Starting with Java 1.8.0_151 and 1.8.0_152 there is a new somewhat easier way to enable the unlimited strength jurisdiction policy for the JVM. Without enabling this you cannot use AES-256 for example.

First download the JRE, I like to use the server-jre for servers.

I've been researching a very interesting security topic for the past few weeks related to the Snowden NSA leaks and even related to ColdFusion. Thankfully Adobe's default settings avoid the weakness.

If you want to use very strong encryption in ColdFusion you may need to install the Unlimited Strength Jurisdiction Policy Files in the JVM running ColdFusion.

When I implemented the new trackback feature on my blog, I was aware that spammers like to use trackbacks, so I coded in a keyword blacklist. Roger Benningfield added a comment about track back autodiscovery and spamming that got me thinking.

After a long break in my series of the little enhancements in ColdFusion MX 7 (CFMX 7 Little Things), I am back today with another article, this time with the Hash function.

In versions of ColdFusion prior to 7, the Hash function used the MD5 algorithm to generate hash values.

Macromedia has just released a technote entitled: Strong Encryption in ColdFusion MX 7. It has lots of information useful to anyone planning to work with these features. In addition I noticed mention of two undocumented arguments in the Encrypt() and Decrypt() functions.

ColdFusion MX 7 adds strong encryption support to the Encrypt and Decrypt functions. In addition to the legacy algorithm used in Encrypt, and Decrypt - ColdFusion MX 7 now makes it incredibly easy to use AES, Blowfish, DES, and Triple DES encryption.

Many people don't realize that you can get a free certificate for digitally signing and encrypting email. Thawte is one company that offers a free email certificate service. Once you have the cert its fairly simple to sign or encrypt email.

We recently renewed our code signing certificate for signing java applets, this is the first year we have had to renew it, and the process is a bit different from when we generated it. When we first received the key we did it with a CSR, and the java keytool.

I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

Run mmc.