User Guide Cancel

Encrypt

Last updated on Jun 11, 2024 | Also applies to ColdFusion

ColdFusion

Open app

CFML Reference User Guide
ColdFusion functions
ColdFusion Tags
1. ColdFusion tag summary
2. ColdFusion tags by category
  1. Application framework tags
    1. cfapplication
    2. cfassociate
    3. cferror
    4. cfimport
    5. cfinterface
    6. cflock
    7. cfscript
    8. cfthread
  2. Communications tags
  3. Database manipulation tags
  4. Data output tags
    1. cfchart
    2. cfchartdata
    3. cfchartseries
    4. cfcol
    5. cfcontent
    6. cfdocument
    7. cfdocumentitem
    8. cfdocumentsection
    9. cfflush
    10. cfheader
    11. cflog
    12. cfoutput
    13. cfpresentation
    14. cfpresentationslide
    15. cfpresenter
    16. cfprocessingdirective
    17. cfprint
    18. cfreport
    19. cfreportparam
    20. cfsilent
    21. cftable
  5. Debugging tags
    1. cfdump
    2. cftimer
    3. cftrace
  6. Exception handling tags
    1. cfcatch
    2. cferror
    3. cffinally
    4. cfrethrow
    5. cfthrow
    6. cftry
  7. Extensibility tags
    1. cfchart
    2. cfchartdata
    3. cfchartseries
    4. cfcollection
    5. cfcomponent
    6. cfexecute
    7. cfftp
    8. function
    9. cfindex
    10. cfinterface
    11. cfinvoke
    12. cfinvokeargument
    13. cfobject
    14. cfproperty
    15. cfreport
    16. cfreportparam
    17. cfreturn
    18. cfsearch
    19. cfsharepoint
    20. cfspreadsheet
    21. cfwddx
    22. cfxml
  8. File management tags
    1. cfdirectory
    2. cffile
    3. cffileupload
    4. cfftp
    5. cfzip
    6. cfzipparam
  9. Flow-control tags
    1. cfabort
    2. cfbreak
    3. cfcase
    4. cfcontinue
    5. cfdefaultcase
    6. cfelse
    7. cfelseif
    8. cfexecute
    9. cfexit
    10. cfif
    11. cfinclude
    12. cflocation
    13. cfloop
    14. cfrethrow
    15. cfswitch
    16. cfthrow
    17. cftry
  10. Forms tags
    1. cfapplet
    2. cfcalendar
    3. cffileupload
    4. cfform
    5. cfformgroup
    6. cfformitem
    7. cfgrid
    8. cfgridcolumn
    9. cfgridrow
    10. cfgridupdate
    11. cfinput
    12. cfpdf
    13. cfpdfform
    14. cfpdfformparam
    15. cfpdfparam
    16. cfpdfsubform
    17. cfselect
    18. cfslider
    19. cftextarea
    20. cftree
    21. cftreeitem
  11. Internet Protocol tags
    1. cfajaximport
    2. cfajaxproxy
    3. cfftp
    4. cffeed
    5. cfimap
    6. cfhttp
    7. cfhttpparam
    8. cfldap
    9. cfmail
    10. cfmailparam
    11. cfmailpart
    12. cfpop
    13. cfsprydataset
