Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Encryption and decryption Expand / Collapse
Author
Message
Posted Monday, November 10, 2008 8:38 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, November 11, 2008 5:05 AM
Points: 2, Visits: 3
How to encrypt and decrypt using asp.net and i have to insert the encrypted values into sql server and decrypt while reading from the sql
Post #599916
Posted Monday, November 10, 2008 10:28 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Saturday, June 06, 2009 11:47 PM
Points: 48, Visits: 52
More information about what you are trying to encrypt would have been helpful. But in a nutshell you have three ways to protect your data at rest:

1 - Encrypt using .NET using a Hash algorythm
2 - Encrypt using .NET using a public/private key pair

Note that SQL Server 2008 gives you the ability to encrypt data on disk in a way that is transparent to your code. But since this is a SQL 2005 thread I will not address this further.

Regardless of the option above you would be using the System.Security.Cryptography namespace.

For option 1 you would create a hash of the data to encrypt and store the hash instead of the sensitive data. Note that hashing cannot provide you with the original data - you can only compare hashes. This works well for password storage. So if you need to validate that a password is correct simply hash it and compare with the hash in the database. Typically you also use what's called a vector to secure your hash againt dictionary attacks. SHA1 is an example of a hashing mechanism.

For option 2 you would use an encryption algorythm which uses a secret key. If the secret key is compromised, the encrypted data is also compromised. However this allows you to decrypt data. This can be useful for storing credit card or SSN values. An example of an encryption algorythm would be AES.

Here is a good thread with some sample code: http://stackoverflow.com/questions/212510/c-what-is-the-easiest-way-to-encrypt-a-password-when-i-save-it-to-the-registry

Hope this helps.




Herve Roggero
hroggero@pynlogic.com
MCDBA, MCSE, MCSD
SQL Server Database Proxy/Firewall and Auditing
Post #600022
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse