How can I encrypt a string with RSA using a given public key - using ColdFusion 7?

I will receive from a 3rd Party website a public key (exponent and modulus) and I need to encrypt a string with the given key to send the data encrypted.

The Production environment is ColdFusion 7.

I need to use RSA

I'm having some trouble to do this, I donĀ“t know how to encrypt using the key.
Any suggestions of a reliable 3rd party custom tag or alternative?

Note: The 3rd party site has provided the following documentation but it is for PHP.


This sample requires the use of phpseclib
Ensure that prior to encoding with the RSA algorithm your string is encoded as Unicode (UTF-16 Little Endian).

01 require_once('Crypt/RSA.php');
03      function EncryptMyQueryString($accountLoginType, $userName, $password) {
04          return RSAEncrypt($accountLoginType . "|" . $userName . "|" . $password);
05      }
06      function RSAEncrypt($dataToEncrypt) {
07          $publicKey = '<RSAKeyValue>
08                            <Modulus>uno9DsYcaZ1yAqY20nIM+YjYjjFsGx0DYm7lBGxbmVLLZTYc9MaI0Br+
09                            8ElcuZVVNRmGeVBlkcHT3JpMDf/fiWSho6o0pRhQZmnG4RZtCWnGjFTV+
10                            QWBYcuTGoQFKOtsrGqG16XwL2hPxqYW/7nzBVgAGe6myG3hMou8P4DSpjk=</Modulus>
11                            <Exponent>AQAB</Exponent>
12                            </RSAKeyValue>';
13             $xml = new DOMDocument();
14             $xml->loadXML($publickey);
16             $modulus = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Modulus')->item(0)->nodeValue), 256);
17             $exponent = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Exponent')->item(0)->nodeValue), 256);
18             $key = array('modulus' => $modulus, 'publicExponent' => $exponent);
20             $rsa = new Crypt_RSA();
22             $rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);
23             $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
25             $plainbytes = mb_convert_encoding($dataToEncrypt,"UTF-16LE", "auto");
26             $res = $rsa->encrypt($plainbytes);
28             return  base64_encode ( $res );
29      }
31      echo EncryptMyQueryString('loginTypeName', 'userName', 'p@s$w0rd1@');
Who is Participating?
SidFishesConnect With a Mentor Commented:
CF7 didn't support RSA and later versions only support it in the Enterprise edition ($$$) so you're probably out of luck.

You might look at this which supports CF8+ but more importantly, Railo, which could replace your old version of CF and do RSA. I'm not vouching for implementation (and implementation in encryption is probably more important than algorithms) but it's worth a look.
True, though in theory it should be possible by installing the right java library. As long as its compatible with java 1.4. I haven't done it, but the github project mentions this article which says:

"In addition to the algorithms supplied with ColdFusion, you can install 3rd-party Java Security Providers to use additional algorithms"

I assume they mean makes additional algorithms available to the encrypt/decrypt() functions.  If that doesn't work, you could do it yourself w/createObject using either the BSAFE or BouncyCastle libraries:

more importantly, Railo, which could replace your old version of CF

Yeah, if possible, I'd recommend looking into Railo. CF7 is a bit long in the tooth and no longer supported.
ya, I just am not a fan of messing with too much 3rd party encryption addon-y bits, especially if you don't really know what you're doing...that implementation thing...

but certainly those are options to look at. Railo is still the better option as there are very likely security issues with CF7 that are no longer being fixed.

on the other hand, we found out last week that it's all a pointless anyways right ;P
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Well I'm no expert, but I'm less hesitant about using java libs since that's ultimately what CF functions are doing anyway.   (Edit: I don't mean it to sound like I  take it lightly. But most of these algorithms and libraries are established well documented. So there's a greater range of resources available when it comes to questions, than there are for questions on CF's encrypt/decrypt functions.)   Agreed the bigger problem is people using any encryption without understanding what they're doing (...or not doing).  It's very easy to get encryption wrong, or do things insecurely, no matter what tool you're using.

> Railo is still the better option

100% agreed on that.  I'm just throwing out options if they absolutely can't switch.

> we found out last week that it's all a pointless anyways right ;P

I've been living under a rock for the past week.  What did I miss?
peter1967Author Commented:
Thanks to all who have posted. It looks I have quite a bit of research to do and will need to see what the client is willing to pursue. Not sure how to reward points
Living under a rock? More like living under a rock 3 miles's been everywhere :0

(of course still doesn't mean we shouldn't be -trying- to keep things secure...)
Lol, ohh ... *that* pointless.  Yeah, I'd read about that.  

(Phew.. I'm not so out of touch I don't know the year ... it's 1984 ;-)
peter1967Author Commented:
Getting the go ahead for the upgrade and or migration over to Railo  :-)
Good choice!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.