  12. Page processing tags
    1. cfcache
    2. cfcontent
    3. cfflush
    4. cfheader
    5. cfhtmlhead
    6. cfinclude
    7. cfprocessingdirective
    8. cfsetting
    9. cfsilent
  13. Security tags
  14. Variable manipulation tags
    1. cfcookie
    2. cfdump
    3. cfparam
    4. cfregistry
    5. cfsavecontent
    6. cfschedule
    7. cfset
    8. cfsetting
  15. Other tags
    1. cfimage
    2. cflog
    3. cfregistry
3. Tags a-b
4. Tags c
  1. cfcache
  2. cfcalendar
  3. cfcase
  4. cfcatch
  5. cfchart
  6. cfchartdata
  7. cfchartseries
  8. cfclient
  9. cfclientsettings
  10. cfcol
  11. cfcollection
  12. cfcomponent
  13. cfcontent
  14. cfcontinue
  15. cfcookie
  16. Tags d-e
5. Tags f
6. Tags g-h
  1. cfgraph
  2. cfgraphdata
  3. cfgrid
  4. cfgridcolumn
  5. cfgridrow
  6. cfgridupdate
  7. cfheader
  8. cfhtmlhead
  9. cfhtmltopdf
  10. cfhtmltopdfitem
  11. cfhttp
  12. cfhttpparam
7. Tags i
  1. cfif
  2. cfimage
  3. cfimap
  4. cfimapfilter
  5. cfimpersonate
  6. cfimport
  7. cfinclude
  8. cfindex
  9. cfinput
  10. cfinsert
  11. cfinterface
  12. cfinvoke
  13. cfinvokeargument
8. Tags j-l
9. Tags m-o
10. Tags p-q
  1. cfparam
  2. cfpdf
  3. cfpdfform
  4. cfpdfformparam
  5. cfpdfparam
  6. cfpdfsubform
  7. cfpod
  8. cfpop
  9. cfpresentation
  10. cfpresentationslide
  11. cfpresenter
  12. cfprint
  13. cfprocessingdirective
  14. cfprocparam
  15. cfprocresult
  16. cfprogressbar
  17. cfproperty
  18. cfquery
  19. cfqueryparam
11. Tags r-s
  1. cfregistry
  2. cfreport
  3. cfreportparam
  4. cfrethrow
  5. cfreturn
  6. cfsavecontent
  7. cfschedule
  8. cfscript
  9. cfsearch
  10. cfselect
  11. cfservlet
  12. cfservletparam
  13. cfset
  14. cfsetting
  15. cfsharepoint
  16. cfsilent
  17. cfslider
  18. cfspreadsheet
  19. cfsprydataset
  20. cfstoredproc
  21. cfswitch
12. Tags t
  1. cftable
  2. cftextarea
  3. cftextinput
  4. cfthread
  5. cfthrow
  6. cftimer
  7. cftooltip
  8. cftrace
  9. cftransaction
  10. cftree
  11. cftreeitem
  12. cftry
13. Tags u-z
  1. cfupdate
  2. cfwddx
  3. cfwebsocket
  4. cfwindow
  5. cfxml
  6. cfzip
  7. cfzipparam
CFML Reference
1. Reserved words and variables
2. Ajax JavaScript functions
3. ColdFusion ActionScript functions
4. ColdFusion mobile functions
5. Application.cfc reference
6. Script functions implemented as CFCs
7. ColdFusion Flash Form style reference
8. ColdFusion event gateway reference
9. ColdFusion C++ CFX Reference
10. ColdFusion Java CFX reference
11. WDDX JavaScript Objects
Cloud services

