I'm looking to Encrypt a Validation email.
So a user signs up : and it sends to "[email protected]"
I want to encrypt the return link. We will say it creates this "HKDLEK6798JKJK"
So it emails BOB : a clickable link of "http://website.com?urlem=HKDLEK6798JKJK"
When he clicks return link. I want to decrypt it back to "[email protected]"
<cfset key = generateSecretKey("AES") />
<!--- Set the ciphertext to a variable. This is the string you will store for later deciphering --->
<cfset cipherText = encrypt(em, key, "AES/CBC/PKCS5Padding", "HEX") />
<cfoutput>#cipherText#</cfoutput>
That creates the "HKDLEK6798JKJK" (I know it is more)
When the link comes back I am trying: (with URL back or setting I get same)
<cfset urlem = "HKDLEK6798JKJK">
<cfoutput>#urlem#</cfoutput>
<br><br>
<cfset urld = decrypt(urlem, key, "AES/CBC/PKCS5Padding", "HEX") />
<cfoutput>[#urld#]</cfoutput>
URLD is either blank or I get an error: Error: An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
AES is a symmetric-key algorithm, so you only create a key once and then store it as a secret in your configuration (for example in the APPLICATION scope). If the key changes, you can no longer decrypt any previously encrypted data.
Create an AES key using <cfoutput>#generateSecretKey("AES")#</cfoutput>. There's no need to have this line anywhere in your code base as you will probably never change this key ever gain (at least not for this web app).
The generated key is random combination of 16 Bytes (128 Bits), encoded as Base64 string. ColdFusion usually never expects the byte array, so you can work with the encoded value for encrypt and decrypt. It could look something like this: k1+pzMg/rqmbVGfI5MOf8Q== Notice the + and /? These are part of Base64 and nothing to worry about, but I would always recommend you to roll until you get a "nice looking" string for copy'n'paste reasons, like: YncQUYZYdPez360xNmq2tw==
Store the generated key as its Base64 encoded value in your web app configuration. If you have an Application.cfc, you could write it down in the onApplicationStart function. Or if you still have an Application.cfm, write it down there directly:
<cfset APPLICATION.AesKeyForMails = "YncQUYZYdPez360xNmq2tw==">
Of course, you can also just <cfinclude> a config file with the variable (don't use APPLICATION then). Whatever works best for you.
Encrypt the e-mail using the stored key:
<cfset encryptedMail = encrypt("[email protected]", APPLICATION.AesKeyForMails, "AES/CBC/PKCS5Padding", "HEX")>
This will return the encrypted data (byte array) and represent it as HEX encoded string, for example: A0E2D61277EE1966CDD571B25A8B088E81AF7953B52BBE086C5079A8565D3D718DC572474A0C7DEF5BFC2F8F90CC464B
Note that this value will change with every call due to block chaining (CBC mode). But don't worry, all of them can be decrypted the same way. (If you only specify AES for the algorithm parameter, it uses ECB mode, always returning the same result, which is considered less secure.)
Decrypt the encrypted e-mail using the stored key:
<cfset decryptedMail = decrypt("A0E2D61277EE1966CDD571B25A8B088E81AF7953B52BBE086C5079A8565D3D718DC572474A0C7DEF5BFC2F8F90CC464B", APPLICATION.AesKeyForMails, "AES/CBC/PKCS5Padding", "HEX")>
And there we go: [email protected]