Decrypt

Last updated on 18 June 2024 | Also applies to ColdFusion

Description

Decrypts a string that is encrypted using a standard encryption technique, including strings encrypted by the Encrypt function.

Returns

An unencrypted string.

Function syntax

Decrypt(string, key, encoding, algorithm, IV_Salt, iterations)

History

ColdFusion (2023 release) Update 8 and ColdFusion (2021 release) Update 14: Changed the default algorithm from CFMX_COMPAT to AES/CBC/PKCS5Padding.
ColdFusion (2021 release): Added support for authentication encryption.
ColdFusion (2018 release): Introduced named parameters.
ColdFusion 8: Added support for encryption using the RSA BSafe Crypto-J library on Enterprise Edition.
ColdFusion MX 7.01: Added the IVorSalt and iterations parameters.
ColdFusion MX 7: Added the algorithm and encoding parameters.

Parameters

Parameter	Description
encrypted_string	String to decrypt.
key	String. For the CFMX_COMPAT algorithm, the seed that was used to encrypt the string; for all other algorithms, the string generated by the generateSecretKey() method.
algorithm	(Optional) The Enterprise Edition of ColdFusion installs the RSA BSafe Crypto-J library, which provides FIPS-140 Compliant Strong Cryptography. For a list of algorithms, see the Encrypt function.The Standard Edition of ColdFusion installs a cryptography library with the following algorithms: CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default). AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197. BLOWFISH: the Blowfish algorithm defined by Bruce Schneier. DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3. DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3. If you install a security provider with additional cryptography algorithms, you can also specify any of its string encryption and decryption algorithms. AES/GCM/NoPadding: AES-GCM algorithm. AES/CBC/PKCS5Padding: Encryption algorithm. Note: When using the algorithm: AES/GCM/NoPadding for this function, If you see the error- An error occurred while trying to encrypt or decrypt your input string: Tag mismatch!., either you could be using an incorrect salt or the value of the parameter iterations do not match the one used for encrypting the string.
encoding	(Optional; if you specify this parameter, also specify the algorithm parameter.) The binary encoding used to represent the data as a string. Must be the same as the algorithm used to encrypt the string. Base64: the Base64 algorithm, as specified by IETF RFC 2045. Hex: the characters A-F and 0-9 represent the hexadecimal byte values. UU: the UNIX standard UUEncode algorithm (default).
IVorSalt	(Optional) Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify the algorithm parameter. For Block Encryption Algorithms: The binary Initialization Vector value to use with the algorithm. The algorithm must contain a Feedback Mode other than ECB. This must be a binary value that is exactly the same size as the algorithm block size. For Password Based Encryption Algorithms: The binary Salt value to transform the password into a key.
iterations	(Optional) The number of iterations to transform the password into a binary key. Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify the algorithm parameter with a Password Based Encryption (PBE) algorithm. Do not specify this parameter for Block Encryption Algorithms. Use the same value to encrypt and decrypt the data.

Usage

This function uses a symmetric key-based algorithm, in which the same key is used to encrypt and decrypt a string. The parameter values must match the values used to encode string . The security of the encrypted string depends on maintaining the secrecy of the key. ColdFusion uses the Java Cryptography Extension (JCE) and installs a Sun Java runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Adobe cannot provide technical support for third-party security providers.

Example

<cfscript>
    myInfo={};
    myInfo.key = generateSecretKey("AES");
    myInfo.secret = "my secret";
    myInfo.encrypted=encrypt(myInfo.secret, myInfo.key, "AES", "Base64");
    myInfo.decrypted=decrypt(myInfo.encrypted, myInfo.key, "AES", "Base64");
    writeDump(myInfo);
</cfscript>

Output

EXAMPLE 2

<cfscript>  
    // string data  
    a = "abcd"  
    // generate the key  
    key = GenerateSecretKey("AES")  
    iterations="AssoicatedData"  
    randomIntegers = [];  
    // generate the SALT value  
    for ( i = 1 ; i <= 12 ; i++ ) {  
        arrayAppend( randomIntegers, randRange( -128, 127, "SHA1PRNG" ) );  
    }  
    initializationVector = javaCast( "byte[]", randomIntegers )  
    // encrypt srring  
    enc1 = Encrypt(string=a,   
                   key=key,   
                   encoding="UU",   
                   algorithm="AES/GCM/NoPadding",  
                   IV_Salt=initializationVector,   
                   iterations=iterations)  
    // decrypt string  
    dec1= Decrypt(string=enc1,   
                  key=key,   
                  encoding="UU",   
                  algorithm="AES/GCM/NoPadding",  
                  IV_Salt=initializationVector,   
                  iterations=iterations)  
    writeDump(dec1)  
</cfscript>

Output

abcd

Adobe

Get help faster and easier

New user?