Thank you. Good start.
There is the question of the best way to keep track of keys for various,
different files; or use the same key for all files without exposing it.
As you can see, I am very much a security novice when it comes to this
stuff.
On 7/17/2014 2:18 PM, John M Bliss wrote:
> Che
Just to clarify, the problem is not in the transmission, which can be
accomplished by FTPs, etc.
Once the file resides on the shared FTP server, it needs to be encrypted
to maintain security.
So, I think the flow is: (1) transmit plain file up to server, and (2)
encrypt on the server. Revers
Check out https://wikidocs.adobe.com/wiki/display/coldfusionen/EncryptBinary
including example at bottom.
On Thu, Jul 17, 2014 at 4:10 PM, Bryan Stevenson <
br...@electricedgesystems.com> wrote:
>
> Hey Rick,
>
> You can use more secure forms of FTP as opposed to getting that
> draconian - just
Hey Rick,
You can use more secure forms of FTP as opposed to getting that
draconian - just a thought ;-)
I haven't done any file encryption in a while, so I'll bow out on that
detail - but yes it is doable.
Cheers
*Bryan Stevenson*B.Comm.
President & CEO
Electric Edge Systems Group Inc. - ma
[mailto:cfsearch...@yahoo.com]
Sent: Friday, November 09, 2012 1:37 PM
To: cf-talk
Subject: RE: encrypt / decrypt question
My response got cut off.. Here is the full snippet... assuming it goes
through ;-)
http://pastebin.com/fPLcU3Kd
-Leigh
Leigh, that makes abundant sense. Thank you very much. As always.
Eric
-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com]
Sent: Friday, November 09, 2012 1:37 PM
To: cf-talk
Subject: RE: encrypt / decrypt question
My response got cut off.. Here is the full snippet
My response got cut off.. Here is the full snippet... assuming it goes through
;-)
http://pastebin.com/fPLcU3Kd
-Leigh
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/14302721
> Does the GenerateSecretKey function account for both the key
> and the algorithm?
No - not the way you are thinking. You need to supply the algorithm twice. Once
when generating the key _and_ once when performing the encryption. To better
illustrate:
: Leigh [mailto:cfsearch...@yahoo.com]
Sent: Thursday, November 08, 2012 2:47 PM
To: cf-talk
Subject: RE: encrypt / decrypt question
> Any idea what the "The UU algorithm is not supported" error is about?
You skipped the algorithm again ;-) The third argument is the encryption
algorith
> Any idea what the "The UU algorithm is not supported" error is about?
You skipped the algorithm again ;-) The third argument is the encryption
algorithm ie "AES". Encoding (ie "UU") is the fourth argument.
Encrypt(yourString, yourKey, theAlgorithm, theEncoding)
-
~
sage-
From: Pete Freitag [mailto:p...@foundeo.com]
Sent: Tuesday, November 06, 2012 10:53 AM
To: cf-talk
Subject: Re: encrypt / decrypt question
You left out the algorithm: "AES" in your encrypt() call this time - also
since you have the unlimited strength policy files you might con
tion
> generates a new key every time the form is processed.
>
> Sorry to drag on with this question. I am still reading up in the
> documentation to see if I can construct a working insert statement. Thank
> you all again for your time and advice.
>
> Eric
>
>
>
&
PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption and decryption types and wrote
a short cfm page that let me do the testing. The code there is a good
example of how it all works. Instead of trying to write it up and post here
I created a
your advice.
>
> Eric
>
> -Original Message-----
> From: Wil Genovese [mailto:jugg...@trunkful.com]
> Sent: Sunday, November 04, 2012 9:58 PM
> To: cf-talk
> Subject: Re: encrypt / decrypt question
>
>
> Eric,
>
> A while back I was testing all the encr
hope this question makes sense. Thank you again for your advice.
Eric
-Original Message-
From: Wil Genovese [mailto:jugg...@trunkful.com]
Sent: Sunday, November 04, 2012 9:58 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption
[mailto:jugg...@trunkful.com]
Sent: Sunday, November 04, 2012 10:43 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Sure thing.
