Saturday, February 28, 2009

Using MD5 digital signature under coldfusion

Using Hash
Description
Converts a variable-length string to a fixed-length string that can act as a "fingerprint" or unique identifier for the original string. It is not possible to convert the hash result back to the source string.
Returns
A string.
Function syntaxHash(string[, algorithm[, encoding]] )
History
ColdFusion MX 7: Added the algorithm and encoding parameters.
Function syntax

Hash(string[, algorithm[, encoding]] )

Parameters




taking from adobe.com










Parameter



Description



string



String
to hash.



algorithm



(Optional)
The algorithm to use to hash the string. ColdFusion
MX installs a cryptography library with the following algorithms:


·
CFMX_COMPAT:
Generates a hash string identical to that generated by ColdFusion
MX and ColdFusion MX 6.1 (default).


·
MD5:
(Default) Generates a 32-character, hexadecimal string, using the MD5
algorithm (The algorithm used in ColdFusion MX and
prior releases).


·
SHA:
Generates a 28-character string using the Secure Hash Standard SHA-1
algorithm specified by Nation Institute of Standards and Technology (NIST)
FIPS-180-2.


·
SHA-256:
Generates a 44-character string using the SHA-256 algorithm specified by
FIPS-180-2.


·
SHA-384:
Generates a 64-character string using the SHA-384 algorithm specified by
FIPS-180-2.


·
SHA-512:
Generates an 88-character string using the SHA-1 algorithm specified by
FIPS-180-2.


If you
install a security provider with additional cryptography algorithms, you can
also specify any of its hashing algorithms.



encoding



(Optional;
to use this attribute you must also specify the algorithm parameter) A
string specifying the encoding to use when converting the string to byte data
used by the hash algorithm. Must be a character encoding name recognized by
the Java runtime. The default value is the value specified by the defaultCharset entry in the neo-runtime.xml
file, which is normally UTF-8. Ignored when using the CFMX_COMPAT algorithm.




Usage

The result of this function is useful for comparison and
validation. For example, you can store the hash of a password in a database
without exposing the password. You can check the validity of the password by
hashing the entered password and comparing the result with the hashed password
in the database.
ColdFusion MX 7 uses the Java Cryptography Extension (JCE) and installs a Sun Java 1.4.2 runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Macromedia cannot provide technical support for third-party security providers.


The encoding attrbute is normally not required. It provides a mechanism
for generating identical hash values on systems with different default encodings.
ColdFusion uses a default encoding of UTF-8 unless
you modify the defaultCharset entry in the neo-runtime.xml file.

Example

Hash("This is a string to hash", "MD5") - 32 characters

Hash("This is a string to hash", "SHA") - 40 characters
Hash("This is a string to hash", "SHA-256") - 64
charactersHash("This is a string to hash", "SHA-384") - 96 characters
Hash("This is a string to hash", "SHA-512") - 128 characters















User ID



Password



blaw



blaw



dknob



dknob