You need to use a feedback mode other than ECB (the default when you omit
it from the algorithm) to use an IV, try using "AES/CBC/PKCS5Padding" for
your algorithm. This KB article has a lot of info about this stuff:
http://helpx.adobe.com/coldfusion/kb/strong-encryption-coldfusion-mx-7.html

--
Pete Freitag - Adobe Community Professional
http://foundeo.com/ - ColdFusion Consulting & Products
http://petefreitag.com/ - My Blog
http://hackmycf.com - Is your ColdFusion Server Secure?




On Thu, May 10, 2012 at 2:52 PM, Carol Knapp <c...@kargo.net> wrote:

>
> Here's the test code. I'll take AES or DESEDE or better. Running cf
> enterprise.
>
>
> <!--- testenc.cfm
> **      Purpose:        test encryption
> --->
> <html>
> <head><title>Test ENC</title></head>
> <body style="margin:20px; font-family:Arial, Helvetica, sans-serif;
> font-size:12px; background-color:#f2f0db;">
> <h3>Test ENC</h3>
>
> <!--- Do the following if the form has been submitted. --->
> <cfif IsDefined("Form.myString")>
>    <cfscript>
>        theKey=generateSecretKey(Form.myAlgorithm);
>                anotherKey=generateSecretKey(Form.myAlgorithm);
>                useasiv =
> encryptBinary(anotherkey,theKey,Form.myAlgorithm,Form.myEncoding);
>
>        //Encrypt the string.
>        encrypted=encrypt(Form.myString, theKey,
> Form.myAlgorithm,Form.myEncoding);
>                IVencrypted = encrypt(Form.myString, theKey,
> Form.myAlgorithm,Form.myEncoding,useasiv);
>        //Decrypt it.
>        decrypted=decrypt(encrypted, theKey, Form.myAlgorithm,
> Form.myEncoding);
>        IVdecrypted=decrypt(encrypted, theKey, Form.myAlgorithm,
> Form.myEncoding,useasiv);
>    </cfscript>
>
>    <!--- Display the values and the results. --->
>    <cfoutput>
>        <b>The algorithm:</b> #Form.myAlgorithm#<br>
>        <br>
>        <b>The key:&nbsp;&nbsp;</B> #theKey#<br>
>
>        <br>
>        <b>The string:</b> #Form.myString# <br>
>        <br>
>        <b>Encrypted:&nbsp;&nbsp;&nbsp;</b> #encrypted#<br>
>        <b>IVencrypted:</b> #IVencrypted#<br>
>        <br>
>        <b>Decrypted:</b> #decrypted#<br>
>        <b>IVecrypted:</b> #ivdecrypted#<br>
>                <br><br>
>    </cfoutput>
> </cfif>
>
> <cfparam name="myEncoding" default="">
> <cfparam name="myAlgorithm" default="">
> <!--- The input form. --->
> <form action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>" method="post">
>        <input type="hidden" name="onetimeid"
> value="<cfoutput>#onetimeid#</cfoutput>">
>    <b>Select the encoding</b><br>
>    <select size="1" name="myEncoding" >
>        <option <cfif myEncoding IS "UU">selected</cfif>>UU</option>
>        <option <cfif myEncoding IS "Base64">selected</cfif>>Base64</option>
>        <option <cfif myEncoding IS "Hex">selected</cfif>>Hex</option>
>    </select><br>
>    <br>
>    <b>Select the algorithm</b><br>
>    <select size="1" name="myAlgorithm" >
>        <option <cfif myAlgorithm IS "AES">selected</cfif>>AES</option>
>        <option <cfif myAlgorithm IS "DES">selected</cfif>>DES</option>
>        <option <cfif myAlgorithm IS
> "DESEDE">selected</cfif>>DESEDE</option>
>    </select><br>
>    <br>
>    <b>Enter string to encrypt</b><br>
>    <textArea name = "myString" cols = "40" rows = "2" WRAP =
> "VIRTUAL">1234567890123456</textArea>
>    <input type = "Submit" value = "Encrypt my String">
> </form>
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351107
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to