The best way to know the correct one is to open your jvm.config file in
c:\ColdFusion9\runtime\jre\bin and looking at the java path.
>From the options you g
Sure thing.
The best way to know the correct one is to open your jvm.config file in
c:\ColdFusion9\runtime\jre\bin and looking at the java path.
>From the options you gave below I would guess, based on experience, that this
>is the correct folder. c:\ColdFusion9\runtime\jre\lib\security\
For
> I downloaded and unzipped the unlimited strength JCE JAR policy files. No
> problem there. The README says to place the JAR files in the \lib\security\
> folder.
>
> However, there are several \lib\security\ folders on my server, all under
> the c:\ColdFusion9\ folder. For example:
>
> c:\ColdF
:58 PM
To: cf-talk
Subject: Re: encrypt / decrypt question
Eric,
A while back I was testing all the encryption and decryption types and wrote
a short cfm page that let me do the testing. The code there is a good
example of how it all works. Instead of trying to write it up and post here
I created
Eric,
A while back I was testing all the encryption and decryption types and wrote a
short cfm page that let me do the testing. The code there is a good example of
how it all works. Instead of trying to write it up and post here I created a
very short and sweet blog post about this.
http://ww
Wil,
>>>Which encryption method are you using? The stronger ones require that
you also install the Java Cryptography Extension.
Yes, I was reading up on that in the Adobe documentation. OK, I will proceed
to do that. I had read that an encryption method was optional, but I
understand that I sho
Which encryption method are you using? The stronger ones require that you also
install the Java Cryptography Extension.
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.c
> My preferred encryption algorithm is AES, as this is what the
> Government uses to encrypt classified documents. :)
AES with a 256-bit key is authorized for use up to top secret, if
memory serves. Remember, with any encryption, it's only as safe as
the keys you use which is why key management
My preferred encryption algorithm is AES, as this is what the Government
uses to encrypt classified documents. :)
Paul Alkema
http://paulalkema.com
http://twitter.com/#!/paulalkema
~|
Order the Adobe Coldfusion Anthology now!
h
No, not really as long as you're using a cipher that hasn't been
broken. Encryption uses a special class of functions that are easy to
perform one direction but prohibitively hard to perform the other
direction. For instance, if you take two very large prime numbers and
multiply them together to p
perhaps I really should say "virtually impossible" just to
be syntactically correct.
On Fri, Jun 17, 2011 at 8:49 PM, Russ Michaels wrote:
> Technically yes as this is how hackers reverse engineer encryption keys to
> create keygens etc.
> However it does depend on what encryption type you use,
Technically yes as this is how hackers reverse engineer encryption keys to
create keygens etc.
However it does depend on what encryption type you use, some have not yet
been hacked, so the chances are of course very very minute, and you would
need to be encrypting something that some desperately w
Hi Les,
fyi, adobe issued CF 8.0.1 cumulative hotfix 3 yesterday (September 1),
which fixes the CFMX_COMPAT bug (among other 20+ bugs).
get the hf here: http://kb2.adobe.com/cps/511/cpsid_51180.html
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
On 28/07/2009 03:30, Les Mizzell wrote:
Your example shows the same input for decrypt as you used for encrypt ...
hopefully that was just a typo, otherwise it's probably your issue.
> (decrypt)
> decrypt(FORM.password,request.seed,request.algorithm,request.encoding)
In other words, I would expect something more like this:
encPwd =
If the form.password contains characters that the encryption seed will cause
to result in a string that contains a space or plus-sign, you will have
trouble with the CFMX_COMPAT mode. Suggest going with a different mode.
Cheers,
Kris
> I'm on CF7.
>
> Here's my code:
> (in Application.cfc)
>
>
This is going to sound weird but I've seen two issues nesting a trim() inside
other functions in the past. When I moved it above the function and cfset to a
temp it fixed the error. May not apply here but its only a 15 second test :)
~~
Interesting - changing the value of #encCODE# to a longer string seems
to have fixed the problem.
Haven't tested with every possible combination of letters/numbers on the
input yet, so ya never know - but it seems to like 2s now. Very odd...
> For this code:
>
>
>
>
>
> Figure this out
Since you are running CFMX 7, you might give the new encryption
methods a try. If you encode using Hex, you should be able to use the
encrypted string directly in a URL without encoding it.
example:
Good luck,
Mike Chabot
On 4/27/07, Kris Jones <[EMAIL PROTECTED]> wrote:
> Hi Les,
>
> I've seen
Hi Les,
I've seen similar behavior most typically when I'm also urlencoding
the the encrypted value. What I figured out was happening is that if
the encrypted value contained a space, when urlencodedformat() was run
on it, the space would get converted to "%20" as expected. However,
when it was de
Could you post the entire encrypt/decrypt code snip?
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Friday, April 27, 2007 11:45 AM
To: CF-Talk
Subject: encrypt/decrypt bug
This is driving me crazy!!
For this code:
Figure this out. Here's a few test:
--
Hi Larry,
Your immediate problem can be solved by escaping it (##) AND assigning
it to another variable. Use this:
#Decrypt(encryptString,"7xxT533zrt3d9in")#
I have tried and it worked. But just a suggestion, you might want to
work with "GenerateSecretKey" or "hash". (For more info, consult
>There is no bug in encrypt/decrypt, the problem is that in that
>instance, the encrypt result contains a space at the end.
>
>
Yeah. It's true. I totally missed that! No bug at all! :-)
[]s
Fabio Terracini
~|
Logware (www
and that trailing space is being trimmed out by the db. Sooner or later
you would have other issues even if you work around this one somehow. See my
post on this in the other thread. Its an easy fix but you won't make the
'classic' CF algorithm any more secure.
--
--mattRobertson--
Janitor, MS
Does your database itself provide encrypted storage? That'd certainly
be easier if it does.
On a different topic, executing the code you listed demonstrated the
error with 'y' becoming 'x', but if the decrypt operation is changed
to use the foo variable directly, the proper result is returned. T
There is no bug in encrypt/decrypt, the problem is that in that
instance, the encrypt result contains a space at the end.
As you can see with the following code, the key is not "*5)V%5*.Z59RR$",
but "*5)V%5*.Z59RR$ "
[#htmlEditFormat(foo)#],
#decrypt(foo, "wibble")#,
#decrypt("*5)V%5*.Z59RR$",
OK, follow up to this, can anybody suggest ways that they currently
encrypt/decrypt sensitive data? I need to encrypt the data to save into the
database and then at a later date retrieve that data, decrypt it and let the
user edit it. I have looked at using the various algorithms excluding
CFMX
Jochem,
Still with your code there is apparently some part of the code in the
variable "encrypted" that confuses Cold Fusion. It appears that CF is
interpreting something in the code as a tag ending.
Thanks,
Nick
At 12:55 PM 10/3/2004, you wrote:
>Nick Baker wrote:
> > We need to Encrypt and
Nick Baker wrote:
> We need to Encrypt and email private info. Then using the same key decrypt
> on the receiving end. However, our Decrypt tag throws and error, not liking
> some of the Encrypted code. The example below works under the same
> circumstances. Encrypting in one template and decryp
Using toBase64 and urlencrypt renders a string that should always be db-safe to store.
No quote marks and such.
Below is a sample template I worked up to play around with various (documented)
encryption options. Run it (name the file anything you like) and it'll encrypt stuff
in various forma
Try escaping the string before encrypting it. Then maybe convert it to base 64 so its
db-safe.
I'm pretty sure if you try to do this in one step it'll throw an error. I used
something very similar to this for strings I had to be able to store and email to
people.
-
use cfusion_encrypt/cfusion_decrypt. They'll always result in a hex string,
rather than the random jiberish that encrypt/decrypt use. Also,
cfusion_encrypt's result is ALWAYS exactly twice as long as the original
value, rather than the undetermined length from encrypt.
---
Barney Boisvert, Senio
]
Sent: Tuesday, May 27, 2003 3:37 PM
To: CF-Talk
Subject: Re: Encrypt/Decrypt
Try escaping the string before encrypting it. Then maybe convert it to
base 64 so its db-safe.
I'm pretty sure if you try to do this in one step it'll throw an error.
I used something very similar to this f
Use cfusion_encrypt() instead.
Tim Heald MCP/CCFD
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
(202) 663-0130
> -Original Message-
> From: Greg Luce [SMTP:[EMAIL PROTECTED]
> Sent: Tuesday, May 27, 2003 4:23 PM
> To: CF-Talk
> Subject:
[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, November 07, 2002 5:18 PM
Subject: Re: Encrypt/Decrypt Recommendations
> Bryan Stevenson wrote:
> > Yes I do have to decrypt it to give it back to those users that lose it
;-)
>
> If they lose it, creat
Bryan Stevenson wrote:
> Yes I do have to decrypt it to give it back to those users that lose
> it ;-)
You should consider hashing anyway and issueing a new password.
Especially if you combine this with a client side hashing script (there
are javascripts available for download, just Google) th
A really nice way of storing passwords in a database is to use a one way
hash such as an MD5 hash. That way, if your database is ever hacked or
stolen... the passwords are not decryptable. An MD5 hash is a "one way
encryption".
-Novak
- Original Message -
From: "Bryan Stevenson" <[EMAIL
Subject: Re: Encrypt/Decrypt Recommendations
Yes I do have to decrypt it to give it back to those users that lose it ;-)
I've done a workaround for now where I match the usernamedecrypt that
password and compare it to what the user types in the login form (kind of
the long way around...but it
Bryan Stevenson wrote:
> Yes I do have to decrypt it to give it back to those users that lose it ;-)
If they lose it, create a new password for them... that allows you to
use the one way encryption which is FAR more secure.
- Rick
~~
OK, I'm getting some IMO weird behavior from various encryption tags (and
CFs encrypt() function).
Here's an example:
#var1.value#
#var2.value#
With this example, var1.value remains constant and var2.value keeps
changing. If I decrypt var2.value, it will always be "zippy12". So the
decry
ion Users Group
Founder & Director
www.cfug-vancouverisland.com
- Original Message -
From: <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, November 07, 2002 12:17 PM
Subject: RE: Encrypt/Decrypt Recommendations
> Just use CF's Hash().
Just use CF's Hash(). This is a one way encryption. No need to decrypt
the password you stroe is there? Just compare... Hash(form.password)
EQ dbquery.password.
Doug
>-Original Message-
>From: Bryan Stevenson [mailto:bryan@;electricedgesystems.com]
>Sent: Thursday, November 07, 2002
Bryan Stevenson wrote:
>
> I'm looking for recommendations for an encrypt/decrypt tag or UDF that will
> always produce the same encrypted value. This is so I can store encrypted
> passwords in the DB and check the encrypted version of what a user types in
> a login form against the encrypted ver
sha256 i think its on mm site
-Original Message-
From: Bryan Stevenson [mailto:bryan@;electricedgesystems.com]
Sent: Thursday, November 07, 2002 1:57 PM
To: CF-Talk
Subject: Encrypt/Decrypt Recommendations
Hey All,
I'm looking for recommendations for an encrypt/decrypt tag or UDF that w
Steve
I wrote a custom tag called cf_cryp that I use in place of encrypt()
and decrypt(). It builds on encrypt() and decrypt() by encoding all
the characters produced by encrypt() with their ASCII values, shifts
some bits to make it a little more unintelligible and adds a
similarly encoded c
AFAIK it is a feature that Encrypt() does not always return the same value, but
is always decryptable to the same value. I think I read it in the comment of an
Allaire employee in the Allaire forums.
Anyhow, I believe one should not use the Encrypt() at all. Use Hash(), it is one
way (nice for sa
>
>
>
Dick,
That did the trick! I was trying to compare two encrypted strings and I
should have been comparing their decrypted values. Thanks for the help
it was driving me nuts!
Steve
~~
Structure your ColdFusion code with F
> Maybe it's just a wierd browser thing. What do you see if you View SOurce?
No.. I checked that. It's very strange because there is no consistency to
it. Some strings encrypt the same everytime, others don't.
If I run this in my browser
#encryptedPW #-#Len(encryptedPW)#
and then hit re
Steve
I encountered a similar problem... here is how I resolved it.
