locked
Encrypt Document Upload RRS feed

  • Question

  • User-1901014284 posted

    Hi,

    I have the below code which I use to upload an image created within an HTML5 canvas to an MSSQL database. The upload works with no issues but I would like to encrypt the uploaded document but insure how to do this when using a parameter to insert into the table. Could you please advise how I can upload the document using encryption?

    byte[] bytes = Convert.FromBase64String(signatureBase64Url.Value.Split(',')[1]);
    using (FileStream stream = new FileStream(Server.MapPath("~/Images/ClientSignature/" + ClientSignatureNameTextBox.Text.Trim() + ".png"), FileMode.Create))
    {
    stream.Write(bytes, 0, bytes.Length);
    stream.Flush();
    }
    cmd.Parameters.AddWithValue("@ClientSignature", "Images/ClientSignature/" + ClientSignatureNameTextBox.Text.Trim() + ".png");

    Monday, July 16, 2018 11:27 AM

All replies

  • User475983607 posted

    The common approach is using HTTPS.  

    Monday, July 16, 2018 11:33 AM
  • User753101303 posted

    Hi,

    You mean when stored in the db ? You have multiple options :
    https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/sql-server-encryption?view=sql-server-2017

    Make sure first what is the exact purpose ie is this so that even someone with sufficient permissions to access the db couldn't decrypt the image on the SQL Server side?

    For now it 's a bit unclear if you want to encrypt the "uploaded document" (ie it has been uploaded already) or if you want to "upload the document using encryption" (https as pointed already does this).

    Monday, July 16, 2018 12:00 PM
  • User-1901014284 posted

    Hi PatriceSc,

    I would like it so the db could not be decrypted on the server side, I would like the decryption only within my application.

    Please accept my apologies for not being clear, I have never implemented encryption on uploads before and not sure how to implement the HTTPS into my project. I would like to upload the document using encryption going forward. At the moment the code I have just uploaded the file path of the document into the database making it easy to find the document related to the database record.

    Monday, July 16, 2018 12:51 PM
  • User-330142929 posted

    Hi Jonnygareth32,

    from your above description, if you want to migrate your website to https, you could search online for tutorials on how to migrate http to https. As All-Star says, https already use encryption to upload document. and if you want to encrypt the document you uploaded, we could use DES/AES algorithm.

    Here is official document, wish it is useful to you.

    https://docs.microsoft.com/zh-cn/dotnet/standard/security/encrypting-data

    If you don’t want to directly display the file path in the database, you could encrypt the file path with Hash+salt. There are so many examples about how to encrypt the string with Hash+Salt, you could find it yourself.

    Feel free to let me know if you have any questions

    Best Regards

    Abraham.

    Tuesday, July 17, 2018 9:31 AM
  • User753101303 posted

    It seems you are still confusing two things :

    • uploading the file using https which will encrypt whatever is transferred between the browser and the web server. You have to take care about some details especially if this is the first time (for example checking for hardcoded http links maybe in a mail message sent to users etc...) but it is quite easy to have an app that can work with both http or https withtout any code change
    • your app will get a non encrypted content (https does this behind the scene but this is transparent to you) so you could use for example https://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged(v=vs.110).aspx to encrypt your byte content before storing this in a db. SQL Server has also support for doing that automatically for you (at the db driver level so that SQL Server knows which columns are encrypted but doesn't have the information needed to decrypt them. The purpose is to have encryption/decryption being done automatically for you on the client side).
    Tuesday, July 17, 2018 9:44 AM
  • User-1901014284 posted

    Hi all,

    Apologies for the delay getting back, I had been assigned to another project. I have been looking into this and think what I am looking for is how to upload a document to a server folder in asp.net C# but to also upload the document with an Encryption which will require Decryption through my project to open a readable version of the document that had been uploaded onto the server previously. Also while doing this I would like to make this record saved into a database against a ClientID record so that the document would only be visible when a certain client record is selected.

    Any help would be greatly appreciated.

    Many thanks

    Jonny 

    Wednesday, July 25, 2018 9:50 AM