GenerateSecretKey

Description

Gets a secure key value for use in the Encrypt function.

Returns

A string that contains the encryption key.

Function syntax

GenerateSecretKey(algorithm [,keysize])

See also

Decrypt, Encrypt

History

ColdFusion 8: Added the keysize attribute.

ColdFusion MX 7: Added this function.

Parameters

Parameter

Description

algorithm

The encryption algorithm for which to generate the key. ColdFusion installs a cryptography library with the following algorithms:

  • AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197.

  • BLOWFISH: the Blowfish algorithm defined by Bruce Schneier.

  • DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3.

DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3.

keysize

Number of bits requested in the key for the specified algorithm.

You can use this to request longer keys when allowed by the JDK. For example, the AES algorithm keys are limited to 128 bits unless the Java Unlimited Strength Jurisdiction Policy Files are installed. For more information, see http://java.sun.com/products/jce/index-14.html.

Usage

You cannot use the GenerateSecretKey function to generate a key for the ColdFusion default encryption algorithm (CFMX_COMPAT) of the Encrypt and Decrypt functions.

ColdFusion uses the Java Cryptography Extension (JCE) and installs a Sun Java runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Adobe cannot provide technical support for third-party security providers.

Example

The following example encrypts and decrypts a text string. It lets you specify the encryption algorithm and encoding technique. It also has a field for a key seed to use with the CFMX_COMPAT algorithm. For all other algorithms, it uses the GenerateSecretKey function to generate a secret key.

<h3>Decrypt Example</h3> 
 
<!--- Do the following if the form has been submitted. ---> 
<cfif IsDefined("Form.myString")> 
    <cfscript> 
        /* GenerateSecretKey does not generate keys for the CFMX_COMPAT algorithm, 
        so we use a key from the form. 
        */ 
        if (Form.myAlgorithm EQ "CFMX_COMPAT") 
            theKey=Form.MyKey; 
        // For all other encryption techniques, generate a secret key. 
        else 
            theKey=generateSecretKey(Form.myAlgorithm); 
        //Encrypt the string. 
        encrypted=encrypt(Form.myString, theKey, Form.myAlgorithm, 
                Form.myEncoding); 
        //Decrypt it. 
        decrypted=decrypt(encrypted, theKey, Form.myAlgorithm, Form.myEncoding); 
    </cfscript> 
 
    <!--- Display the values used for encryption and decryption,  
            and the results. ---> 
    <cfoutput> 
        <b>The algorithm:</b> #Form.myAlgorithm#<br> 
        <b>The key:</B> #theKey#<br> 
        <br> 
        <b>The string:</b> #Form.myString# <br> 
        <br> 
        <b>Encrypted:</b> #encrypted#<br> 
        <br> 
        <b>Decrypted:</b> #decrypted#<br> 
    </cfoutput> 
</cfif> 
 
<!--- The input form. ---> 
<form action="#CGI.SCRIPT_NAME#" method="post"> 
    <b>Select the encoding</b><br> 
    <select size="1" name="myEncoding" > 
        <option selected>UU</option> 
        <option>Base64</option> 
        <option>Hex</option> 
    </select><br> 
    <br> 
    <b>Select the algorithm</b><br> 
    <select size="1" name="myAlgorithm" > 
        <option selected>CFMX_COMPAT</option> 
        <option>AES</option> 
        <option>DES</option> 
        <option>DESEDE</option> 
    </select><br> 
    <br> 
    <b>Input your key</b> (used for CFMX_COMPAT encryption only)<br> 
    <input type = "Text" name = "myKey" value = "foobar"><br> 
    <br> 
    <b>Enter string to encrypt</b><br> 
    <textArea name = "myString" cols = "40" rows = "5" WRAP = "VIRTUAL">This string will be encrypted (you can replace it with more typing). 
    </textArea><br> 
    <input type = "Submit" value = "Encrypt my String"> 
</form>