Coldfusion Strong Encryption: 256bit and higher

This does not get enough attention.

Out of the box Coldfusion does not have strong encryption and will not generate keys higher than 128 bits. You must upgrade the underlying Java library in order to gain access to strong encryption. Currently the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 download is located here. Download the file, decompress it, and then replace the existing US_export_policy.jar & local_policy.jar files from your Coldfusion install with the ones that you’ve just downloaded. After restarting Coldfusion you will be able to use the GenerateSecretKey function to create keys stronger than 128 bits.

This has been tested to work with CF8 & CF9.

Replacing the files did not cause errors in CF7, but in CF7 the GenerateSecretKey function only takes one argument which is the encryption algorithm and does not allow for a key length to be specified. Perhaps those of you who know java will be able to access the underlying encryption library directly and still get it to work in CF7?

UPDATE: I tried this and it still seems to not work.

UPDATE: Per Jason Dean’s comment below: for this to work in CF7 you need to use a different library. The strong encryption library for CF7 can be downloaded here.

2 thoughts on “Coldfusion Strong Encryption: 256bit and higher”

  1. I just wanted to point out to anyone that may come across this post that it actually IS possible to use this code (or at least similar code) with the unlimited strength jurisdiction policy files on ColdFusion MX 7.

    Since CF7 uses an OLD version of Java, you do need an old version of the JCE. You can find the correct version here: https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=7503-jce-1.4.2-oth-JPR@CDS-CDS_Developer

    I am guessing that is the problem you were having.

    I tested this with CFMX7 and the JCE linked about on Windows 7 and it worked flawlessly.

Leave a Reply

Your email address will not be published. Required fields are marked *