• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Coldfusion and PGP

Explorer ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

Hi All,

I have pgp desktop installed on my server and I try to decrypt a string using my private & public key but I am completely lost...
Should I use cfexecute with gnugp, a cfx tag or open pgp or the Bouncy Castle Cryptography Library ...

I have a post form where I recieve a encrypted userid and I just need to decrypt it ...
Can you please help ?
TOPICS
Advanced techniques

Views

6.6K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

Hi,

Found this CFC,

https://store1.adobe.com/cfusion/exchange/index.cfm?event=extensionDetail&loc=en_us&extid=1010167

Anyway I am not sure whether it will meet your requirement or not.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

Thank you, but I have already tried to use this cfc.
I am able to encrypt a string but when I try to decrypt it I have this error :


quote:

An exception occurred when executing a COM method. The cause of this exception was that: AutomationException: 0x80004005 - Memory allocation error in 'Nsdpgp3Lib.PGP.1'. The error occurred in C:\Inetpub\wwwroot\EAMEDASHBOARD\pgp.cfc: line 319

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

We use CFX_PGP - a 3rd party solution - for all of our PGP needs. It works very well and we've had no problems with it. I don't think there are many other solutions out there.

Cheers,

David

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

We use CFX_PGP - a 3rd party solution - for all of our PGP needs. It works very well and we've had no problems with it. I don't think there are many other solutions out there.

Here is a link to the company - they were nice enough to give us a free license for our development machine.

Cheers,

David

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

thank you David but where's the link ?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

Oops, sorry: www.digitaloutlook.com

There appears to be an error on the store site right now, but I'm sure an email to the administrator will get it sorted out pretty quickly.

I hope it is what you are looking for.

David

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

Thank you !
I'll let you know ...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 15, 2008 Dec 15, 2008

Copy link to clipboard

Copied

Thank you !
I'll let you know ...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 16, 2008 Dec 16, 2008

Copy link to clipboard

Copied

I've test the cfx_pgp tag but I was not able to encrypt or decrypt a string.
There is something weird because when I try to encrypt something, I have an error telling me that the passphrase is not correct (normaly you do not need to use a passphrase to encrypt ..)

so well... I am still stuck ....

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Dec 16, 2008 Dec 16, 2008

Copy link to clipboard

Copied

Hi,

Have you contacted their(www.digitaloutlook.com) support?..

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 16, 2008 Dec 16, 2008

Copy link to clipboard

Copied

Ok it's fixed !
I had to uncheck this on the CF Admin

Keep Library Loaded (Check this box to retain the library in RAM. )

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 17, 2008 Dec 17, 2008

Copy link to clipboard

Copied

Where is the "Keep Library Loaded" in CF Admin? Are you using CF8?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 19, 2008 Dec 19, 2008

Copy link to clipboard

Copied

Hi hwy419,

yes I am running cf8.
you'll find this option there : Extensions > CFX Tags > Manage C++ CFX

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 16, 2008 Dec 16, 2008

Copy link to clipboard

Copied

Unfortunately I'll have to pay 400 bucks for that ...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 16, 2008 Dec 16, 2008

Copy link to clipboard

Copied

I use this free command-line tool for Windows:

http://www.pgpi.org/products/pgp/versions/freeware/win32/6.5.8/

and cfexecute. It works just fine and doesn't cost a penny.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 16, 2008 Dec 16, 2008

Copy link to clipboard

Copied

Cool,

does it work with pgp 9 ?
if it does can you please send me an example of how to use the tool with cfexecute to decrypt a string ?

I never used cfexecute tag... :-(

Thank you !

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 17, 2008 Dec 17, 2008

Copy link to clipboard

Copied

I don't know offhand if it works with PGP 9. You'll have to find that out yourself :).

