You left out the algorithm: "AES" in your encrypt() call this time - also since you have the unlimited strength policy files you might consider generating a 256 bit key instead of the default 128, by doing:
GenerateSecretKey("AES", 256) I have not found that I need the unlimited strength jurisdiction policy on CF9 standard when using the default 128 bit AES encryption, only when going up to 256 bit keys. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting & Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Mon, Nov 5, 2012 at 7:15 PM, Eric Bourland <e...@ebwebwork.com> wrote: > > Hi, Wil, > > I read up on the generateSecretKey function, both in your very helpful > example page, and on adobe: > > http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08 > 11cbec22c24-6e72.html > > I am having a little trouble with syntax. Here is my insert statement: > <!--- provide default value for form.AES ---> > <cfparam name="form.AES" default=""> > > <!--- insert statement uses encrypt function to place in the database an > encrypted value for CreditCardNumber ---> > CreditCardNumber = <cfqueryparam cfsqltype="cf_sql_varchar" > value="#encrypt(form.CreditCardNumber,generateSecretKey(form.AES),"UU")#">, > > This insert statement returns the error: > > The '' algorithm is not supported by the Security Provider you have chosen. > > (I am also not clear why the encryption method, AES, needs to be defined in > the scope of FORM.) > > I was wondering if I could do the generateSecretKey function, and store the > result in a variable (as you did, I think, in your example on trunkful.com > ). > But again I get confused. Doesn't the key have to be a constant value? And > stored in a constant place? It seems like the generateSecretKey function > generates a new key every time the form is processed. > > Sorry to drag on with this question. I am still reading up in the > documentation to see if I can construct a working insert statement. Thank > you all again for your time and advice. > > Eric > > > > -----Original Message----- > From: Wil Genovese [mailto:jugg...@trunkful.com] > Sent: Sunday, November 04, 2012 9:58 PM > To: cf-talk > Subject: Re: encrypt / decrypt question > > > Eric, > > A while back I was testing all the encryption and decryption types and > wrote > a short cfm page that let me do the testing. The code there is a good > example of how it all works. Instead of trying to write it up and post here > I created a very short and sweet blog post about this. > > > http://www.trunkful.com/index.cfm/2012/11/4/Encryption-and-Decryption-in-Col > dFusion > > I hope this helps. > > Wil Genovese > Sr. Web Application Developer/ > Systems Administrator > CF Webtools > www.cfwebtools.com > > wilg...@trunkful.com > www.trunkful.com > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353068 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm