You left out the algorithm: "AES" in your encrypt() call this time - also
since you have the unlimited strength policy files you might consider
generating a 256 bit key instead of the default 128, by doing:
GenerateSecretKey("AES", 256)
I have not found that I need the unlimited strength jurisdiction policy on
CF9 standard when using the default 128 bit AES encryption, only when going
up to 256 bit keys.
--
Pete Freitag - Adobe Community Professional
http://foundeo.com/ - ColdFusion Consulting & Products
http://hackmycf.com - Is your ColdFusion Server Secure?
http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10
minutes
On Mon, Nov 5, 2012 at 7:15 PM, Eric Bourland <e...@ebwebwork.com> wrote:
>
> Hi, Wil,
>
> I read up on the generateSecretKey function, both in your very helpful
> example page, and on adobe:
>
> http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08
> 11cbec22c24-6e72.html
>
> I am having a little trouble with syntax. Here is my insert statement:
> <!--- provide default value for form.AES --->
> <cfparam name="form.AES" default="">
>
> <!--- insert statement uses encrypt function to place in the database an
> encrypted value for CreditCardNumber --->
> CreditCardNumber = <cfqueryparam cfsqltype="cf_sql_varchar"
> value="#encrypt(form.CreditCardNumber,generateSecretKey(form.AES),"UU")#">,
>
> This insert statement returns the error:
>
> The '' algorithm is not supported by the Security Provider you have chosen.
>
> (I am also not clear why the encryption method, AES, needs to be defined in
> the scope of FORM.)
>
> I was wondering if I could do the generateSecretKey function, and store the
> result in a variable (as you did, I think, in your example on trunkful.com
> ).
> But again I get confused. Doesn't the key have to be a constant value? And
> stored in a constant place? It seems like the generateSecretKey function
> generates a new key every time the form is processed.
>
> Sorry to drag on with this question. I am still reading up in the
> documentation to see if I can construct a working insert statement. Thank
> you all again for your time and advice.
>
> Eric
>
>
>
> -----Original Message-----
> From: Wil Genovese [mailto:jugg...@trunkful.com]
> Sent: Sunday, November 04, 2012 9:58 PM
> To: cf-talk
> Subject: Re: encrypt / decrypt question
>
>
> Eric,
>
> A while back I was testing all the encryption and decryption types and
> wrote
> a short cfm page that let me do the testing. The code there is a good
> example of how it all works. Instead of trying to write it up and post here
> I created a very short and sweet blog post about this.
>
>
> http://www.trunkful.com/index.cfm/2012/11/4/Encryption-and-Decryption-in-Col
> dFusion
>
> I hope this helps.
>
> Wil Genovese
> Sr. Web Application Developer/
> Systems Administrator
> CF Webtools
> www.cfwebtools.com
>
> wilg...@trunkful.com
> www.trunkful.com
>
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353068
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