1) I defined the field in the db that holds the encrypted value as
NVarChar(255). This is a unicode field. The 255 length takes care of
encrypted passwords are larger than the original.
2) I do *not* check the password in th
Maybe it's just a wierd browser thing. What do you see if you View SOurce?
===
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
Email : [EMAIL PROTECTED]
ICQ UIN : 3679482
"My ally is the Force, and a powe
> Also, I'm not sure why I can encrypt the same value
> twice and not get the same value. I'm thinking my problem must be in the
> seed string length, but I'm not sure? Are there known issues with this?
Why
> am I having this problem? Can someone shed some light?
After a little more trial and er
exidor [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 09, 2001 6:05 PM
> To: CF-Talk
> Subject: Re: encrypt/decrypt
>
>
> Apparently though, these are not recommended for use as there is no
> guarantee they will be included in the next versions of CF.
>
>
> on 1
e text to numbers and it is DB safe.
>
> Steve
>
> Will Swain wrote:
>>
>> Thanks Zach,
>>
>> I'll have a look at that
>>
>> Cheers
>>
>> Will
>>
>> -Original Message-
>> From: Zachary S. Bedell [mailto:[E
Message -
From: "Jim Gurfein" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, April 09, 2001 5:01 PM
Subject: Re: encrypt/decrypt
> I've checked normal resources and can't find any documentation on
> cfusion_encrypt() and cfusion_d
umbers and it is DB safe.
>
>Steve
>
>Will Swain wrote:
> >
> > Thanks Zach,
> >
> > I'll have a look at that
> >
> > Cheers
> >
> > Will
> >
> > -Original Message-
> > From: Zachary S. Bedell [ma
From: Zachary S. Bedell [mailto:[EMAIL PROTECTED]]
> Sent: 05 April 2001 19:26
> To: CF-Talk
> Subject: RE: encrypt/decrypt
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> The values that the CF Encrypt function creates usually aren't safe to
> put into a d
Thanks...it was a number. I'll try converting it first.
Cheers
Will
-Original Message-
From: Michailov, Dimitar [mailto:[EMAIL PROTECTED]]
Sent: 05 April 2001 16:26
To: CF-Talk
Subject: RE: encrypt/decrypt
Will:
I am not sure if this could be the reason, but the ENCRYPT fun
Thanks Zach,
I'll have a look at that
Cheers
Will
-Original Message-
From: Zachary S. Bedell [mailto:[EMAIL PROTECTED]]
Sent: 05 April 2001 19:26
To: CF-Talk
Subject: RE: encrypt/decrypt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The values that the CF Encrypt function cr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The values that the CF Encrypt function creates usually aren't safe to
put into a database -- they're binary values if my memory serves
correctly. The error you're getting is because Decrypt throws an error
if the value it gets isn't a valid value ma
Will:
I am not sure if this could be the reason, but the ENCRYPT function requires
a string. Could the reason be that you are trying to encrypt a number? See
what the Studio help says about ENCRYPT:
=
Encrypt
Encrypts a string.
Syntax
Encrypt(string, key)
string
String to b
I've gotten this message too.
On a side note, if you use any decrypted values in a query - decrypt the
value outside of the query (set a variable equal to the decrypted value
first)...
> Got an interesting one here. I am encrypting some details before entering
> them in a databse, then decryptin
19 PM
To: [EMAIL PROTECTED]
Subject: RE: encrypt decrypt functions - what kind of encryption?
>From what I read in the docs, it looks like someone over at Allaire thinks
they're qualified to write their own crypto.
I would consider it slightly more secure than ROT13 until *proven*
othe
>From what I read in the docs, it looks like someone over at Allaire thinks
they're qualified to write their own crypto.
I would consider it slightly more secure than ROT13 until *proven*
otherwise. Unless Allaire will own up to the algorithms used, and the
source-code implementations, there's no
If memory serves me right encrypt/decrypt use DES and hash() uses MD5.
Steve
-Original Message-
From: Scott Rowe [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 26, 2000 2:33 PM
To: CF-Talk
Subject: encrypt decrypt functions - what kind of encryption?
Anyone know what kind of encrypt
78 matches
Mail list logo