locked
Encrypt and Decrypt Need help!!! RRS feed

  • Question

  • I am develop an application which is can let user to and create account, login account and save account details to database.

    For the password for the user i successfully encrypt it and save it to database.

    Now, i meet a problem how i decrypt the password from SQL database.I want to login by using decrypt password and my database password is save as Encrypt. Below is my coding which is save the encrypt data in sql database.

    For my question is how to do if i want to login the account by using decrypt password??

    1. Username = TextEdit1.Text FirstName = TextEdit2.Text LastName = TextEdit3.Text email = TextBox1.Text en = LabelControl6.Text LabelControl6.Text = PasswordGenerate() Dim password As String = "exmag" Dim wrapper As New EncryptDecryptVB(password) Dim cipherText As String = wrapper.EncryptData(LabelControl6.Text) My.Computer.FileSystem.WriteAllText( My.Computer.FileSystem.SpecialDirectories.MyDocuments & "\cipherText.txt", cipherText, False) pwd = cipherText Try con.ConnectionString = "Data Source = SERVER3W8\SQLEXPRESS ;Initial Catalog = XposConversion; Integrated Security = True " con.Open() cmd.Connection = con cmd.CommandText = "INSERT INTO [dbo].[user]([Username],[FirstName],[LastName],[email] , [Password])VALUES('" & Username & "' , '" & FirstName & "','" & LastName & "','" & email & "' , '" & pwd & "')" cmd.ExecuteNonQuery() Catch ex As Exception MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records") Finally con.Close() End Try
    Thursday, June 18, 2015 7:53 AM

Answers

  • Since you are using SQL Server, you can use the built-in features for encryption and decryption. Maybe this helps: Column Level Encryption in SQL Server

    And here is the documentation from Microsoft about this: Cryptography in SQL Server


    ---------------------------------- Robin Sedlaczek @ Microsoft Forums

    • Marked as answer by YOLO4111 Friday, June 19, 2015 7:42 AM
    Thursday, June 18, 2015 9:25 AM
  • The usual way is to encrypt the newly typed password again, and compare the encrypted password (new) to the encrypted password in database.

    The is precisely the reason why we can use hash (or one-way encryption) to store passwords.

    • Edited by cheong00 Thursday, June 18, 2015 9:27 AM
    • Proposed as answer by Devon_Nullman Thursday, June 18, 2015 4:51 PM
    • Marked as answer by YOLO4111 Friday, June 19, 2015 7:42 AM
    Thursday, June 18, 2015 9:26 AM
  • Use SqlCommand.ExecuteScalar() to get the stored password hash through "SELECT Password FROM [dbo].[user] where Username = @Username", and then compare it with cipherText of:

    Dim password As String = "exmag"
    Dim wrapper As New EncryptDecryptVB(password)
    Dim cipherText As String = wrapper.EncryptData(txtPassword.Text)

    Assuming the password is entered in a control named txtPassword in login page.
    • Edited by cheong00 Friday, June 19, 2015 3:09 AM
    • Marked as answer by YOLO4111 Friday, June 19, 2015 7:42 AM
    Friday, June 19, 2015 3:08 AM

All replies

  • Since you are using SQL Server, you can use the built-in features for encryption and decryption. Maybe this helps: Column Level Encryption in SQL Server

    And here is the documentation from Microsoft about this: Cryptography in SQL Server


    ---------------------------------- Robin Sedlaczek @ Microsoft Forums

    • Marked as answer by YOLO4111 Friday, June 19, 2015 7:42 AM
    Thursday, June 18, 2015 9:25 AM
  • The usual way is to encrypt the newly typed password again, and compare the encrypted password (new) to the encrypted password in database.

    The is precisely the reason why we can use hash (or one-way encryption) to store passwords.

    • Edited by cheong00 Thursday, June 18, 2015 9:27 AM
    • Proposed as answer by Devon_Nullman Thursday, June 18, 2015 4:51 PM
    • Marked as answer by YOLO4111 Friday, June 19, 2015 7:42 AM
    Thursday, June 18, 2015 9:26 AM
  • Hi Robin,

    TQ for your reply. If i using this column level encryption when i login from application can i copy the encrypt password to login my user id?

    Friday, June 19, 2015 2:35 AM
  • Hi cheong,

    TQ for your reply. According your information, if i save the encrypted password in database if i want to check the decrypt password in database how i check the password? Kindly waiting for your reply. Thank You

    Friday, June 19, 2015 2:40 AM
  • Use SqlCommand.ExecuteScalar() to get the stored password hash through "SELECT Password FROM [dbo].[user] where Username = @Username", and then compare it with cipherText of:

    Dim password As String = "exmag"
    Dim wrapper As New EncryptDecryptVB(password)
    Dim cipherText As String = wrapper.EncryptData(txtPassword.Text)

    Assuming the password is entered in a control named txtPassword in login page.
    • Edited by cheong00 Friday, June 19, 2015 3:09 AM
    • Marked as answer by YOLO4111 Friday, June 19, 2015 7:42 AM
    Friday, June 19, 2015 3:08 AM
  • Hi! You are welcome! :)

    Is your question completely answered? To be sure I like to answer your last reply:

    You cannot take the encrypted password from the database to login the user, because the user will enter the password in clear text. What you should do:

    1. Load encrypted password from database and let the database decrypt it. You can see this in the example I posted above (Column Level Encryption in SQL Server). In the example, data is decrypted for displaying it. Do the same!

    2. Take the decrypted password and compare it to the user input. If it matches, user can be logged in. If it does not match, user should not be logged in.

    Hope that helps! :)


    ---------------------------------- Robin Sedlaczek @ Microsoft Forums

    Friday, June 19, 2015 11:21 AM