In ColdFusion the string to be encrypted/decrypted "is always interpreted as a UTF-8 string". Once you have aligned the cipher settings, double check the encoding used on the various values. See also Strong encryption in ColdFusion MX 7 * Note: Unlimited encryption is required in CF for keys larger than 128 bit So exchanging values between the two may not work right off the bat.Īllowed Key Lengths 128, *192, *256 bit 128, 192, 256 bit For example, the default mode is CBC rather than ECB and the default key size is 256 bit. The defaults for the RijndaelManaged class are a bit different than ColdFusion's. You just need to ensure the settings on both ends match up. But once you are aware of the additional settings for the various algorithms, it is much easier to figure out how to align the results. Now chances are the external tool you are working with probably does not use exactly the same defaults as ColdFusion. To specify a different mode or padding just change the algorithm value. So in other words, the algorithm values AES and AES/ECB/PKCS5Padding are equivalent. But in the case of AES the defaults are ECB and PKCS5Padding. The defaults may vary depending on which algorithm you select. When you use the short-hand name, ColdFusion applies the default cipher mode and padding scheme automatically. What is not immediately obvious is that those simple names are short-hand for several settings: the algorithm, cipher mode and padding scheme. Most examples you will see use simple names like AES or DESEDE. If only to help developers avoid some of the more common interoperability problems.Ī prime example is the algorithm argument. But there are a few key aspects of the encrypt/decrypt functions that I feel could really use some illumination. Realistically it would require whole volumes to provide a comprehensive explanation of encryption. Now to a degree, the minimal documentation is understandable. Unfortunately, the ColdFusion documentation on the encrypt/decrypt functions is a bit sketchy in places. But it is the source of more problems than you might think. Now I know that seems like a blatantly obvious statement. While I am certainly no expert on the subject, most of the issues I have encountered, or seen in various forums, tend to involve two things: cipher settings and encoding. While they may seem obvious to some of you, many of them were not at all obvious to me. But it got me to thinking about some of the common pitfalls when trading encrypted data with external tools. So for the most part, compatibility should not be issue. The libraries used by ColdFusion (Sun JCE) are pretty standard. Recently, I have seen a few questions about encryption interoperability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |