EncryptBinary

Last update:

May 18, 2026

Description

Encrypts binary data using a specific algorithm and encoding method.

Returns

Binary data.

Function syntax

EncryptBinary(binaryData, key, algorithm, IV_Salt, iterations)

History

ColdFusion (2025 release): Removed CFMX_COMPAT algorithm support. The default algorithm 'CFMX_COMPAT' has been changed to 'AES/CBC/PKCS5Padding'.
ColdFusion (2023 release) Update 8 and ColdFusion (2021 release) Update 14: Changed the default algorithm from CFMX_COMPAT to AES/CBC/PKCS5Padding.
ColdFusion (2021 release): Added support for authentication encryption.
ColdFusion 8: Added support for encryption using the RSA BSafe Crypto-J library on Enterprise Edition.
ColdFusion MX 7.01: Added this function.

Parameters

Parameter	Description
bytes	Binary data to encrypt.
key	String. Key or seed used to encrypt the string. For the CFMX_COMPAT algorithm, any combination of any number of characters; used as a seed used to generate a 32-bit encryption key. For all other algorithms, a key in the format used by the algorithm. For these algorithms, use the GenerateSecretKey function to generate the key.
algorithm	(Optional) The algorithm to use to decrypt the string.The Enterprise Edition of ColdFusion installs the RSA BSafe Crypto-J library, which provides FIPS-140 Compliant Strong Cryptography. For a list of algorithms, see the Encrypt function.The Standard Edition of ColdFusion installs a cryptography library with the following algorithms: CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This is no longer the default algorithm. AES: the Advanced Encryption Standard specified by the National Institute of Standards and Technology (NIST) FIPS-197. BLOWFISH: the Blowfish algorithm defined by Bruce Schneier. DES: the Data Encryption Standard algorithm defined by NIST FIPS-46-3. DESEDE: the "Triple DES" algorithm defined by NIST FIPS-46-3. GCM: Galois/Counter Mode (GCM) encryption algorithm. NoPadding: NOPADDING AES 128 bit Encryption algorithm.If you install a security provider with additional cryptography algorithms, you can also specify any of its string encryption and decryption algorithms. AES/CBC/PKCS5Padding: Encryption algorithm.
IVorSalt	(Optional) Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify the algorithm parameter. For Block Encryption algorithms: This is the binary Initialization Vector value to use with the algorithm. The algorithm must contain a Feedback Mode other than ECB. This must be a binary value that is exactly the same size as the algorithm block size. Use the same value in the Decrypt function to successfully decrypt the data. For Password Based Encryption algorithms: This is the binary Salt value to transform the password into a key. The same value must be used to decrypt the data.
iterations	(Optional) The number of iterations to transform the password into a binary key. Specify this parameter to adjust ColdFusion encryption to match the details of other encryption software. If you specify this parameter, also specify the algorithm parameter with a Password Based Encryption (PBE) algorithm. Do not specify this parameter for Block Encryption algorithms. Use the same value to encrypt and decrypt the data.

Usage

This function uses a symmetric key-based algorithm, in which the same key is used to encrypt and decrypt binary data. The security of the encrypted data depends on maintaining the secrecy of the key. For all algorithms except the default algorithm, ColdFusion uses the Java Cryptography Extension (JCE) and installs a Sun Java runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Adobe cannot provide technical support for third-party security providers.The default algorithm, which is the same as was used in ColdFusion 5 and ColdFusion MX, uses an XOR-based algorithm that uses a pseudo-random 32-bit key, based on a seed passed by the user as a function parameter. This algorithm is less secure than the other available algorithms.

Example

The following example encrypts and decrypts binary data. It encrypts the binary data contained in a file and then decrypts the encrypted file. It lets you specify the encryption algorithm and encoding technique. It also has a field for a key seed to use with the CFMX_COMPAT algorithm. For all other algorithms, it generates a secret key.

<h3>EncryptBinary Example</h3>

 <!--- Do the following if the form has been submitted. --->

 <cfif IsDefined("Form.myfile")>

 <cffile file="#Form.myfile#" action="readBinary" variable="myData">

 <cfscript>

 /* GenerateSecretKey does not generate key for the CFMX_COMPAT algorithm,

 so use the key from the form.

 */

 if (Form.myAlgorithm EQ "CFMX_COMPAT")

 theKey=Form.MyKey;

 // For all other encryption techniques, generate a secret key.

 else

 theKey=generateSecretKey(Form.myAlgorithm);

 //Encrypt the string

 encrypted=encryptBinary(myData, theKey, Form.myAlgorithm);

 //Decrypt it

 decrypted=decryptBinary(encrypted, theKey, Form.myAlgorithm);

 </cfscript>

 <cfset encfile="#Form.myfile#" & "_enc">

 <cfset decfile="#Form.myfile#" & "_dec">

 <cffile file="#encfile#" action="write" output="#encrypted#">

 <cffile file="#decfile#" action="write" output="#decrypted#">

 <!--- Display the values used for encryption and decryption,

 and the results. --->

 <cfoutput>

 <b>The algorithm:</b> #Form.myAlgorithm#<br>

 <b>The key:</B> #theKey#<br>

 <br>

 <b>The InputFile:</b> #Form.myfile# <br>

 <br>

 <b>Encrypted:</b> #encfile#<br>

 <br>

 <b>Decrypted:</b> #decfile#<br>

 </cfoutput>

 </cfif>

 <!--- The input form. --->

 <form action="#CGI.SCRIPT_NAME#" method="post">

 <b>Select the algorithm</b><br>

 <select size="1" name="myAlgorithm">

 <option selected>CFMX_COMPAT</option>

 <option>AES</option>

 <option>DES</option>

 <option>DESEDE</option>

 </select><br>

 <br>

 <b>Input your key</b> (used for CFMX_COMPAT encryption only)<br>

 <input type = "Text" name = "myKey" value = "MyKey"><br>

 <br>

 <b>Enter filename to encrypt</b><br>

 <input type="text" name="myfile" value="Enter the path of the file to encrypt"><br>

 <input type = "Submit" value = "Encrypt file ">

 </form>

EXAMPLE 2

<cfscript>  

    // binary data  

    b = ToBinary("abcd")  

    // generate the key  

    key = GenerateSecretKey("AES")  

    iterations="AssoicatedData"  

    randomIntegers = [];  

    // generate the SALT value  

    for ( i = 1 ; i <= 12 ; i++ ) {  

        arrayAppend( randomIntegers, randRange( -128, 127, "SHA1PRNG" ) );  

    }  

    initializationVector = javaCast( "byte[]", randomIntegers )  

    // encrypt srring  

    enc1 = EncryptBinary(binaryData=b,   

                   key=key,   

                   algorithm="AES/GCM/NoPadding",  

                   IV_Salt=initializationVector,   

                   iterations=iterations)  

    writeDump(enc1)  

</cfscript>

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!