encryption with other technologies and coldfusion
For the past week, I have been working on encrypting strings using ColdFusion and needed to make sure that a .Net application could do the same; encrypt the string the same way I was doing it and then return the same encrypted string, so I am able to decrypt it. I was using AES encryption like this:
<cfset stringToEnc = "mystring" />
<cfset encryptedString = encrypt(stringToEnc,key,"AES") />
So I told the .Net developer what I was using. He came back and asked things like what cipher mode are you using and what vector are you using and what padding are you going with? Uh? What?! I had no idea. So I did some searching. I found this tech note on Adobe's site here that did describe the other attributes that can be used when using the encrypt and decrypt functions (and these other attributes I actually had to use).
What finally worked was to do this:
<cfset stringToEnc = "mystring" />
<cfset salt = "mysaltsixteenchr" /><!--- must be sixteen characters long -->
<cfset encryptedString = encrypt(stringToEnc,key,"AES/CFB/NoPadding","Base64",salt) />
The .Net programmer was successful in using this on his side as well. I could go in to what exactly every attribute means, but I don't have that much time and you can read the article I noted above.
My question is, and I could not find this anywhere, is what are the defaults for the algorithms? For example, what is the default cipher mode and padding for each algorithm? And what is the length the vector or IVorSalt as the documentation states? I'm not a big encryption guy so any help would be appreciated!
There are no comments for this entry.
[Add Comment]