GeneratePBKDFKey

Alert:

The function GeneratePBKDFKey may not work as expected with JDK 11.0.17. As a workaround, edit the java.security file located in ColdFusion/jre/<path_to_conf_folder>/security/ or \Program Files\Java\jdk-11\conf\security, and remove the string - SHA1 denyAfter 2019-01-01.

Restart ColdFusion after the changes.

GeneratePBKDFKey has been added in ColdFusion 11 to allow users to support PBKDF2 key derivation. 

Returns

A string that contains the encryption key. 

History

ColdFusion 11: Added this function

Category

Security functionsString functions

Function syntax

GeneratePBKDFKey(String algorithm, String string, String salt, int iterations, int keysize )

Parameters

Parameter

Description

algorithm

The encryption algorithm for which to generate the key.

The following algorithms are available in both standard and enterprise versions:

  • PBKDF2WithHmacSHA1
  • PBKDF2WithHmacSHA224
  • PBKDF2WithHmacSHA256
  • PBKDF2WithHmacSHA384
  • PBKDF2WithHmacSHA512

The following algorithms are available only in enterprise versions.

Note: For the workaround at the beginning of the document, the following algorithms are supported.

  • PBKDF2WithSHA1
  • PBKDF2WithSHA224
  • PBKDF2WithSHA256
  • PBKDF2WithSHA384
  • PBKDF2WithSHA512
  • PBKDF2WithSHA512-224
  • PBKDF2WithSHA512-256

ColdFusion Enterprise registers JSAFE as the default crypto provider. JSAFE provides the additional algorithms.

string

The string to be used for conversion.

salt

A random salt. The standard recommends a salt length of at least 64 bits (8 characters). The salt needs to be generated using a pseudo-random number generator (e.g SHA1PRNG).

iterations

The number of PBKDEF iterations to perform. The recommended value for iterations is 1000 or more.

keysize

The key size in number of bits.

Example

ENCRYPTION USING PBKDF2

<cfscript>
       salt="A41n9t0Q";
       password = "Password@123";
       PBKDFalgorithm = "PBKDF2WithSHA512-224";
       dataToEncrypt= "Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
       sed do eiusmod tempor incididunt ut labore et dolore magna aliqua";
       encryptionAlgorithm = "AES";
       derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,password ,salt,4096,128);
       writeOutput("Generated PBKDFKey (Base 64) : " & derivedKey);
       encryptedData = encrypt(dataToEncrypt, derivedKey, encryptionAlgorithm, "BASE64");
       writeoutput("Data After Encryption using PBKDF2: " & encryptedData); 
</cfscript>

Decryption using PBKDF2

<cfscript>
       salt="A41n9t0Q";
       password = "Password@123";
       PBKDFalgorithm = "PBKDF2WithSHA512-224";
       derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,password ,salt,4096,128);
       decryptedData = decrypt(encryptedData, derivedKey, encryptionAlgorithm, "BASE64");
       writeoutput("Data After Decryption using PBKDF2: " & decryptedData); 
</cfscript>

Get help faster and easier

New user?