generatePBKDFKey

CFML implementation of Password-Based Key-Derivation Function (PBKDF)

generatePBKDFKey(algorithm, passphrase, salt, iterations, keySize); → returns string

generatePBKDFKey Argument Reference

algorithm string
Required

Hashing algorithm used for generating key
Values:
  • PBKDF2WithHmacSHA1
  • PBKDF2WithSHA1
  • PBKDF2WithSHA224
  • PBKDF2WithSHA256
  • PBKDF2WithSHA384
  • PBKDF2WithSHA512

passphrase string
Required

Passphrase used for the key. KEEP THIS SECRET.

salt string
Required

A string which will be added to the passphrase before encryption.
The standard recommends a salt length of at least 64 bits (8 characters). The salt needs to be generated using a pseudo-random number generator (e.g SHA1PRNG)

iterations numeric
Required

The number of PBKDEF iterations to perform. A minimum recommended value is 1000

keySize numeric
Required

The length in bytes of the key to generate
Values:
  • true
  • false

Compatibility

ColdFusion:

Version 11+ Adobe ColdFusion Enterprise includes a java crypto provider that implements these algorithms. These algorithms are available only in enterprise versions: PBKDF2WithSHA1 PBKDF2WithSHA224 PBKDF2WithSHA256 PBKDF2WithSHA384 PBKDF2WithSHA512 PBKDF2WithSHA512-224 PBKDF2WithSHA512-256

Lucee:

Version 5+ For Lucee it is up to the provider that you have installed, if using the default java crypto provider it only supports "PBKDF2WithHmacSHA1" on Java 1.7 for example. If you are using Java 8 it supports more algorithms. iterations and keySize parameters are optional in Lucee.

Links more information about generatePBKDFKey

Examples sample code invoking the generatePBKDFKey function

generatePBKDFKey("PBKDF2WithHmacSHA1", "secret", "salty", 5000, 128)

Expected Result: Y0MCpCe3zb0CNJvyXNUWEQ==

// some variables
password = "top_secret";
dataToEncrypt= "the most closely guarded secret";
encryptionAlgorithm = "AES";
keysize = 128;
algorithmVersion = 512;
PBKDFalgorithm = 'PBKDF2WithHmacSHA' & algorithmVersion;
    
// Generate key as recommended in docs
length = keysize / 8;
multiplicator = 10 ^ length;
salt = Round(Randomize(5,'SHA1PRNG') * multiplicator);
    
// The magic happens here
PBKDFKey = GeneratePBKDFKey(PBKDFalgorithm, password, salt, algorithmVersion, keysize);
encryptedData = encrypt(dataToEncrypt, PBKDFKey, encryptionAlgorithm, "BASE64"); 
decryptedData = decrypt(encryptedData, PBKDFKey, encryptionAlgorithm, "BASE64");
    
//Output
writeOutput("<b>Generated PBKDFKey (Base 64)</b>: " & PBKDFKey);
writeOutput("<br /><b>Data After Encryption</b>: " & encryptedData);
writeOutput("<br /><b>Data After Decryption</b>: " & decryptedData); 

Fork me on GitHub