The good folks here at SQLServerCentral have uploaded the updated SQL Encryption Toolkit. To get the updated version, just click on any of the download links anywhere in the article. Installation instructions are in the README.TXT and INSTALL-NOTES.RTF files.
Thanks Steve, Andy and Brian!
Here are the update notes:
I've updated the files to fix the padding issue and added a couple more features:
Padding: All modern encryption algorithms operate on data in blocks of 8 or 16 bytes. Blowfish encrypts in blocks of 8 bytes. In order for Blowfish to operate on plain text that is not a multiple of 8 bytes in length, the plain text has to be padded. One FIPS approved method of padding is to right-pad with ASCII character 0 when encrypting, and strip off trailing ASCII character 0's when decrypting. I have modified xp_blowfishencrypt and xp_blowfishdecrypt to perform to this standard. Note that your encrypted data will be slightly larger if it must be right-padded with ASCII character 0's to the nearest 8 bytes.
Embedded Zero in Key: There was an issue that affected blowfish encryption keys with an ASCII character zero embedded in them ('\0' for you C/C++ programmers). This issue has been resolved with this update. Thanks to Ed Klichinsky for locating and diagnosing this issue.
XP_ADD.SQL: A typo in the XP_ADD.SQL script that gave the udf_blowfishencrypt function the wrong name (it was incorrectly named fn_blowfishencrypt) was fixed.
Unnecessary Directory: The unnecessary \DLLs directory was removed (it contained some intermediate compilations; all final compilations are in the \Install directory).
Support DLLs: The two support DLLs that Microsoft recommends be redistributed were added in a directory called \Redist. These two files are OPENDS60.DLL and MSVCR71.DLL. These files may be required on some Windows 2003 installations. Directions for using these two files are located in the file INSTALL-NOTES.RTF. Directions for modifying your ADD_XP.SQL script, if necessary, are also included in this file. Special thanks to Chris Cathers for his help in troubleshooting this!
This fix is primarily to fix these issues, but I've also added a couple of items:
DROP_XP.SQL: I've added a DROP_XP.SQL script to drop the extended stored procedures and UDF’s installed by ADD_XP.SQL. This is useful if you want to uninstall (maybe for a clean reinstall?)
Advanced Encryption Standard (AES)/Rijndael: I've added AES encryption via the xp_aesencrypt and xp_aesdecrypt functions. Here's an overview:
Padding: These functions have another form of FIPS-approved padding built in (namely they are right-padded with ASCII character 0, with the very last character containing the count of padding characters). This allows you to encrypt strings/data that ends with ASCII 0 characters. Note that this FIPS padding method expands 15-byte plain text to 16-bytes of encrypted text, and 16-byte plain text is padded to 32 bytes of encrypted text. I.e., if your plain text is a multiple of 16 bytes, 16 bytes of padding will be added.
Encryption Blocks: AES/Rijndael encrypts 16-byte blocks of data, as opposed to Blowfish which encrypts 8 byte blocks.
Keys: AES uses 128, 192 or 256-bit keys (16, 24 or 32 bytes). Examples of key usage are given in the sample SQL scripts.
UDFs: udf_aesencrypt and udf_aesdecrypt are included to wrap the xp’s in user-defined functions.
Scripts: Additional test scripts showing how to use AES encryption are included.
Encoding: The AES encryption functions provided do *not* use Base64 encoding, so no base64 conversions are necessary. They have been tested on CHAR, VARCHAR, BINARY and VARBINARY data.
I'd also be interested to know which padding method you find most useful, and whether you prefer your encrypted text be Base64 encoded or if you prefer standard 8-bit binary encoding.