Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

Encrypting and Decrypting Data to and from a Database

25 Apr 2008 1  
Automatically decrypt data when retrieving it from a database.

This article is in the Product Showcase section for our sponsors at CodeProject. These articles are intended to provide you with information on products and services that we consider useful and of value to developers.

Introduction

You can easily encrypt data before storing it in a database and automatically decrypt it when retrieving, allowing it to be viewed in plain text when needed. This is particularly useful when storing passwords in the database, where for security reasons, that data should not be readable from the back-end database.

In this scenario, we build upon two earlier articles. The first is by Anh Trinh, published on January 4, 2007: Encrypting Passwords Before Saving to the Database. The second is by Jim Murphy, posted in the Iron Speed Designer Technical Forum on November 25, 2003: Password Database Encryption.

Both methods have specific uses. Mr. Trinh's article deals with encryption using a simple hash function, but has no method of reversing the function to view the password. This might be desirable in some instances, such as when the data has no requirement for future viewing. Mr. Murphy's article is more practical for data viewing.

This article blends the two techniques and provides a simple explanation for those of us new to Iron Speed Designer and Visual Basic .NET.

In our scenario, we look at how to encrypt a password before saving it to the database and provide a method of decrypting it for viewing or editing by authorized personnel. The example here could be extended for other fields in the database that require encryption.

The database structure for the password table can be created using the following SQL script, or by creating your own:

CREATE TABLE [dbo].[passwd] (
    [id] [int] IDENTITY (1, 1) NOT NULL ,
    [UserId] [text] COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
    [Password] [text] COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
    [Application] [text] COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
    [Comment] [char] (10) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
    [RoleID] [char] (10) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
    [LastChange] [nvarchar] (150) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

GO

Procedure

  • Step 1: Create an Iron Speed Designer application based on the above password table.
  • Step 2: Using Mr. Murphy's article as a guide, download and build the Kryptonite DLL from here in Visual Studio .NET 2003 as a separate project.
  • Step 3: Copy the new DLL to your application's bin folder. 
    ...\<App Folder>\Bin
  • Step 4: Open the Iron Speed Designer encryption project in Visual Studio .NET 2003. Add a reference to the Kryptonite DLL just created in Step 1. Add a reference to .NET -> System.Security. Save the project, but do not build it!
  • Step 5: Reopen the encryption project in Iron Speed Designer. Add the following to the bottom of Public Class passwdRecordControl, located in:

    .NET Framework 1.1:

    ...\<App Folder>\Shared\AddPasswordPage.Conrtols.vb

    .NET Framework 2.0 / 3.0:

    ...\<App Folder>\App_Code\Shared\AddPasswordPage.Conrtols.vb

    Visual Basic .NET:

    Public Overrides Sub GetUIData()
    ' Set the over ride
    MyBase.GetUIData()
    Dim oKryptonite As New Kryptonite.SymmCrypto
    (Kryptonite.SymmCrypto.Providers.TripleDES) 
    ‘ Declare the Encryption DLL
    Dim record As passwdRecord = Me.GetRecord
    Dim password As String = record.Password
    record.Password = oKryptonite.Encrypt(password)
End Sub
  • Step 6: Add the following code to the bottom of Public Class passwdRecordControl, located in:

    .NET Framework 1.1:

    ...\<App Folder>\Shared\EditPasswordPage.Controls.vb

    .NET Framework 2.0 / 3.0:

    ...\<App Folder>\App_Code\Shared\EditPasswordPage.Controls.vb

    This code retrieves the password from the database, decrypts it, and saves it back to the database in an encrypted form when edited.

    Visual Basic .NET:

    Public Overrides Sub GetUIData()
    MyBase.GetUIData()
    Dim oKryptonite As New _
        Kryptonite.SymmCrypto(Kryptonite.SymmCrypto.Providers.TripleDES)
    Dim record As passwdRecord = Me.GetRecord
    Dim password As String = record.Password
    record.Password = oKryptonite.Encrypt(password)
End Sub
 
Public Overrides Sub LoadData()
    ' Copy of the LoadData() with the Decryption added
    ' to reveal the current text password
 
        If Not Me.RecordUniqueId Is Nothing AndAlso _
               Me.RecordUniqueId.Trim <> "" Then
            Me.DataSource = PasswdTable.GetRecord(Me.RecordUniqueId, True)
            Return
        End If
 
        Dim wc As WhereClause = Me.CreateWhereClause()
        If wc Is Nothing Then
            Me.DataSource = New PasswdRecord()
            Return
        End If
 
