How to encrypt and decrypt highly sensitive information in SQL Server database with ASP Classic?

sql-server encryption asp-classic
12,410

Solution 1

It may well be beneficial to allow SQL Server to handle the encryption/decryption using Keys/Certificates. This way, you don't have to roll your own with ASP and the management of this system is kept where the data itself resides. There is also the benefit of not having to update this process should you decide to move to another platform.

It is a simple process to create the Keys on the server and use of them after this point is also simple, for example;

Encrypt;

OPEN SYMMETRIC KEY mykey DECRYPTION BY CERTIFICATE [mycert]
UPDATE table SET number = EncryptByKey(Key_GUID('mykey'), @number)

Decrypt;

 OPEN SYMMETRIC KEY mykey DECRYPTION BY CERTIFICATE [mycert]
 SELECT CONVERT(varchar, DecryptByKey(number)) AS number FROM TABLE

A good overview of this can be found here Introduction to SQL Server Encryption

Solution 2

You can use the Rinjdael cipher successfully in VBScript with this library. The key functions are EncryptData() and DecryptData().

It seems secure enough for me. Obviously you will want to keep your key pretty secret. An application variable in the global.asa might be a good place to store this (as that's usually where connection strings and such are found).

Share:
12,410
MicBehrens
Author by

MicBehrens

HTML5 CSS3 JavaScript AngularJS jQuery jQueryUI ASP Classic PHP7 Python RegExp TSQL SQL Server MySQL

Updated on June 16, 2022

Comments

  • MicBehrens
    MicBehrens almost 2 years

    I have been checking various questions on stackoverflow and of course google, but I can't really find any specific solution to this question:

    How do I create a function in ASP Classic to encrypt and decrypt highly sensitive information in a SQL Server database? Like fx. a social security number or anything similar?

    (Or is it possible to do in my SQL string?)

    And yeah, I do know how to create a function with ASP ;)

    And no, I just cant hash the information with SHA or MD5, because they only work one way. I need it to work both ways!

    The more security, the merrier! :)

    EDIT:
    Afterwards I found this:

    http://www.4guysfromrolla.com/webtech/010100-1.shtml

    But I don't really know if this are secure enough and will do? Of which I can see, it's going both ways?

  • MicBehrens
    MicBehrens over 12 years
    If the keys are on the same server as the encrypted data, won't it then be exploited in case of a brute force attempt directly against the SQL Server?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to encrypt columns in SQL Server 2008 R2
Classic ASP problem connecting to remote SQL Server database
Slow Initial Server Response
How to write connection string to connect from classic ASP page to SQL 2008 R2?
Classic Asp Connection String to SQL Server 2012 with Windows Authentication on Windows 8
ENCRYPTBYPASSPHRASE and DECRYPTBYPASSPHRASE is not returning correct values
How to hide user-passwords in SQL Server database
How to Encrypt SQL Server 2008 Database
Upload file to SQL database using classic ASP
Application Name in SQL Server when connecting from Classic ASP