It (3DES Wrapper) will encrypt them, but any attempt to decrypt a string greater than 7 characters generates the error Invalid length for a Base-64 char array. I have reproduced on several machines running 1.6.6 using very simple code to decrypt and enrypt a string (no BO's, no custom anything).

For example "1111111" encrypts and decrypts fine, but "11111111" will encrypt but not decrypt.

Any insight appreciated as always.

The occurs in tripledeswrapper.vb at the function Decrypt, in the first line of the function:

Public Function Decrypt(ByVal text As String) As String

Dim input() As Byte = Convert.FromBase64String(text)

Dim output() As Byte = Transform(input, m_des.CreateDecryptor(m_key, m_iv))

Return m_utf8.GetString(output)

End Function

Keith Chisarik

thanks Trent, that lead me to the answer. I had written a quick program that encrypted the field data a few days ago, by bad luck the field was not long enough for all the new values since the encryption algorithm adds to the length, some were OK but some got truncated and since they were encrypted it didnt catch my eye and the error lead me down the wrong path.

Now, all is good except I have browse dialogs that use the encrypted field to search, they are using the raw encrypted field data from the server, returning incorrect records. How can I make them use the decrypted values like I set in my BO field property?

I know the BD creates the query dynamically and I think that is can only use actual fields and not custom (or customized) ones (???) so I am not sure how to accomplish my goal, to allow the encrypted field (SSN) to be included in the BD as a search field (with advanced options).

Keith

Keith Chisarik

Keith,



I'm not the best person to answer the question (I don't use the browse dialog), but some times even a bad answer can spark a thought and help you move forward.



I'd try using the Searching event to change the query. Since it is an SSN, hopefully, you will always be providing the full SSN and using an equality comparison. If so, I'd look through the where collection for SSN field and then encrypt the value provided by the user and use that value instead of the one they provided. That way you'll be comparing encrypted value to encrypted value.



No idea if it will work, but that's were I'd start...good luck!