Description

Encrypts a string using a specific algorithm and encoding method.

Returns

String; can be much longer than the original string.

Function syntax

Encrypt(string, key, encoding, algorithm, IV_Salt, iterations)

History

ColdFusion (2023 release) Update 8 and ColdFusion (2021 release) Update 14: Changed the default algorithm from CFMX_COMPAT to AES/CBC/PKCS5Padding.
ColdFusion (2021 release): Added support for authentication encryption.
ColdFusion (2018 release): Introduced named parameters.
ColdFusion 8: Added support for encryption using the RSA BSafe Crypto-J library on Enterprise Edition.
ColdFusion MX 7.01: Added the IVorSalt and iterations parameters.
ColdFusion MX 7: Added the algorithm and encoding parameters.

Parameters

Parameter	Description
string	String to encrypt.
key	String. Key or seed used to encrypt the string. For the CFMX_COMPAT algorithm, any combination of any number of characters; used as a seed used to generate a 32-bit encryption key. For all other algorithms, a key in the format used by the algorithm. For these algorithms, use the GenerateSecretKey function to generate the key.
algorithm	(Optional) The algorithm to use to encrypt the string. The Enterprise Edition of ColdFusion installs the RSA BSafe Crypto-J library, which provides FIPS-140 Compliant Strong Cryptography. It includes the following algorithms: AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-19. DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3. DES-EDE: the "Triple DES" algorithm defined by NIST FIPS-46-3. DESX: The extended Data Encryption Standard symmetric encryption algorithm. RC2: The RC2 block symmetric encryption algorithm defined by RFC 2268. RC4: The RC4 symmetric encryption algorithm. RC5: The RC5 encryption algorithm. PBE: Password-based encryption algorithm defined in PKCS #5. AES/GCM/NoPadding: Encryption algorithm. AES/CBC/PKCS5Padding: Encryption algorithm. In addition to these algorithms, you can use the algorithms provided in the Standard Edition of ColdFusion. The Standard Edition of ColdFusion installs a cryptography library with the following algorithms: CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default). AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197. BLOWFISH: the Blowfish algorithm defined by Bruce Schneier. DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3. DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3. If you install a security provider with additional cryptography algorithms, you can also specify any of its string encryption and decryption algorithms.
encoding	(Optional; if you specify this parameter, also specify the algorithm parameter). The binary encoding in which to represent the data as a string. Base64: the Base64 algorithm, as specified by IETF RFC 2045. Hex: the characters A-F0-9 represent the hexadecimal byte values. UU: the UUEncode algorithm (default).
IV_Salt	(Optional) Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify thealgorithmparameter. For Block Encryption algorithms: This is the binary Initialization Vector value to use with the algorithm. The algorithm must contain a Feedback Mode other than ECB. This must be a binary value that is exactly the same size as the algorithm block size. Use the same value in theDecryptfunction to successfully decrypt the data. For Password Based Encryption algorithms: This is the binary Salt value to transform the password into a key. The same value must be used to decrypt the data.
iterations	(Optional) The number of iterations to transform the password into a binary key. Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify the algorithm parameter with a Password Based Encryption (PBE) algorithm. Do not specify this parameter for Block Encryption algorithms. Use the same value to encrypt and decrypt the data.

Usage

This function uses a symmetric key-based algorithm, in which the same key is used to encrypt and decrypt a string. The security of the encrypted string depends on maintaining the secrecy of the key.

The following are the FIPS-140 approved algorithms included in the RSA BSafe Crypto-J library that are used by ColdFusion. Some of these are not used with the encrypt function, but are used with other functions:

AES – ECB, CBC, CFB (128), OFB (128) – [128, 192, 256-bit key sizes]
AES – CTR
Diffie-Hellman Key Agreement
DSA
FIPS 186-2 General Purpose [(x-Change Notice); (SHA-1)]
FIPS 186-2 [(x-Change Notice); (SHA-1)]
HMAC-SHAx (where x is 1, 224, 256, 384, or 512)
RSA PKCS#1 v1.5 (sign, verify) (SHA-1,SHA-224,SHA-256,SHA-384,SHA-512)
Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
Triple DES - ECB, CBC, CFB (64 bit), and OFB (64 bit)

All algorithms included in the RSA BSafe Crypto-J library are available for use in the Enterprise Edition. In certain cases, you may want to disable some algorithms. To disable the DESX, RC5, and MD5PRNG algorithms, specify the following in the JVM arguments on the Java and JVM page of the ColdFusion Administrator:

-Dcoldfusion.enablefipscrypto=true

FIPS-140 approved cryptography is not available if you are running ColdFusion on WebSphere of JBoss.

To use the IBM/Lotus Sametime Instant Messaging Gateway in the Enterprise edition, disable the FIPS-140-only cryptography setting by specifying the following in the JVM arguments on the Java and JVM page of the ColdFusion Administrator:

-Dcoldfusion.disablejsafe=true

In Standard Edition, for all algorithms except the default algorithm, ColdFusion uses the Java Cryptography Extension (JCE) and installs a Sun Java runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Adobe cannot provide technical support for third-party security providers.

