You need to use a feedback mode other than ECB (the default when you omit it from the algorithm) to use an IV, try using "AES/CBC/PKCS5Padding" for your algorithm. This KB article has a lot of info about this stuff: http://helpx.adobe.com/coldfusion/kb/strong-encryption-coldfusion-mx-7.html
-- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting & Products http://petefreitag.com/ - My Blog http://hackmycf.com - Is your ColdFusion Server Secure? On Thu, May 10, 2012 at 2:52 PM, Carol Knapp <c...@kargo.net> wrote: > > Here's the test code. I'll take AES or DESEDE or better. Running cf > enterprise. > > > <!--- testenc.cfm > ** Purpose: test encryption > ---> > <html> > <head><title>Test ENC</title></head> > <body style="margin:20px; font-family:Arial, Helvetica, sans-serif; > font-size:12px; background-color:#f2f0db;"> > <h3>Test ENC</h3> > > <!--- Do the following if the form has been submitted. ---> > <cfif IsDefined("Form.myString")> > <cfscript> > theKey=generateSecretKey(Form.myAlgorithm); > anotherKey=generateSecretKey(Form.myAlgorithm); > useasiv = > encryptBinary(anotherkey,theKey,Form.myAlgorithm,Form.myEncoding); > > //Encrypt the string. > encrypted=encrypt(Form.myString, theKey, > Form.myAlgorithm,Form.myEncoding); > IVencrypted = encrypt(Form.myString, theKey, > Form.myAlgorithm,Form.myEncoding,useasiv); > //Decrypt it. > decrypted=decrypt(encrypted, theKey, Form.myAlgorithm, > Form.myEncoding); > IVdecrypted=decrypt(encrypted, theKey, Form.myAlgorithm, > Form.myEncoding,useasiv); > </cfscript> > > <!--- Display the values and the results. ---> > <cfoutput> > <b>The algorithm:</b> #Form.myAlgorithm#<br> > <br> > <b>The key: </B> #theKey#<br> > > <br> > <b>The string:</b> #Form.myString# <br> > <br> > <b>Encrypted: </b> #encrypted#<br> > <b>IVencrypted:</b> #IVencrypted#<br> > <br> > <b>Decrypted:</b> #decrypted#<br> > <b>IVecrypted:</b> #ivdecrypted#<br> > <br><br> > </cfoutput> > </cfif> > > <cfparam name="myEncoding" default=""> > <cfparam name="myAlgorithm" default=""> > <!--- The input form. ---> > <form action="<cfoutput>#CGI.SCRIPT_NAME#</cfoutput>" method="post"> > <input type="hidden" name="onetimeid" > value="<cfoutput>#onetimeid#</cfoutput>"> > <b>Select the encoding</b><br> > <select size="1" name="myEncoding" > > <option <cfif myEncoding IS "UU">selected</cfif>>UU</option> > <option <cfif myEncoding IS "Base64">selected</cfif>>Base64</option> > <option <cfif myEncoding IS "Hex">selected</cfif>>Hex</option> > </select><br> > <br> > <b>Select the algorithm</b><br> > <select size="1" name="myAlgorithm" > > <option <cfif myAlgorithm IS "AES">selected</cfif>>AES</option> > <option <cfif myAlgorithm IS "DES">selected</cfif>>DES</option> > <option <cfif myAlgorithm IS > "DESEDE">selected</cfif>>DESEDE</option> > </select><br> > <br> > <b>Enter string to encrypt</b><br> > <textArea name = "myString" cols = "40" rows = "2" WRAP = > "VIRTUAL">1234567890123456</textArea> > <input type = "Submit" value = "Encrypt my String"> > </form> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351107 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