Below is the cfexecute code that I used, where the request.pgp.exe variable contains a full path to the PGP executable.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 17, 2008 Dec 17, 2008

Copy link to clipboard

Copied

Thanks Joshua

but what's #attributes.inputFilePath# & #attributes.outputFilePath#
is it the syntax to decrypt a string ?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 17, 2008 Dec 17, 2008

Copy link to clipboard

Copied

The command-line tool works on files, not strings. So, you put into a file the string that you want decrypted.

Then, attributes.inputFilePath is the variable containing the full path to the file to be decrypted.

attributes.outputFilePath is the variable containing the full path to the file that will be created to contain the decrypted information.

attribute.passphrase is the variable containing the passphrase needed to gain access to the private key needed for the decryption.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Feb 08, 2010 Feb 08, 2010

Copy link to clipboard

Copied

One of the simpler things I tried for this is to use the BonCode PGP implementation from RIAForge.

It only implements a simple subset of PGP functions using armored files. Thus,

the examples given use armored/compacted files. These files have an .asc extension.

You can generate those using your PGP Desktop software and read the results with it.

For your simple example you pass in your content, your public key path to a function and it will encrypt it for you.

If you want to decrypt it you use another function passing in the key file location (the path to your key files you generated with PGP Desktop). It will need your private key path, your password, and your content to decrypt.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Mar 05, 2010 Mar 05, 2010

Copy link to clipboard

Copied

Not a very good title but check out my cookbook entry on how I handle PGP on my win server with Coldfusion.

http://cookbooks.adobe.com/post_How_to_execute_a_Windows__bat_file_-16396.html

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Mar 08, 2010 Mar 08, 2010

Copy link to clipboard

Copied

CF has some "pretty good" encryption routines of its own which you might be able to use ... unless you had to use PGP.

Quite frankly, though, I think that encryption is often used too much.  If, for exmple, you know that you are talking over an "https://" secured link, then you already have very strong encryption of the entire conversation between the client and the host ... even though all of it is entirely invisible to you.  There is no incremental benefit to further encrypting the data that you are sending over an already-secure channel.

The built-in CF encryption routines are, of course, based on the underlying Java library implementations.  If you need to encrypt data in a database, you might be able to use them.  But once again, your database might already provide an encrypted store, in which case there is no incremental benefit to a cumbersome additional encryption layer of your own.

Anytime you "roll your own crypto," you run the very great risk of having a false sense of security.  "If it's difficult to do, then it must be secure."  That may well not be the case.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Mar 12, 2010 Mar 12, 2010

Copy link to clipboard

Copied

There is no incremental benefit to further encrypting the data that you are sending over an already-secure channel.

Sorry I but have to correct this, as this is just not true.  The major difference is HTTPS is only point to point, using key pairs you ensure end to end security.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Mar 15, 2010 Mar 15, 2010

Copy link to clipboard

Copied

If you are dealing with a "man in the middle" situation, yes, you have to send encrypted material in such a way that it remains secure even if it is sent via carrier-pigeon.

It is extremely difficult, though, to ensure truly secure communications and message-integrity in such a situation, where the messages must make "an intermediate stop" or be entrusted to a potentially un-trustworthy third party message handler (such as e-mail).  And once again, there might be a protocol such as S/MIME that would provide a "secure channel apart from the web-app itself."

So...  if you can possibly avail yourself of "a secure channel apart from the web-app," one that goes without-interruption directly from source to destination and provides blanket protection to "anything and everything" that is sent along it, the situation will be much stronger than any other.  Without it, any one of the applications can be "the weakest link."

A penetrator willl never attempt to hijack your system by breaking through the encryption directly, knowing that this isn't possible (unless their company name is NSA or MI6).  They'll look for holes and weaknesses in how you handled your data, or for residual files left behind by your methods, or exposure of your private keys.  They'll also learn a great deal from where the messages are going and coming.  But if the only thing that they can touch is a channel, where everything in the channel is encrypted, they're in a much more difficult situation.

An encrypted channel also brings other benefits:  message integrity, no "man in the middle," and so on.  All invisibly and at no charge to you.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation