RE: decryption question

Eric Bourland Mon, 18 Feb 2013 17:59:24 -0800

Justin,

I was pondering some of your points, too. I've been reading up in the
documentation, and trying different ideas. Here is what I have so far:


[code]
<!--- if a value is entered in form.CreditCardNumber, then proceed with
encryption --->
<cfif len(form.CreditCardNumber)>

 <!--- set default value for variable "result" in case no value is entered
for CreditCardNumber --->
 <cfparam name="result" default="">

 <!--- generate a key suitable for "AES" --->
 <cfset theKey = GenerateSecretKey("AES", 256)>
 <!--- now do the actual encryption using the "AES" algorithm --->
 <cfset result = encrypt(form.CreditCardNumber, theKey, "AES", "UU")>
 </cfif>


<!--- decryption --->
 
<!--- set default value for variable "form.decrypted" in case no value is
present in column CreditCardNumber --->
<cfparam name="form.decrypted" default="">

<!--- does editUser.CreditCardNumber have a value?  --->
<cfif len(editUser.CreditCardNumber)>

<!--- if so, apply decrypt function  --->
<cfset decrypted = decrypt(form.CreditCardNumber, theKey, "AES", "UU")>
</cfif>

[/code]

Hmm. I am still getting error "Variable DECRYPTED is undefined." which is
weird since I have defined it -- in scope FORM.

I think I am missing a core concept. =) Can you clue me in? Thank you again
for your time.

Eric




-----Original Message-----
From: Justin Scott [mailto:leviat...@darktech.org] 
Sent: Monday, February 18, 2013 6:46 PM
To: cf-talk
Subject: Re: decryption question


> <cfif len(editUser.CreditCardNumber)>
> <cfparam name="form.decrypted" default=""> <cfset theKey = 
> GenerateSecretKey("AES", 256)> <cfset decrypted = 
> decrypt(form.CreditCardNumber, theKey, "AES", "UU")> </cfif>

Since the only place where the "decrypted" variable is being set is within
the CFIF block, I'd check to ensure the editUser.CreditCardNumber field
wasn't blank as a first step.  If you want it to default to a blank value if
nothing is present in the database, you'll need to move your CFPARAM tag
above the CFIF block so it's not contained within that logic and always gets
a default value to work with.

As an aside, you shouldn't be generating a new key just before you run the
decrypt() call.  You would need to use the same key that was used with the
encrypt() call when the number was first encrypted in order to decrypt
successfully.


-Justin



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354578
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: decryption question

Reply via email to