GeneratePBKDFKey

Last updated on 9 October 2023

Alert:

The function GeneratePBKDFKey may not work as expected with JDK 11.0.17. As a workaround, edit the java.security file located in ColdFusion/jre/<path_to_conf_folder>/security/ or \Program Files\Java\jdk-11\conf\security, and remove the string - SHA1 denyAfter 2019-01-01.

Restart ColdFusion after the changes.

GeneratePBKDFKey has been added in ColdFusion 11 to allow users to support PBKDF2 key derivation.

Returns

A string that contains the encryption key.

History

ColdFusion 11: Added this function

Function syntax

GeneratePBKDFKey(String algorithm, String string, String salt, int iterations, int keysize )

Parameters

Parameter	Description
algorithm	The encryption algorithm for which to generate the key. The following algorithms are available in both standard and enterprise versions: PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 The following algorithms are available only in enterprise versions. Note: For the workaround at the beginning of the document, the following algorithms are supported. PBKDF2WithSHA1 PBKDF2WithSHA224 PBKDF2WithSHA256 PBKDF2WithSHA384 PBKDF2WithSHA512 PBKDF2WithSHA512-224 PBKDF2WithSHA512-256 ColdFusion Enterprise registers JSAFE as the default crypto provider. JSAFE provides the additional algorithms.
string	The string to be used for conversion.
salt	A random salt. The standard recommends a salt length of at least 64 bits (8 characters). The salt needs to be generated using a pseudo-random number generator (e.g SHA1PRNG).
iterations	The number of PBKDEF iterations to perform. The recommended value for iterations is 1000 or more.
keysize	The key size in number of bits.

Example

ENCRYPTION USING PBKDF2

<cfscript>
       salt="A41n9t0Q";
       password = "Password@123";
       PBKDFalgorithm = "PBKDF2WithSHA512-224";
       dataToEncrypt= "Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
       sed do eiusmod tempor incididunt ut labore et dolore magna aliqua";
       encryptionAlgorithm = "AES";
       derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,password ,salt,4096,128);
       writeOutput("Generated PBKDFKey (Base 64) : " & derivedKey);
       encryptedData = encrypt(dataToEncrypt, derivedKey, encryptionAlgorithm, "BASE64");
       writeoutput("Data After Encryption using PBKDF2: " & encryptedData); 
</cfscript>

Decryption using PBKDF2

<cfscript>
       salt="A41n9t0Q";
       password = "Password@123";
       PBKDFalgorithm = "PBKDF2WithSHA512-224";
       derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,password ,salt,4096,128);
       decryptedData = decrypt(encryptedData, derivedKey, encryptionAlgorithm, "BASE64");
       writeoutput("Data After Decryption using PBKDF2: " & decryptedData); 
</cfscript>

Adobe

Get help faster and easier

New user?