Encryption and decryption

  • How to encrypt and decrypt using asp.net and i have to insert the encrypted values into sql server and decrypt while reading from the sql

  • More information about what you are trying to encrypt would have been helpful. But in a nutshell you have three ways to protect your data at rest:

    1 - Encrypt using .NET using a Hash algorythm

    2 - Encrypt using .NET using a public/private key pair

    Note that SQL Server 2008 gives you the ability to encrypt data on disk in a way that is transparent to your code. But since this is a SQL 2005 thread I will not address this further.

    Regardless of the option above you would be using the System.Security.Cryptography namespace.

    For option 1 you would create a hash of the data to encrypt and store the hash instead of the sensitive data. Note that hashing cannot provide you with the original data - you can only compare hashes. This works well for password storage. So if you need to validate that a password is correct simply hash it and compare with the hash in the database. Typically you also use what's called a vector to secure your hash againt dictionary attacks. SHA1 is an example of a hashing mechanism.

    For option 2 you would use an encryption algorythm which uses a secret key. If the secret key is compromised, the encrypted data is also compromised. However this allows you to decrypt data. This can be useful for storing credit card or SSN values. An example of an encryption algorythm would be AES.

    Here is a good thread with some sample code: http://stackoverflow.com/questions/212510/c-what-is-the-easiest-way-to-encrypt-a-password-when-i-save-it-to-the-registry

    Hope this helps.

    Herve Roggero
    hroggero@pynlogic.com
    MCDBA, MCSE, MCSD
    SQL Server Database Proxy/Firewall and Auditing

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply