key. For all other algorithms, a key in the format used by the algorithm. For these algorithms, use the GenerateSecretKey function to generate the key.
algorithm	(Optional) The algorithm to use to decrypt the string. ColdFusion MX installs a cryptography library with the following algorithms: CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default). AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197. BLOWFISH: the Blowfish algorithm defined by Bruce Schneier. DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3. DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3. If you install a security provider with additional cryptography algorithms, you can also specify any of its string encryption and decryption algorithms.
encoding	(Optional; if you specify this parameter, you must also specify the `algorithm` parameter). The binary encoding in which to represent the data as a string. Base64: the Base64 algorithm, as specified by IETF RFC 2045. Hex: the characters !-F0-9 represent the hexadecimal byte values. UU: the UUEncode algorithm (default).
IVorSalt	(Optional) Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, you must also specify the `algorithm` parameter. For Block Encryption Algorithms: This is the binary Initialization Vector value to use with the algorithm. The algorithm must contain a Feedback Mode other than ECB. This must be a binary value that is exactly the same size as the algorithm block size. You must use the same value in the `Decrypt` function to successfully decrypt the data. For Password Based Encryption Algorithms: This is the binary Salt value to transform the password into a key. The same value must be used to decrypt the data.
iterations	(Optional) The number of iterations to transform the password into a binary key. Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, you must also specify the algorithm parameter with a Password Based Encryption (PBE) algorithm. Do not specify this parameter for Block Encryption Algorithms. You must use the same value to encrypt and decrypt the data.

Usage

This function uses a symmetric key-based algorithm, in which the same key is used to encrypt and decrypt a string. The security of the encrypted string depends on maintaining the secrecy of the key.

For all algorithms except the default algorithm, ColdFusion MX 7 uses the Java Cryptography Extension (JCE) and installs a Sun Java 1.4.2 runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Macromedia cannot provide technical support for third-party security providers.

The default algorithm, which is the same as was used in ColdFusion 5 and ColdFusion MX, uses an XOR-based algorithm that uses a pseudo-random 32-bit key, based on a seed passed by the user as a function parameter. This algorithm is less secure than the other available algorithms.

Example

The following example encrypts and decrypts a text string. It lets you specify the encryption algorithm and encoding technique. It also has a field for a key seed to use with the CFMX_COMPAT algorithm. For all other algorithms, it generates a secret key.

<h3>Encrypt Example</h3>
<!--- Do the following if the form has been submitted. --->
<cfif IsDefined("Form.myString")>
   <cfscript>
      /* GenerateSecretKey does not generate key for the CFMX_COMPAT algorithm,
        so use the key from the form.
      */
      if (Form.myAlgorithm EQ "CFMX_COMPAT")
         theKey=Form.MyKey;
      // For all other encryption techniques, generate a secret key.
      else
         theKey=generateSecretKey(Form.myAlgorithm);
      //Encrypt the string
      encrypted=encrypt(Form.myString, theKey, Form.myAlgorithm,
         Form.myEncoding);
      //Decrypt it
      decrypted=decrypt(encrypted, theKey, Form.myAlgorithm, Form.myEncoding);
   </cfscript>

   <!--- Display the values used for encryption and decryption, 
         and the results. --->
   <cfoutput>
      <b>The algorithm:</b> #Form.myAlgorithm#<br>
      <b>The key:</B> #theKey#<br>
      <br>
      <b>The string:</b> #Form.myString# <br>
      <br>
      <b>Encrypted:</b> #encrypted#<br>
      <br>
      <b>Decrypted:</b> #decrypted#<br>
   </cfoutput>
</cfif>

<!--- The input form.  --->
<form action="#CGI.SCRIPT_NAME#" method="post">
   <b>Select the encoding</b><br>
   <select size="1" name="myEncoding">
      <option selected>UU</option>
      <option>Base64</option>
      <option>Hex</option>
   </select><br>
   <br>
   <b>Select the algorithm</b><br>
   <select size="1" name="myAlgorithm">
      <option selected>CFMX_COMPAT</option>
      <option>AES</option>
      <option>DES</option>
      <option>DESEDE</option>
   </select><br>
   <br>
   <b>Input your key</b> (used for CFMX_COMPAT encryption only)<br>
   <input type = "Text" name = "myKey" value = "MyKey"><br>
   <br>
   <b>Enter string to encrypt</b><br>
   <textArea name = "myString" cols = "40" rows = "5" WRAP = "VIRTUAL">This string will be encrypted (you can replace it with more typing).
   </textArea><br>
   <input type = "Submit" value = "Encrypt my String">
</form>

Version 7

Comments

jrunrandy said on Feb 11, 2005 at 10:56 AM :

The See Also section should also have a link to the GenerateSecretKey function: http://livedocs.macromedia.com/coldfusion/7/htmldocs/00000468.htm

jrunrandy said on Feb 22, 2005 at 6:49 AM :

For detailed information on late-breaking enhancements to the Encrypt and Decrypt functions, which are not covered in the documentation, see the TechNote at http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=e546373d

Iceborer said on May 10, 2005 at 12:00 PM :

For the hex option the text states, "Hex: the characters !-F0-9 represent the hexadecimal byte values." What is meant by "!-F"? Is that maybe supposed to be "A-F"?

ASandstrom said on May 10, 2005 at 12:16 PM :

In response to Iceborer, yes, it should be A-F instead of !-F. Thank you for the feecback.

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/coldfusion/7/htmldocs/00000457.htm