1 Reply Latest reply on Oct 5, 2006 10:41 AM by Newsgroup_User

    best practice for storing a secret ket from encrypt for decrypt

    Level 7
      im reading about encrypt / decrypt functions in cf

      i want to encrypt the data when written to the db

      if i dont use the standard encryption algorythem (CFMX_COMPAT) in favor
      of AES, it generates a secret key.

      thats fine when encrypting, but once i need to decrypt, where do i get
      the key?

      i have to store it somehow or hardcode it into the calling page.... what
      would be best practice for this?


      Thanks for any advice.
      Andrew
        • 1. Re: best practice for storing a secret ket from encrypt for decrypt
          Level 7
          There are two ways I have done this. I wrote a Windows program to access the
          encrypted data that was entered in on the web site and hard coded it into
          the compiled program and gave limited access to that PC. The software was
          also tied into the hardware of the computer so it would not run on any other
          system. I liked this way best.

          There was a time I have to get the encrypted data from a web page. I do not
          like this way. I have the person that was getting the encrypted data enter
          the key. This was not the public side of the web site.

          I do not like storing the key on the web server.

          I was not using CF's encryption I was using a third party.

          I have no idea what best practice would be this is just what I have done.


          "Andrew Davis" <andrew@theandrewunderground.com> wrote in message
          news:eg1apr$fqi$1@forums.macromedia.com...
          > im reading about encrypt / decrypt functions in cf
          >
          > i want to encrypt the data when written to the db
          >
          > if i dont use the standard encryption algorythem (CFMX_COMPAT) in favor of
          > AES, it generates a secret key.
          >
          > thats fine when encrypting, but once i need to decrypt, where do i get the
          > key?
          >
          > i have to store it somehow or hardcode it into the calling page.... what
          > would be best practice for this?
          >
          >
          > Thanks for any advice.
          > Andrew