locked
How to use AES encryption and decryption??? RRS feed

  • Question

  • User-1600238721 posted

    sqlStr = "INSERT INTO tbluserapplication (uaName,uaIC,uaInitial,uaPrefix,uaGroupID,uaLogin,uaPassword,uaApproved,uaAddress1,uaAddress2,uaPostcode,uaCity,uaCountry,uaEmail) VALUE (?uName,?uIC,?uInitial,?uPrefix,'1000',?uLogin,?uPassword,'0',?uAddress1,?uAddress2,?uPostcode,?uCity,?uCountry,?uEmail)"

     myCommand.Parameters.AddWithValue("?uPassword", txtPassword.Text)

    this is my sqlstr to insert the data into database.i would like to use AES encryption to encrypt the uaPassword. how should i write my code???

    and on login page izit i need to decrypt the password before i use to compare with the password which enter by user?

    izit using the decrypt method?how to use it?can someone help me???

    if possible write the example code for me. or do anyone hav another better encryption method to intro to me???

    thanks

     

    Thursday, June 28, 2007 5:27 AM

Answers

  • User120819611 posted

    in your query, you can do it like this:

    strSQL = "SELECT uausername, AES_DECRYPT(uapassword,  'samplekey') As uaPassword FROM table tbluserapplication WHERE uausername='blah blah'"

    normally, if you will use it in your reader like this

    objreader("uapassword")

    it would return the decrypted password. :) you just miss the alias on the result of your query statement.

    so normally, it would return the uaPassword column when u aliased it. hope it helps. 

    note that, sample key is the key to be used to decrypt your password.


    good luck!

     

    Cheers,

    CLIPER
     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 2, 2007 2:39 AM
  • User120819611 posted

     well, AES_DECRYPT() will return a null value if... the sample key did not match to the key you used it when you fired the AES_ENCRYPT

    you may try again adding a user using this statement, (note: we are assuming the fields to be your fields in your code)

     strSQL = "INSERT INTO tblapplication (user, password)VALUES('user1',AES_ENCRYPT('" & textbox1.text & "','samplekey'))"

    now, you must note that the word "samplekey" will be used when you want to decrypt your password. after that you could use

    strSQL = "SELECT user, AES_DECRYPT(password, 'samplekey') FROM tblapplication"

    now, see that we use the "samplekey" as our key to decrypt whatever value in the password column. when you type a "SampleKey" in there, then it should matter a lot because you use uppercase letters.

    in addition to this, maybe you did not use the 'samplekey' as your key when you add that first user in your table. you need to be carefull on the key thing.

    and please, read my instructions carefully... thank you...

     

    Cheers,

    CLIPER 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 2, 2007 5:30 AM

All replies

  • User-590788913 posted

    I coded mine in C#, however after saw your signature about VB.NET, here's an article does just what you wanted: http://www.vbforums.com/showpost.php?p=2801591&postcount=2

    Thursday, June 28, 2007 6:37 AM
  • User-1600238721 posted

    what a shock seeing materazi reply me and help me in my asp.net. haha

    time to go home.will hav a look on the web site tomorro.thanks

    hav a nice day [:)]

    Thursday, June 28, 2007 6:41 AM
  • User120819611 posted

    It should like like this:

    sqlStr = "INSERT INTO tbluserapplication (uaName,uaIC,uaInitial,uaPrefix,uaGroupID,uaLogin,uaPassword,uaApproved,uaAddress1,uaAddress2,uaPostcode,uaCity,uaCountry,uaEmail) VALUE (?uName,?uIC,?uInitial,?uPrefix,'1000',?uLogin,AES_ENCRYPT(?uPassword,'samplekey'),'0',?uAddress1,?uAddress2,?uPostcode,?uCity,?uCountry,?uEmail)"

    then you should be able to use also when decrypting the pass like this:

    strSQL  = "SELECT AES_DECRYPT(uaPassword, 'samplekey') FROM tbluserapplication where user=blah blah"

     

    hope it helps. take note, I suggest to use some unique token in your key, maybe you could use the username as key, or the userid or the pass reminder as a key. good luck! and happy coding!

     

    Cheers,

    CLIPER 

    Thursday, June 28, 2007 11:49 PM
  • User-1600238721 posted

    It should like like this:

    sqlStr = "INSERT INTO tbluserapplication (uaName,uaIC,uaInitial,uaPrefix,uaGroupID,uaLogin,uaPassword,uaApproved,uaAddress1,uaAddress2,uaPostcode,uaCity,uaCountry,uaEmail) VALUE (?uName,?uIC,?uInitial,?uPrefix,'1000',?uLogin,AES_ENCRYPT(?uPassword,'samplekey'),'0',?uAddress1,?uAddress2,?uPostcode,?uCity,?uCountry,?uEmail)"

    then you should be able to use also when decrypting the pass like this:

    strSQL  = "SELECT AES_DECRYPT(uaPassword, 'samplekey') FROM tbluserapplication where user=blah blah"

     

    hope it helps. take note, I suggest to use some unique token in your key, maybe you could use the username as key, or the userid or the pass reminder as a key. good luck! and happy coding!

