Ok, I've overcome my embarrassment. :-) Here is what I was trying...
<!--- Sample Values --->
<cfset lmsKey = 'abc123'>
<cfset acctId = "123">
<cfset userId = "123456">
<cfset time = "1379605500">
<cfset signatureString = "#acctId##userId##time#">
<cfset encryptSignature = Encrypt(signatureString,lmsKey,'SHA-256','Base64')>
The ColdFusion error I received is...
"The SHA-256 algorithm is not supported by the Security Provider you have chosen."
You need to use the function Hash instead of Encrypt -- encryption is de-cryptable whereas hash is not de-hashable (in theory) and SHA-256 is a hash algorithm.
Steve, Thanks! You are correct with your statement about using Hash vs Encrypt but it turns out Encrypt is what I needed because the partner doesn't actually decrypt, they just compare our hash to theirs, since we also send the acctId, userId & time in the URL. We both encrypt then they match, it's valid. And the Hash function doesn't let us add in a secret code whereas the Encrypt method does.
We're running CF9 so we needed to take the extra step that we found via this article from Ben Nadel to get us there. Crypto.cfc For Hmac-SHA1, Hmac-Sha256, and Hmac-MD5 Code Generation In ColdFusion. Evidently CF10+ introduced the hmac() function for generating secure, hashed message authentication codes (HMAC) which makes dealing with 3rd-Party APIs much easier.
So thanks all and I hope this helps others!
RE: We're running CF9...
An FYI on a completely different track, I'm not sure what type of applications you are hosting but CF9 end-of-life (standard life without premium fees for extended support) was 12/31/2014. You may want to create an upgrade plan -- especially if you host anything that requires security compliance (like credit cards).
As you are happy with the solution, please mark it as the correct answer. Thanks.
Thanks Steve! Yeah, I'm told we'll be bypassing CF10 and upgrading to CF11. Very Excite!