I needed to encrypt some data to transfer a user to another system using a specified encryption algorithm where the service provider has supplied both the key and the initialisation vector.
Documentation is limited at best, but after beating my head against ColdFusion and Google I finally got it to work.
And it's good to share, so here we go...
1. First you need to get the Sun Unlimited Strength Jurisdiction Policy Files for Java (SUSJPFJ?)
You can get these from http://java.sun.com/j2se/1.4.2/download.html. Unzip jce_policy-1_4_2-1.zip into {jre}\lib\security\ - but it's probably a plan to back it up first. Restart CF. You'll have to restart it again in a minute, but softly softly catchy monkey...
2. Next Stop - BouncyCastle
Go and get the latest 1.4 release of the BouncyCastle service provider files from http://www.bouncycastle.org/latest_releases.html
Now you have to edit runtime\jre\lib\security\java.security to include the new service provider. Assuming that you currently have the default 5 service providers, add the following immediately below: -
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
Restart CF again. You should be ready to go.
3. An Example
It would be mean to get you this far without some example code. So here goes.
Inline CFML:
<cfset encryptionKey =tobase64("1BF03AB0CEF0AB4A7E793CE0")>
<cfset algorithm ="AES/CBC/PKCS7Padding">
<cfset initialisationVector = "C7D9769F6F261A41">
<cfset encrypted = Encrypt(stringToEncrypt, encryptionKey, algorithm, "Hex", initialisationVector)>
CFSCRIPT
stringToEncrypt = "ooh, ooh, it's a bit secret";
encryptionKey = tobase64("1CF03CF0CEF1CF4A7E733CE0");
algorithm = "AES/CBC/PKCS7Padding";
initialisationVector = "C6D3799F1F111A41";
encrypted = Encrypt(stringToEncrypt, encryptionKey, algorithm, "Hex", initialisationVector);
No comments:
Post a Comment