     

    Cheers,

    CLIPER 

    CLIPER

    i successfully encrypt the password already

    but now...having problem to decrypt it...

    i use the strSQL u give me : strSQL  = "SELECT AES_DECRYPT(uaPassword, 'samplekey') FROM tbluserapplication where user=blah blah"

    but then,how can i specified it?

    i use to use myReader("uaPassword"),something like this.but now this method cant be use anymore.

    let say if i wan show the original password on a label,how should i code?

    label.text = ???

    pls help,and thanks alot.

    Sunday, July 1, 2007 10:32 PM
  • User120819611 posted

    in your query, you can do it like this:

    strSQL = "SELECT uausername, AES_DECRYPT(uapassword,  'samplekey') As uaPassword FROM table tbluserapplication WHERE uausername='blah blah'"

    normally, if you will use it in your reader like this

    objreader("uapassword")

    it would return the decrypted password. :) you just miss the alias on the result of your query statement.

    so normally, it would return the uaPassword column when u aliased it. hope it helps. 

    note that, sample key is the key to be used to decrypt your password.


    good luck!

     

    Cheers,

    CLIPER
     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 2, 2007 2:39 AM
  • User-1600238721 posted

    in your query, you can do it like this:

    strSQL = "SELECT uausername, AES_DECRYPT(uapassword,  'samplekey') As uaPassword FROM table tbluserapplication WHERE uausername='blah blah'"

    normally, if you will use it in your reader like this

    objreader("uapassword")

    it would return the decrypted password. :) you just miss the alias on the result of your query statement.

    so normally, it would return the uaPassword column when u aliased it. hope it helps. 

    note that, sample key is the key to be used to decrypt your password.


    good luck!

     

    Cheers,

    CLIPER
     

    CLIPER,i am so happy to see u here.

    i try the code you give me,but i think it not working as nothing show on my label.

    i explain more clearly to u.

    i use this query : sqlStr = "SELECT username,password FROM testing WHERE id=1"

    and myReader("password") would get the encryped password.

    then i try this :

    strSQL = "SELECT uausername, AES_DECRYPT(password,  'samplekey') As Password FROM table testing WHERE id=1"

    but i get nothing from myReader("pasword")

    is there any error or mistake?

    Monday, July 2, 2007 3:03 AM
  • User-1600238721 posted

    No one can help me ????[:'(]

    Monday, July 2, 2007 4:51 AM
  • User120819611 posted

     well, AES_DECRYPT() will return a null value if... the sample key did not match to the key you used it when you fired the AES_ENCRYPT

    you may try again adding a user using this statement, (note: we are assuming the fields to be your fields in your code)

     strSQL = "INSERT INTO tblapplication (user, password)VALUES('user1',AES_ENCRYPT('" & textbox1.text & "','samplekey'))"

    now, you must note that the word "samplekey" will be used when you want to decrypt your password. after that you could use

    strSQL = "SELECT user, AES_DECRYPT(password, 'samplekey') FROM tblapplication"

    now, see that we use the "samplekey" as our key to decrypt whatever value in the password column. when you type a "SampleKey" in there, then it should matter a lot because you use uppercase letters.

    in addition to this, maybe you did not use the 'samplekey' as your key when you add that first user in your table. you need to be carefull on the key thing.

    and please, read my instructions carefully... thank you...

     

    Cheers,

    CLIPER 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 2, 2007 5:30 AM
  • User-1600238721 posted

     well, AES_DECRYPT() will return a null value if... the sample key did not match to the key you used it when you fired the AES_ENCRYPT

    you may try again adding a user using this statement, (note: we are assuming the fields to be your fields in your code)

     strSQL = "INSERT INTO tblapplication (user, password)VALUES('user1',AES_ENCRYPT('" & textbox1.text & "','samplekey'))"

    now, you must note that the word "samplekey" will be used when you want to decrypt your password. after that you could use

    strSQL = "SELECT user, AES_DECRYPT(password, 'samplekey') FROM tblapplication"

    now, see that we use the "samplekey" as our key to decrypt whatever value in the password column. when you type a "SampleKey" in there, then it should matter a lot because you use uppercase letters.

    in addition to this, maybe you did not use the 'samplekey' as your key when you add that first user in your table. you need to be carefull on the key thing.

    and please, read my instructions carefully... thank you...

     

    Cheers,

    CLIPER 

    Thank you again CLIPER.but i still cant decrypt the password and display it at label.

    i follow all your instruction,check all my code,and re-check for few times,just cant figure out what went wrong.

    even my manager also had no idea with that.or i post my code here and c anyone can help me.

    Monday, July 2, 2007 5:46 AM
  • User-1600238721 posted

    this is the code i use to encrypt and store the data in database:

    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
            Dim sqlStr As String
            Dim myConnection As MySqlConnection = Nothing
            Dim myCommand As MySqlCommand = Nothing

            sqlStr = "INSERT INTO testing(username,upassword) VALUE (?uUsername,AES_ENCRYPT(?uPassword,'samplekey'))"

            ' Connection
            myConnection = New MySqlConnection(ConfigurationManager.ConnectionStrings("dbConnection").ToString())
            myConnection.Open()
            'Command
            myCommand = New MySqlCommand(sqlStr, myConnection)
            myCommand.Parameters.AddWithValue("?uUsername", TextBox2.Text)
            myCommand.Parameters.AddWithValue("?uPassword", TextBox1.Text)
            myCommand.ExecuteNonQuery()
            myConnection.Close()
        End Sub

     

    And this is the code i use to retrieve and decrypt the data from the database :

       Dim sqlStr As String
            Dim myConnection As MySqlConnection = Nothing
            Dim myCommand As MySqlCommand = Nothing
            Dim myReader As MySqlDataReader = Nothing

            Try
                sqlStr = "SELECT username,AES_DECRYPT(upassword, 'samplekey')FROM testing "


                ' Connection
                myConnection = New MySqlConnection(ConfigurationManager.ConnectionStrings("dbConnection").ToString())
                myConnection.Open()
                ' Command
                myCommand = New MySqlCommand(sqlStr, myConnection)
                ' Reader
                myReader = myCommand.ExecuteReader()
                myReader.Read()
             

                Label2.Text = myReader("upassword").ToString
            Catch ex As Exception
                ' Exception Error Here
                Response.Write(Err.Number & " - " & Err.Description)
            End Try

     

    and the error i get from the try & exception is error No.9 Could not find specified column in results

    Monday, July 2, 2007 5:51 AM
  • User120819611 posted

    yes, because of this line

     

    1            Try
    2 sqlStr = "SELECT username,AES_DECRYPT(upassword, 'samplekey')FROM testing "

      

    you should re-write i like this:

     

    1            Try
    2 sqlStr = "SELECT username,AES_DECRYPT(upassword, 'samplekey')As upassword FROM testing "

      

     

    so the field upassword will be valid when your MySqlDataReader reads that columns upassword.

    hope that's ok now, 

    Monday, July 2, 2007 5:56 AM
  • User-1600238721 posted

    yes, because of this line

     

    1            Try
    2 sqlStr = "SELECT username,AES_DECRYPT(upassword, 'samplekey')FROM testing "

      

    you should re-write i like this:

     

    1            Try
    2 sqlStr = "SELECT username,AES_DECRYPT(upassword, 'samplekey')As upassword FROM testing "

      

     

    so the field upassword will be valid when your MySqlDataReader reads that columns upassword.

    hope that's ok now, 

    unfortunately,it can't work......[:(]

    Monday, July 2, 2007 6:18 AM
  • User120819611 posted

     why not? it works for me. I use your code and design the tables. :)

    the only thing you should do now is to "Listen", "Understand" & 'Learn"

    first thing you will do, is to delete all users in that tblapplication table and re-create another user using the 'samplekey' token. and then don't forget the alias in your query string so that you can always use it as a valid column in your data reader. and try to remove the objReader("upassword").ToString like, leave it as

    label2.text = objReader("upassword") 

    Monday, July 2, 2007 6:26 AM
  • User-1600238721 posted

     why not? it works for me. I use your code and design the tables. :)

    the only thing you should do now is to "Listen", "Understand" & 'Learn"

    first thing you will do, is to delete all users in that tblapplication table and re-create another user using the 'samplekey' token. and then don't forget the alias in your query string so that you can always use it as a valid column in your data reader. and try to remove the objReader("upassword").ToString like, leave it as

    label2.text = objReader("upassword") 

    THANKS YOU CLIPER, IT'S WORK !!!

    i am so so so happy.

    u really help me a lot,thanks u CLIPER!!![:D]

    Monday, July 2, 2007 6:33 AM
  • User120819611 posted

     yup, that's all it is. :) and I'm glad that I helped you. :)

     happy coding enghsiang,

     

    Cheers,

    CLIPER
     

     

    Monday, July 2, 2007 10:06 PM