Wrox Programmer Forums
Go Back   Wrox Programmer Forums > SQL Server > SQL Server 2005 > SQL Server 2005
| Search | Today's Posts | Mark Forums Read
SQL Server 2005 General discussion of SQL Server *2005* version only.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server 2005 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old September 4th, 2006, 02:57 PM
Registered User
 
Join Date: May 2006
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQL Server 2005 Encryption and Decryption

Hi,

As the title says, I am looking for help for password encryption and decryption using SQL Server 2005.. I found some functions such as pwdencrypt(), pwdcompare() (both doesnt work), and now I am trying out the Asymmetric Key method.. But I am encountering some problems here.. Btw, I am hardcoding the username and password into the database..

Here is my table:-
Code:
CREATE TABLE UserLogin
(
  Username varchar(25),
  Password varchar(25)
)
Insertion:-
Code:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'p@ssw0rd';

CREATE ASYMMETRIC KEY Asym_Password
WITH ALGORITHM = RSA_512;

DECLARE @encryptedstuff VARCHAR(25);
SELECT @encryptedstuff = EncryptByAsymKey(AsymKey_ID('Asym_Password'), N'password');

INSERT INTO UserLogin
    (Username, Password)
VALUES ('admin', @encryptedstuff);
I think there should be no problem so far... I think the problem is when I try to compare the username and password..

My Query to retrieve user with correct password:-
Code:
SELECT Username 
FROM UserLogin 
WHERE CAST(DecryptByAsymKey(AsymKey_ID('Asym_Looney_Tunes'), Password) as VARCHAR) = 'password' 
AND Username = 'admin';
I might have done something wrong here because it doesnt seem to return the username at all.. Any help will be appreciated a lot!! Thanks in advance!!
  #2 (permalink)  
Old September 7th, 2006, 04:30 PM
Friend of Wrox
 
Join Date: Dec 2005
Location: , AZ, .
Posts: 146
Thanks: 0
Thanked 1 Time in 1 Post
Default

Several problems:
1) Your key names did not match
EncryptByAsymKey(AsymKey_ID('Asym_Password')
DecryptByAsymKey(AsymKey_ID('Asym_Looney_Tunes')

2) Your input and output datatypes don't match up
You are inputing nvarchar (N'password') and trying to get out varchar (CAST(... as VARCHAR))

3) You are truncating the encrypted text and storing it in a less preferrable data type.
try varbinary(8000) since this is what all of the encrypt by functions return
Do a SELECT EncryptByAsymKey(AsymKey_ID('Asym_Password'), 'password'); and see how long the output is (in this case it is 128 bytes long)

Like this:

use master
go
drop database testdb2
go
create database testdb2
go
use testdb2
CREATE TABLE UserLogin
(
  Username varchar(25),
  Password varbinary(8000)
)

CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'p@ssw0rd';

CREATE ASYMMETRIC KEY Asym_Password
WITH ALGORITHM = RSA_512;

DECLARE @encryptedstuff varbinary(8000);
SELECT @encryptedstuff = EncryptByAsymKey(AsymKey_ID('Asym_Password'), 'password');

INSERT INTO UserLogin
    (Username, Password)
VALUES ('admin', @encryptedstuff);

SELECT Username , Password
,DecryptByAsymKey(AsymKey_ID('Asym_Password'), Password)
,CAST(DecryptByAsymKey(AsymKey_ID('Asym_Password') , Password) as VARCHAR)
FROM UserLogin
WHERE CAST(DecryptByAsymKey(AsymKey_ID('Asym_Password'), Password) as VARCHAR) = 'password'
AND Username = 'admin';



David Lundell
Principal Consultant and Trainer
www.mutuallybeneficial.com
  #3 (permalink)  
Old September 24th, 2006, 08:33 PM
Friend of Wrox
 
Join Date: Dec 2004
Location: Chennai, Tamil nadu, India.
Posts: 307
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Vadivel Send a message via Yahoo to Vadivel
Default

May be you want to check my blog post on this topic >> http://vadivel.blogspot.com/2005/08/...ql-server.html

MVP SQL Server
http://vadivel.blogspot.com


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encryption and Decryption kvanchi General .NET 1 February 2nd, 2005 02:04 PM
Encryption and Decryption kvanchi General .NET 2 January 24th, 2005 02:52 PM
Encryption/Decryption using IUSR msrnivas General .NET 0 January 12th, 2005 12:35 AM
SHA1 Encryption/Decryption help kakko72 VS.NET 2002/2003 7 November 15th, 2004 07:20 PM
SHA1 Encryption/Decryption help kakko72 General .NET 2 April 16th, 2004 03:12 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.