Andrew, Basically, what we have here is a base misunderstanding of what I'm trying to accomplish. If I were to send something I want to be encrypted to someone else via a web service across an open channel, I would breach security. I need to encrypt the information on my application before sending it to another application.
Your argument is basically that if Outlook Express can encrypt the information why do I want to encrypt something in Outlook as well, instead I should just send the file to a different user who has Outlook Express and have them perform the encryption and e-mail it back to me. Unfortunately there are problems with the logic that I should have the other java app do it. 1. I've breached security by sending data that should be secure and encrypted to someone in an unsecured manner. 2. Now that it has been encrypted and I have an application that cannot handle encrypted information I can no longer access the data I requested encryption for. The point of encrypting the data is that my application and the recipient application will both be able to access the data, but any third parties that try will have to work really hard to break the encryption. Any solution that involves sending clear text versions of the encrypted data to another application, server, site or network defeats the point of encryption. I hope this helps clarify the goal of my activities. Happily, I believe I'm getting closer to a solution on creating the shared SALT information that was provided by the Java developer. Unfortunately, the ways I'm trying right now are limited because apparently ColdFusion cannot/will not handle the 64 bit number that would be generated by the 8 byte array specified in my example. Christine Davis ColdFusion Lead Nations Technical Services Prairie Village, KS 913-748-8044 ext 4703 [EMAIL PROTECTED] -----Original Message----- From: Andrew Scott [mailto:[EMAIL PROTECTED] Sent: Monday, May 07, 2007 12:14 PM To: CF-Talk Subject: Re: PBEWithMD5AndDES Well sometimes reinventing the wheel is never the answer. The point is there is already Java code to do what you need, I don't fullt understand you requirements. But if a java programmer has given you information then there is obviously a connection with this already in some way. So maybe creating a webservice as suggested, to look at connecting to this java code as a service would be far better as the code already exists. But I have no idea what your environment is, where each application is on different servers or not so its hard to judge. But you really should look at leveraging exisitng code before rewrting something. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277175 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