        ' Retrieve the record from the database.
        Dim recList() As PasswdRecord = PasswdTable.GetRecords(wc, Nothing, 0, 2)
        If recList.Length = 0 Then
            Throw New Exception(Page.GetResourceValue(
                "Err:NoRecRetrieved", "mvhpass"))
        End If
 
        Me.DataSource = PasswdTable.GetRecord(recList(0).GetID.ToXmlString(), True)
 
    End Sub
 
    ' Populate the UI controls using the DataSource.
    ' To customize, override this method in passwdRecordControl.
    Public Overrides Sub DataBind()
 
        MyBase.DataBind()
 
        ' Make sure that the DataSource is initialized.
        If Me.DataSource Is Nothing Then
            Return
        End If
 
        ' For each field, check to see if a value
        ' is specified. If a value is specified,
        ' then format the value for display.
        ' If no value is specified, use the default value
        (formatted).
        ' Copied and added here to override the password field
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.Application0Specified Then
 
            Dim formattedValue As String = _
                Me.DataSource.Format(PasswdTable.Application0)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.Application1.Text = formattedValue
        Else
 
            Me.Application1.Text = PasswdTable.Application0.Format
            (PasswdTable.Application0.DefaultValue)
        End If
 
        If Me.Application1.Text Is Nothing _
            OrElse Me.Application1.Text.Trim() = "" Then
            Me.Application1.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.CommentSpecified Then
 
            Dim formattedValue As String = 
                Me.DataSource.Format(PasswdTable.Comment)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.Comment.Text = formattedValue
        Else
 
            Me.Comment.Text = PasswdTable.Comment.Format
            (PasswdTable.Comment.DefaultValue)
        End If
 
        If Me.Comment.Text Is Nothing _
            OrElse Me.Comment.Text.Trim() = "" Then
            Me.Comment.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.LastChangeSpecified Then
 
            Dim formattedValue As String = Me.DataSource.Format(
                PasswdTable.LastChange)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.LastChange.Text = formattedValue
        Else
 
            Me.LastChange.Text = PasswdTable.LastChange.Format
            (PasswdTable.LastChange.DefaultValue)
        End If
 
        If Me.LastChange.Text Is Nothing _
            OrElse Me.LastChange.Text.Trim() = "" Then
            Me.LastChange.Text = ""
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.PasswordSpecified Then
 
            Dim formattedValue As String = 
                Me.DataSource.Format(PasswdTable.Password)
            'add decryption code here to change the formatted value
            Dim oKryptonite As New
            Kryptonite.SymmCrypto(Kryptonite.SymmCrypto.Providers.TripleDES)
            formattedValue= oKryptonite.Decrypt(formattedValue)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
 
 
            'end additions
            Me.Password.Text = formattedValue
        Else
 
            Me.Password.Text = PasswdTable.Password.Format
            (PasswdTable.Password.DefaultValue)
        End If
 
        If Me.Password.Text Is Nothing _
            OrElse Me.Password.Text.Trim() = "" Then
            Me.Password.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.UserId0Specified Then
 
            Dim formattedValue As String = _
                Me.DataSource.Format(PasswdTable.UserId0)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.UserId1.Text = formattedValue
        Else
 
            Me.UserId1.Text = _
               PasswdTable.UserId0.Format(PasswdTable.UserId0.DefaultValue)
        End If
 
        If Me.UserId1.Text Is Nothing _
            OrElse Me.UserId1.Text.Trim() = "" Then
            Me.UserId1.Text = " "
        End If
 
        Me.IsNewRecord = True
        If Me.DataSource.IsCreated Then
            Me.IsNewRecord = False
 
            Me.RecordUniqueId = Me.DataSource.GetID.ToXmlString()
        End If
 
            ' Load data for each record and table UI control.
            ' Ordering is important because child controls get 
            ' their parent ids from their parent UI controls.
 
    End Sub
  • Step 7: Add the following code to the ShowPasswordPage.Controls.vb file. This code provides for retrieving the password decrypted from the database for viewing by authorized users.

    Visual Basic .NET:

    Public Overrides Sub LoadData()
    ' Copy of the LoadData() with the Decryption
    ' added to reveal the current text password
 
 
        If Not Me.RecordUniqueId Is Nothing AndAlso _
               Me.RecordUniqueId.Trim <> "" Then
            Me.DataSource = PasswdTable.GetRecord(Me.RecordUniqueId, True)
            Return
        End If
 
        Dim wc As WhereClause = Me.CreateWhereClause()
        If wc Is Nothing Then
            Me.DataSource = New PasswdRecord()
            Return
        End If
 
        ' Retrieve the record from the database.
        Dim recList() As PasswdRecord = PasswdTable.GetRecords(wc, Nothing, 0, 2)
        If recList.Length = 0 Then
            Throw New Exception(Page.GetResourceValue(
                "Err:NoRecRetrieved", "mvhpass"))
        End If
 
 
        Me.DataSource = PasswdTable.GetRecord(recList(0).GetID.ToXmlString(), True)
 
    End Sub  
    ' Populate the UI controls using the DataSource.
    ' To customize, override this method in
    passwdRecordControl.
    Public Overrides Sub DataBind()
 
        MyBase.DataBind()
 
        ' Make sure that the DataSource is initialized.
        If Me.DataSource Is Nothing Then
            Return
        End If
 
 
        ' For each field, check to see if a value
        ' is specified. If a value is specified,
        ' then format the value for display. If no value
        ' is specified, use the default value (formatted).
        ' Copied and added here to override the password field
 
        If Me.DataSource.IsCreated OrElse _
           Me.DataSource.Application0Specified Then
 
            Dim formattedValue As String = _
                Me.DataSource.Format(PasswdTable.Application0)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.Application1.Text = formattedValue
        Else
 
            Me.Application1.Text = PasswdTable.Application0.Format
            (PasswdTable.Application0.DefaultValue)
        End If
 
        If Me.Application1.Text Is Nothing _
            OrElse Me.Application1.Text.Trim() = "" Then
            Me.Application1.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.CommentSpecified Then
 
            Dim formattedValue As String = 
                Me.DataSource.Format(PasswdTable.Comment)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.Comment.Text = formattedValue
        Else
 
            Me.Comment.Text = PasswdTable.Comment.Format
            (PasswdTable.Comment.DefaultValue)
        End If
 
        If Me.Comment.Text Is Nothing _
            OrElse Me.Comment.Text.Trim() = "" Then
            Me.Comment.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.LastChangeSpecified Then
 
            Dim formattedValue As String = Me.DataSource.Format(
                PasswdTable.LastChange)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.LastChange.Text = formattedValue
        Else
 
            Me.LastChange.Text = PasswdTable.LastChange.Format
            (PasswdTable.LastChange.DefaultValue)
        End If
 
        If Me.LastChange.Text Is Nothing _
            OrElse Me.LastChange.Text.Trim() = "" Then
            Me.LastChange.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.PasswordSpecified Then
 
            Dim formattedValue As String = 
                Me.DataSource.Format(PasswdTable.Password)
            'add decryption code here to change the formatted value
            Dim oKryptonite As New ryptonite.SymmCrypto
            (Kryptonite.SymmCrypto.Providers.TripleDES)
            formattedValue= oKryptonite.Decrypt(formattedValue)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
 
 
            'end additions
            Me.Password.Text = formattedValue
        Else
 
            Me.Password.Text = PasswdTable.Password.Format
            (PasswdTable.Password.DefaultValue)
        End If
 
        If Me.Password.Text Is Nothing _
            OrElse Me.Password.Text.Trim() = "" Then
            Me.Password.Text = " "
        End If
 
        If Me.DataSource.IsCreated OrElse Me.DataSource.UserId0Specified Then
 
            Dim formattedValue As String = _
                Me.DataSource.Format(PasswdTable.UserId0)
            formattedValue = HttpUtility.HtmlEncode(formattedValue)
            Me.UserId1.Text = formattedValue
        Else
 
            Me.UserId1.Text = _
               PasswdTable.UserId0.Format(PasswdTable.UserId0.DefaultValue)
        End If
 
        If Me.UserId1.Text Is Nothing _
            OrElse Me.UserId1.Text.Trim() = "" Then
            Me.UserId1.Text = " "
        End If
 
        Me.IsNewRecord = True
        If Me.DataSource.IsCreated Then
            Me.IsNewRecord = False
 
            Me.RecordUniqueId = Me.DataSource.GetID.ToXmlString()
        End If
 
            ' Load data for each record and table UI control.
            ' Ordering is important because child controls get
            ' their parent ids from their parent UI controls.
 
    End Sub
  • Step 8: Build and run the application.

    Notes: In general, if the code additions are placed in the respective code customization sections of each Controls.vb file, the project will provide encryption of the password field when adding or saving an edited record. The Edit page also uses the Show functions, so the code added to the Show functions is necessary in the Edit overrides.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2008 by Iron Speed Designer
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-10-19:1