Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to encrypt and decrypt highly sensitive information in SQL Server database with ASP Classic?

Tags:

sql-server

encryption

asp-classic

I have been checking various questions on stackoverflow and of course google, but I can't really find any specific solution to this question:

How do I create a function in ASP Classic to encrypt and decrypt highly sensitive information in a SQL Server database? Like fx. a social security number or anything similar?

(Or is it possible to do in my SQL string?)

And yeah, I do know how to create a function with ASP ;)

And no, I just cant hash the information with SHA or MD5, because they only work one way. I need it to work both ways!

The more security, the merrier! :)

EDIT:
Afterwards I found this:

https://web.archive.org/web/20210728063606/https://www.4guysfromrolla.com/webtech/010100-1.shtml

But I don't really know if this are secure enough and will do? Of which I can see, it's going both ways?

like image 308
MicBehrens Avatar asked Nov 18 '11 16:11

MicBehrens

2 Answers

It may well be beneficial to allow SQL Server to handle the encryption/decryption using Keys/Certificates. This way, you don't have to roll your own with ASP and the management of this system is kept where the data itself resides. There is also the benefit of not having to update this process should you decide to move to another platform.

It is a simple process to create the Keys on the server and use of them after this point is also simple, for example;

Encrypt;

OPEN SYMMETRIC KEY mykey DECRYPTION BY CERTIFICATE [mycert]
UPDATE table SET number = EncryptByKey(Key_GUID('mykey'), @number)

Decrypt;

 OPEN SYMMETRIC KEY mykey DECRYPTION BY CERTIFICATE [mycert]
 SELECT CONVERT(varchar, DecryptByKey(number)) AS number FROM TABLE

A good overview of this can be found here Introduction to SQL Server Encryption

like image 117
ChrisBint Avatar answered Oct 25 '22 21:10

ChrisBint

You can use the Rinjdael cipher successfully in VBScript with this library. The key functions are EncryptData() and DecryptData().

It seems secure enough for me. Obviously you will want to keep your key pretty secret. An application variable in the global.asa might be a good place to store this (as that's usually where connection strings and such are found).

like image 22
MikeMurko Avatar answered Oct 25 '22 23:10

MikeMurko
Sign in to Comment

Related questions

How to track changes in many SQL Server databases from .NET application?
Lock Question - 'U' lock vs. 'X' lock
Finding the SQL output of a parameterized query
Token-based server access validation failed with an infrastructure error
UPDATE statement uses EXEC to execute a stored procedure to SET a column value
How to Sort in .NET Same as a SQL Server Collation?
How to change Instance name in SQL Server
SQL recursive query
SQL Server vs MySQL: CONTAINS(*,'FORMSOF(THESAURUS,word)')
T-SQL query to get Index fragmentation information
can i cleanup buffer for some specified database instead of the entire sql server
Two separate instances of SQL Server running a different explain plan
Get SQL Server to use index seek + key lookup instead of clustered index scan, without WITH (FORCESEEK)
convert a flat database resultset into hierarchical object collection in C#
Dealing with UTC, TimeZone and making GROUP BY on that with LocalTime
SQL Server best method to match word phrases and order relevence
Advanced Gantt Chart for SSRS2008
Is there anything like Parallel CURSOR?
SQL Server varbinary(max) to Image data type
what's the Risk of "Ad Hoc Distributed Queries"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!