what if I am replacing Form.Number with a string of characters and then outputing that to a page to see what I end up with how would I hard code this code to say use the word funfilled instead of form.number.
Error Message: The key specified is not a valid key for this encryption: Invalid AES key length: 18 bytes. Use the generateSecretKey method to generate a valid key for this operation. The error occurred on line 4.
I know generateSecretKey create a unique key but how do I get that same key to decrypt this string later on? Using this for a log in log out page.
When you use generateSecretKey() you store the value it returns. Somewhere safe (Not in the database with the data that it is encrypting).
Key management is not a simple thing to discuss, so please don't ask "Where should I put the key then", cause there is no simple answer. Crypto is anything but easy, even in ColdFusion.
You can create your own key if you want, but it needs to be the appropriate length.
For key management guidelines, check out the NIST resources here: http://csrc.nist.gov/groups/ST/toolkit/key_management.html
What version of ColdFusion are you using? Are you sure that at the time of calling encrypt() that the application variable has not been overwritten or modified by something else?
As an experiment try setting the key immediately before callign encrypt()
7
Replies
AdChoices