GeneratePBKDFKey has been added in ColdFusion 11 to allow users to support PBKDF2 key derivation. 

Returns

A string that contains the encryption key. 

History

ColdFusion 11: Added this function

Category

Security functionsString functions

Function syntax

GeneratePBKDFKey(String algorithm, String string, String salt, int iterations, int keysize)

Parameters

Parameter

Description

algorithm

The encryption algorithm for which to generate the key.

The following algorithms are available in both standard and enterprise versions:

  • PBKDF2WithHmacSHA1
  • PBKDF2WithHmacSHA224
  • PBKDF2WithHmacSHA256
  • PBKDF2WithHmacSHA384
  • PBKDF2WithHmacSHA512

The following algorithms are available only in enterprise versions:

  • PBKDF2WithSHA1
  • PBKDF2WithSHA224
  • PBKDF2WithSHA256
  • PBKDF2WithSHA384
  • PBKDF2WithSHA512
  • PBKDF2WithSHA512-224
  • PBKDF2WithSHA512-256

ColdFusion Enterprise registers JSAFE as the default crypto provider. JSAFE provides the additional algorithms.

string

The string to be used for conversion.

salt

A random salt. The standard recommends a salt length of at least 64 bits (8 characters). The salt needs to be generated using a pseudo-random number generator (e.g SHA1PRNG).

iterations

The number of PBKDEF iterations to perform. The recommended value for iterations is 1000 or more.

keysize

The key size in number of bits.

Example

Encryption using PBKDF2

<cfscript>
       salt="A41n9t0Q";
       password = "Password@123";
       PBKDFalgorithm = "PBKDF2WithSHA512-224";
       dataToEncrypt= "Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
       sed do eiusmod tempor incididunt ut labore et dolore magna aliqua";
       encryptionAlgorithm = "AES";
       derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,password ,salt,4096,128);
       writeOutput("Generated PBKDFKey (Base 64) : " & derivedKey);
       encryptedData = encrypt(dataToEncrypt, derivedKey, encryptionAlgorithm, "BASE64");
       writeoutput("Data After Encryption using PBKDF2: " & encryptedData); 
</cfscript>

Decryption using PBKDF2

<cfscript>
       salt="A41n9t0Q";
       password = "Password@123";
       PBKDFalgorithm = "PBKDF2WithSHA512-224";
       derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,password ,salt,4096,128);
       decryptedData = decrypt(encryptedData, derivedKey, encryptionAlgorithm, "BASE64");
       writeoutput("Data After Decryption using PBKDF2: " & decryptedData); 
</cfscript>

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy