We help IT Professionals succeed at work.

ColdFusion Error : Using 'decrypt' |

rcbuchanan asked
Medium Priority
Last Modified: 2013-12-24
I'm getting this following CF error message when trying to decrypt a UID emailed to a registered user of my new web portal ... via an email URL:


An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
The error occurred in C:\Inetpub\wwwroot\process_activate_user.cfm: line 11
9 : <cfscript>
10 : theKey=generateSecretKey("BLOWFISH");
11 : decrypted=decrypt(url.uid, theKey, "BLOWFISH", "Hex");
12 : </cfscript>

I've compared value passed by the URL against the value I'll compare with the encrypted value stored in a MySQL table and they appear identical.

Any ideas?

I'm ENCRYPTING this string as follows:

<cfset useridzeros=#LSNumberFormat(url.session, "R0000000000")#>
<cfset userstring = #useridzeros# & #form.user_password#>

encrypted=encrypt(userstring, theKey, "BLOWFISH", "Hex");

<cfquery name="insertUser" datasource="fred"  username="fred" password="fred">
insert into users
(username, email, password, visitor_id, last_login, times_visited, register_success, encryption_key, account_locked_out, account_locked_out_date)  
values ('#form.user_username#', '#form.user_email#', '#form.user_password#', #url.session#, now(), 0, 'n','#encrypted#','n',null)

Watch Question

Not sure why.

However, I dont think what your doing is any better than just using a plain UUID.

What additional security do you think you are getting by encrpting this.

Normally you would just store the info in a db with a uuid perhaps

when they click the link with the uuid, you look up the info, the encryption adds no value.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Actually looking at your code, you do realise you need to decrypt with the same key you used to encrypt.

You cant just generate a new key.

You could perhaps generate a key once at app start and store in application scope.

or just use a fixed key

hard coded
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.