How to enable SSL for ColdFusion Administrator running on internal ColdFusion port. Generate a keystore, preferably of type PKCS12. Ensure that you have both public and private key pair imported into the keystore. Twitter™ and Facebook posts are not covered under the terms of Creative Commons. How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell. Users must generate a public/private key pair when their site implements host-based authentication or user public-key authentication. For additional options, see the ssh-keygen(1) man page. Before You Begin.
RandomKeygen is a free mobile-friendly tool that offers randomly generated keys and passwords you can use to secure any application, service or device. KEY RandomKeygen - The Secure Password & Keygen Generator. Q&A for Work. Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. Compatibility In C, the generation algorithm used by rand is guaranteed to only be advanced by calls to this function. In C, this constraint is relaxed, and a library implementation is allowed to advance the generator on other circumstances (such.
Description
Encrypts a string using a specific algorithm and encoding method.
String; can be much longer than the original string.
Security functions, String functions
Encrypt(string,key,[algorithm=CFMX_COMPAT,encoding=UU,IV=',iterations=0])
See also
Decrypt,EncryptBinary,DecryptBinary
ColdFRusion (2018 release): Introduced named parameters.
ColdFusion 8: Added support for encryption using the RSA BSafe Crypto-J library on Enterprise Edition.
ColdFusion MX 7.01: Added the IVorSalt and iterations parameters.
ColdFusion MX 7: Added the algorithm and encoding parameters.
Parameter | Description |
---|---|
string | String to encrypt. |
key | String. Key or seed used to encrypt the string.
|
algorithm | (Optional) The algorithm to use to encrypt the string. The Enterprise Edition of ColdFusion installs the RSA BSafe Crypto-J library, which provides FIPS-140 Compliant Strong Cryptography. It includes the following algorithms:
|
| |
In addition to these algorithms, you can use the algorithms provided in the Standard Edition of ColdFusion. | |
The Standard Edition of ColdFusion installs a cryptography library with the following algorithms:
If you install a security provider with additional cryptography algorithms, you can also specify any of its string encryption and decryption algorithms. | |
encoding | (Optional; if you specify this parameter, also specify the algorithm parameter). The binary encoding in which to represent the data as a string.
|
IVorSalt | (Optional) Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify thealgorithmparameter.
|
iterations | (Optional) The number of iterations to transform the password into a binary key. Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify the algorithm parameter with a Password Based Encryption (PBE) algorithm. Do not specify this parameter for Block Encryption algorithms. Use the same value to encrypt and decrypt the data. |
This function uses a symmetric key-based algorithm, in which the same key is used to encrypt and decrypt a string. The security of the encrypted string depends on maintaining the secrecy of the key.
The following are the FIPS-140 approved algorithms included in the RSA BSafe Crypto-J library that are used by ColdFusion. Some of these are not used with the encrypt function, but are used with other functions:
AES – ECB, CBC, CFB (128), OFB (128) – [128, 192, 256-bit key sizes]
AES – CTR Splatoon 2 pc license key generator.
Diffie-Hellman Key Agreement
DSA
FIPS 186-2 General Purpose [(x-Change Notice); (SHA-1)]
FIPS 186-2 [(x-Change Notice); (SHA-1)]
HMAC-SHAx (where x is 1, 224, 256, 384, or 512)
RSA PKCS#1 v1.5 (sign, verify) (SHA-1,SHA-224,SHA-256,SHA-384,SHA-512)
Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
Triple DES - ECB, CBC, CFB (64 bit), and OFB (64 bit)
All algorithms included in the RSA BSafe Crypto-J library are available for use in the Enterprise Edition. In certain cases, you may want to disable some algorithms. To disable the DESX, RC5, and MD5PRNG algorithms, specify the following in the JVM arguments on the Java and JVM page of the ColdFusion Administrator:
-Dcoldfusion.enablefipscrypto=true |
FIPS-140 approved cryptography is not available if you are running ColdFusion on WebSphere of JBoss.
To use the IBM/Lotus Sametime Instant Messaging Gateway in the Enterprise edition, disable the FIPS-140-only cryptography setting by specifying the following in the JVM arguments on the Java and JVM page of the ColdFusion Administrator:
-Dcoldfusion.disablejsafe=true |
In Standard Edition, for all algorithms except the default algorithm, ColdFusion uses the Java Cryptography Extension (JCE) and installs a Sun Java runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Adobe cannot provide technical support for third-party security providers.
The default algorithm, which is the same one used in ColdFusion 5 and ColdFusion MX, uses an XOR-based algorithm that uses a pseudo-random 32-bit key, based on a seed passed by the user as a function parameter. This algorithm is less secure than the other available algorithms.
The following example encrypts and decrypts a text string. It lets you specify the encryption algorithm and encoding technique. It also has a field for a key seed to use with the CFMX_COMPAT algorithm. For all other algorithms, it generates a secret key.
<h3>Encrypt Example</h3> |
Output
JbRh2Ez58OJc9wpZUDefz0GZyDnA0/IMuV9qaRcFzCY=
In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)
In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.
In other cases the program needs to generate the key pair. A key pair is generated by using the KeyPairGenerator
class.
In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.
Generating a key pair requires several steps:
Create a Key Pair Generator
The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.
As with all engine classes, the way to get a KeyPairGenerator
object for a particular type of algorithm is to call the getInstance
static factory method on the KeyPairGenerator
class. This method has two forms, both of which hava a String algorithm
first argument; one form also has a String provider
second argument.
A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.
Put the following statement after the
line in the file created in the previous step, Prepare Initial Program Structure:
Initialize the Key Pair Generator
The next step is to initialize the key pair generator. All key pair generators share the concepts of a keysize and a source of randomness. The KeyPairGenerator
class has an initialize
method that takes these two types of arguments.
The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.
The source of randomness must be an instance of the SecureRandom
class that provides a cryptographically strong random number generator (RNG). For more information about SecureRandom
, see the SecureRandom API Specification and the Java Cryptography Architecture Reference Guide .
The following example requests an instance of SecureRandom
that uses the SHA1PRNG algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom
instance to the key-pair generator initialization method.
Some situations require strong random values, such as when creating high-value and long-lived secrets like RSA public and private keys. To help guide applications in selecting a suitable strong SecureRandom
implementation, starting from JDK 8 Java distributions include a list of known strong SecureRandom
implementations in the securerandom.strongAlgorithms
property of the java.security.Security
class. When you are creating such data, you should consider using SecureRandom.getInstanceStrong()
, as it obtains an instance of the known strong algorithms.
Generate the Pair of Keys
The final step is to generate the key pair and to store the keys in PrivateKey
and PublicKey
objects.