Adobe did it again, they introduced another breaking change with ACF 2021 update 14. If you’re using encrypt() and the default CFMX_COMPAT encryption algorithm, your code will likely cease working and you will get the following error message:
" An error occurred while trying to encrypt or decrypt your input string: ‘’ Can not decode string “[key]”
I should point out that you should probably never be using the CFMX_COMPAT algorithm in production, and I recommend using something stronger like AES, which I believe is the new default. However, if you’re like me, you probably used the default encryption algorithm in TestBox for sake of brevity like this:
myEncryptedValue = encrypt( "mymomssecretcookierecipe", "testbox" );
What happened?
Adobe changed the default algorithm
What if I stored CFMX_COMPAT data in my database? How can I update it?
Adobe has added a new JVM argument, which will allow you to revert the default encryption algoritm, back to CFMX_COMPAT. You could then create a script in your code to update each impacted record in the database with a more secure algorithm (e.g. AES) like this:
// get all impacted records
var result = queryExecute( "..." );
// loop through each row in the query and update
result.each( function( item, index ) {
var decodedValue = decrypt( item.encryptedColumn, "oldKey" );
var newEncodedValue = encrypt( decodedValue , "newAESCompatibleKey", "AES", "base64" );
// update the database with the new value
queryExecute( "..." );
} );
Will my old CFMX_COMPAT key work with AES?
Probably not. Here’s an easy way to create a new AES compatible key though:
writeDump( generateSecretKey( "AES" ) );
More information, workarounds, and full details can be found here:
https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-14.html
Also Charlie Arehart released a blog post on this as well: