Amazon CloudFront CFC

The Amazon CloudFront CFC is a simple CFC for generating signed URLs for private CloudFront distributions. It supports both canned and custom policies.

In addition, since standard Java cannot read PEM-encoded RSA keys, you may want the not-yet-commons-ssl package (which can read both PEM and DER format keys).  You can visit the website at, or download the JAR directly.  If you don't use not-yet-commons-ssl, you'll need to use OpenSSL (or equivalent) to convert the RSA key that Amazon generates from PEM format into DER format using a line such as this:

openssl pkcs8 -topk8 -in pk-KEYPAIRID.pem -nocrypt -outform DER -out pk-KEYPAIRID.der

If you can install not-yet-commons-ssl, that's generally preferable since it'll let you transparently read any key regardless of format.  But if you can't add custom JARs to your classpath (or just don't want to), converting to DER manually is the way to go.

The whole package (along with the S3 CFC) is available from Subversion at