0 Replies Latest reply on Oct 14, 2008 10:55 AM by ckryanco

    Best practices for encryption key management?

      Hello. I'm using the ColdFusion encrypt function to secure data in a database, but I want to keep the encryption key secure so any developers with access to the code won't be able to see the key and use it to decrypt information from the database.

      Does Adobe have a recommended procedure for handling this? In the past, I've used the cfencode.exe utility in the ColdFusion8/bin directory to encrypt a file containing the encryption key and then use cfinclude to read the key before doing an encryption/decryption. But I'm wondering if there is a better way of handling this, particularly with split keys so no one person knows the full key.