Coldfusion: Encrypting and Decrypting Data

Sometimes it is necessary and/or standard procedures to encrypt data when storing in a database from online forms. A quick example that come to my mind, that I have encrypted would be passwords. As a developer, you should find it necessary to encrypt confidential data in databases. Just because you have the standard SSL for https encyrption of information flowing from browser to server, you should still have it in policy to encrypt the data stored on the server. Now, there is some data that just should NOT be stored in any database, SSN and Credit Card numbers come to mind.

I use Adobe Coldfusion as my development platform for all my web applications. Utlizing it's encryption functionality is a must. What encrypt does is, takes a string of text, and using a specific algorithm and encoding method, encrypts it. Likewise, decrypt takes that encrypted string and decrypts it back to the original string, keeping the data secure on the server.

Parameters

First, I set some parameters to use with the process. These paramets could be stored in the application.cfm file, or on the actual page used. For more information on the parameters used and the options for each, please visit http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions_e-g_01.html

<cfparam name="MyKey" default="JC2HI71J8UR548CSDD1SDSDJ455LN9P">
<cfparam name="myAlgorithm" default="CFMX_COMPAT">
<cfparam name="myEncoding" default="Base64">

Encryption and Decryption Sample Code:

Below is the sample code for using the parameters above with the field that is submitted from the HTML form. This sample reflects both the encryption and decryption syntax.

  <cfscript>
      /* GenerateSecretKey does not generate key for the CFMX_COMPAT algorithm,
        so use the key from the form.
      */
      if (myAlgorithm EQ "CFMX_COMPAT")
         theKey=MyKey;
      // For all other encryption techniques, generate a secret key.
      else
         theKey=generateSecretKey(myAlgorithm);
      //Encrypt the string
      encrypted=encrypt(myString, theKey, myAlgorithm,
         myEncoding);
      //Decrypt it
      decrypted=decrypt(encrypted, theKey, myAlgorithm, myEncoding);
</cfscript>

HTML Sample:

Below is just a single form field, being used as the sample to pass the string to the routine above.

<cfform action="?testit=yes" method="post">
TEXT: <cfinput type="text" name="mystring" size="20" maxlength="20">
<input type="submit" value="Submit">
</cfform>

Output Results

below is a basic <cfoutput> with the output results from the encryption and decryption routine above.

<cfoutput>
MyString: #mystring#
<br>
Encrypted: #encrypted#
<br>
Decrypted: #decrypted#
</cfoutput>

More by this Author


Click to Rate This Article
working