The default algorithm, which is the same one used in ColdFusion 5 and ColdFusion MX, uses an XOR-based algorithm that uses a pseudo-random 32-bit key, based on a seed passed by the user as a function parameter. This algorithm is less secure than the other available algorithms.

Example

The following example encrypts and decrypts a text string. It lets you specify the encryption algorithm and encoding technique. It also has a field for a key seed to use with the CFMX_COMPAT algorithm. For all other algorithms, it generates a secret key.

<h3>Encrypt Example</h3>

<cfif IsDefined("Form.myString")>
<cfscript>
/* GenerateSecretKey does not generate key for the CFMX_COMPAT algorithm,
so use the key from the form.
*/
if (Form.myAlgorithm EQ "CFMX_COMPAT")
theKey=Form.MyKey;
// For all other encryption techniques, generate a secret key.
else
theKey=generateSecretKey(Form.myAlgorithm);
//Encrypt the string
encrypted=encrypt(Form.myString, theKey, Form.myAlgorithm,
Form.myEncoding);
//Decrypt it
decrypted=decrypt(encrypted, theKey, Form.myAlgorithm, Form.myEncoding);
</cfscript>


<cfoutput>
<b>The algorithm:</b> #Form.myAlgorithm#<br>
<b>The key:</B> #theKey#<br>
<br>
<b>The string:</b> #Form.myString# <br>
<br>
<b>Encrypted:</b> #encrypted#<br>
<br>
<b>Decrypted:</b> #decrypted#<br>
</cfoutput>
</cfif>


<form action="#CGI.SCRIPT_NAME#" method="post">
<b>Select the encoding</b><br>
<select size="1" name="myEncoding">
<option selected>UU</option>
<option>Base64</option>
<option>Hex</option>
</select><br>
<br>
<b>Select the algorithm</b><br>
<select size="1" name="myAlgorithm">
<option selected>CFMX_COMPAT</option>
<option>AES</option>
<option>DES</option>
<option>DESEDE</option>
</select><br>
<br>
<b>Input your key</b> (used for CFMX_COMPAT encryption only)<br>
<input type = "Text" name = "myKey" value = "MyKey"><br>
<br>
<b>Enter string to encrypt</b><br>
<textArea name = "myString" cols = "40" rows = "5" WRAP = "VIRTUAL">This string will be encrypted (you can replace it with more typing).
</textArea><br>
<input type = "Submit" value = "Encrypt my String">
</form>

<cfscript>
    myMessage = "Message to encrypt"
    key = generateSecretKey('AES');
    encryptedMsg = encrypt(myMessage,key,'AES', 'Base64');
    writeOutput(encryptedMsg);
</cfscript>

Output

JbRh2Ez58OJc9wpZUDefz0GZyDnA0/IMuV9qaRcFzCY=

EXAMPLE 2

<cfscript>  
    // string data  
    a = "abcd"  
    // generate the key  
    key = GenerateSecretKey("AES")  
    iterations="AssoicatedData"  
    randomIntegers = [];  
    // generate the SALT value  
    for ( i = 1 ; i <= 12 ; i++ ) {  
        arrayAppend( randomIntegers, randRange( -128, 127, "SHA1PRNG" ) );  
    }  
    initializationVector = javaCast( "byte[]", randomIntegers )  
    enc1 = Encrypt(string=a,   
                   key=key,   
                   encoding="UU",   
                   algorithm="AES/GCM/NoPadding",  
                   IV_Salt=initializationVector,   
                   iterations=iterations)  
    writeDump(enc1)  
</cfscript>

Output

4Z1!>"1'E8=$3Y%'"KJ!/T-3S?[X

Adobe

Get help faster and easier

New user?