I tested the original code with CF9 Developer edition, and with some minor changes to the code, it worked fine. The original poster was doing more conversion than was needed. <cfscript> rc4key = toBase64('823hjdFD00fQFSDFJweru87fsj34FS'); passhex = '668413106F51AB'; DecryptedPassword = Decrypt( passhex, rc4key, 'RC4','HEX'); writeoutput(decrypted); </cfscript> I did not need to add any additional crypto libs or providers. I do not have a copy of CF Standard to test this on, but if there is not a provider included in CF Standard or the JVM you are running it on that includes RC4, then you may need to install one. Although, it looks to me like RC4 is standard with Java JCE (which is now a standard part of the JDK). The ColdFusion encrypt docs are a little misleading, I think. When it is referring to the algorithms that are included with Enterprise vs. Standard, it is referring to the BSafe Crypto-J library that is licensed for use and included with Enterprise. It then mentions the other algorithms that are only included with Standard. This does NOT mean that these are the onyl algorithms availabel in Standard, they are just the only ones included. But since ColdFusion sits on Java, and tje JVM has included the JCE for some time, there are many other providers available to you. I'm not sure about Standard, but the developer edition has 11 of them. Try this out to see: <cfdump var="#createObject("java", "java.security.Security").getProviders()#"> I'd say there is a good chance that there is a provider in standard that has RC4 available. And, if there really isn't one, then adding BouncyCastle as a provider is not terribly difficult. http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation You can do it at runtime with the same Security object I used above, using the addProvider() method. Or you can add it through config as outlined int he above link. Either way, you need to add the provider files to your class path.
... View more