I need jCrypt java class in my ColdFusion application to encrypt passwords. Here is the code that I'm trying to use:
<cfscript>
cfobject( name="JCrypt", type="java", action="create", class="JCrypt" );
enc_password = trim(JCrypt.crypt("kL","myPassTest123"));
</cfscript>
Once I run this code error occurred with this message:
Object Instantiation Exception.
Class not found: JCrypt
The message indicates that class is not found. I'm wondering how I can implement jCrypt in my ColdFusion application? Thank you.
I would be hesitant to use something like JCrypt that has little to no footprint on the Internet as the base for password encryption. The sourceforge page has a link to a homepage to no longer exists. You should be using BCrypt for password encryption.
https://auth0.com/blog/hashing-in-action-understanding-bcrypt/
Brad Wood has a great presentation on ColdFusion and BCrypt called "Pass the Salt".
You can download a copy of JBcrypt here:
https://www.mindrot.org/projects/jBCrypt/
Here's a ColdBox Module that can give you some idea of a CF implementation:
https://github.com/coldbox-modules/cbox-bcrypt
That repo has a copy of the JBcrypt.jar file and a CFC wrapper that you can just drop into your application.
https://github.com/coldbox-modules/cbox-bcrypt/blob/master/modules/bcrypt/models/BCrypt.cfc
This wrapper uses a Java Loader to to load the JAR if you can't just drop the file into the CF server's lib path.
oBcrypt = new path.to.Bcrypt();
password = "Password";
hashed = oBcrypt.hashPassword(password);
check = oBcrypt.checkPassword(password, hashed);
The hashPassword() function will save the salt and the encrypted password in a single string that you save in the database.