encrypt

Encrypts a string. Uses a symmetric key-based algorithm, in which the same key is used to encrypt and decrypt a string. The security of the encrypted string depends on maintaining the secrecy of the key. Algorithm support is determined by the installed default JCE provider.

encrypt(String, key [, algorithm] [, encoding] [, ivorsalt] [, iterations]) → returns String

Argument Reference for the encrypt function

String

Required: Yes
String to encrypt.

key

Required: Yes
Key or seed used to encrypt the string.
* For the CFMX_COMPAT algorithm, any combination of any number of characters; used as a seed used to generate a 32-bit encryption key.
* For all other algorithms, a key in the format used by the
algorithm. For these algorithms, use the GenerateSecretKey
function to generate the key.

algorithm

Required: No
Default: CFMX_COMPAT
The algorithm to use to encrypt the string.
* CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).
* AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197.
* BLOWFISH: the Blowfish algorithm defined by Bruce Schneier.
* DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3.
* DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3. Values:
  • CFMX_COMPAT
  • AES
  • BLOWFISH
  • DES
  • DESEDE

encoding

Required: No
Default: UU
The binary encoding used to represent the data as a string.
Must be the same as the algorithm used to encrypt the string.
* Base64: the Base64 algorithm, as specified by IETF RFC 2045.
* Hex: the characters A-F and 0-9 represent the hexadecimal byte values.
* UU: the UNIX standard UUEncode algorithm (default).
If you specify this parameter, you must also specify the algorithm parameter. Values:
  • UU
  • Base64
  • Hex

ivorsalt

Required: No
Specify this parameter to adjust ColdFusion encryption to match
the details of other encryption software. If you specify this
parameter, you must also specify the algorithm parameter.
* For Block Encryption Algorithms: This is the binary
Initialization Vector value to use with the algorithm. The
algorithm must contain a Feedback Mode other than ECB. This
must be a binary value that is exactly the same size as the
algorithm block size.
* For Password Based Encryption Algorithms: This is the binary
Salt value to transform the password into a key.

iterations

Required: No
The number of iterations to transform the password into a
binary key. Specify this parameter to adjust ColdFusion
encryption to match the details of other encryption software.
If you specify this parameter, you must also specify the
algorithm parameter with a Password Based Encryption (PBE)
algorithm. Do not specify this parameter for Block Encryption
Algorithms. You must use the same value to encrypt and
decrypt the data.
* For Password Based Encryption Algorithms: This is the
binary Salt value to transform the password into a key.

Compatibility

ColdFusion:

CF 7+ Added support for additional algorithms

Links more information about encrypt

Examples sample code invoking the encrypt function


Encrypt using AES Encryption

The key must be generated using the generateSecretKey("AES") function.

encrypt("top secret", "WTq8zYcZfaWVvMncigHqwQ==", "AES", "Base64")

Expected Result: keciULin7bxOWvN/BOarWw==


Encrypt using Cipher Block Chaining (CBC) mode

By default encrypt() uses the Electronic Code Book (ECB) mode for encryption.
For increased security you should specify the mode and padding to use. In this example we will use CBC mode and PKCS5Padding.

msg = 'data to encrypt';
key = generateSecretKey('AES');
encMsg = encrypt( msg, key, 'AES/CBC/PKCS5Padding', 'HEX');
writeOutput( encMsg );

Fork me on GitHub