ACF 2021 Update 14 Breaking Change With Encrypt and CFMX_COMPAT Algorithm

Adobe did it again, they introduced another breaking change with ACF 2021 update 14. If you’re using encrypt() and the default CFMX_COMPAT encryption algorithm, your code will likely cease working and you will get the following error message:

" An error occurred while trying to encrypt or decrypt your input string: ‘’ Can not decode string “[key]”

I should point out that you should probably never be using the CFMX_COMPAT algorithm in production, and I recommend using something stronger like AES, which I believe is the new default. However, if you’re like me, you probably used the default encryption algorithm in TestBox for sake of brevity like this:

myEncryptedValue = encrypt( "mymomssecretcookierecipe", "testbox" );

What happened?
Adobe changed the default algorithm

What if I stored CFMX_COMPAT data in my database? How can I update it?
Adobe has added a new JVM argument, which will allow you to revert the default encryption algoritm, back to CFMX_COMPAT. You could then create a script in your code to update each impacted record in the database with a more secure algorithm (e.g. AES) like this:

// get all impacted records
var result = queryExecute( "..." );

// loop through each row in the query and update
result.each( function( item, index ) {
   var decodedValue = decrypt( item.encryptedColumn, "oldKey" );
   var newEncodedValue = encrypt( decodedValue , "newAESCompatibleKey", "AES", "base64" );
   // update the database with the new value
   queryExecute( "..." );

} );

Will my old CFMX_COMPAT key work with AES?
Probably not. Here’s an easy way to create a new AES compatible key though:
writeDump( generateSecretKey( "AES" ) );

More information, workarounds, and full details can be found here:

Also Charlie Arehart released a blog post on this as well:

1 Like