StrataFrame Forum

TripleDesWrapper and SQL 2005 Encryption

http://forum.strataframe.net/Topic20683.aspx

By Cory Cookson - 11/11/2008

I am using SQL 2005 to encrypt data using the Tripe_Des protocol.  I'd like to use the TripleDesWrapper from strataframe within my app. to decrypt.  Is this possible?

Sql 2005 uses a password for encryption.  Mine is 24 characters long.

In my strataframe app. I use the same password for the encryption key and use just the first 8 characters for the vector.

Any help would be appreciated as Sql 2005 can decrypt the data but my app replies that it is bad data within the business object when attampting to decrypt.

Thank You,

Cory

By Trent L. Taylor - 11/11/2008

I don't totally understand your post in regards to where you are encrypting your data.  If you are allowing SQL Server to encrypt the data versus the 3DESWrapper, then you MUST make sure that your key and ventors are identical.  But generally, I never do it that way.  I will create a custom property that exposes the field that I want to encrypt/decrypt.  There is a sample of this in the CustomerCreditCardsBO in StrataFlix.  It isn't plumbed into a dialog at the moment, but you can see the logic within the BO showing how to encrypt/decrypt a property to and from a database using the 3DESWrapper.
By Cory Cookson - 11/11/2008

Hi Trent,

Let me be a little more specific.

I'm encrypting the data at the SQL server using the Triple_DES protocol, but from what I'm reading Sql 2005 salts their vector with a random value when the key is made.  I don't have access to that value so can't decrypt it on the app side of the equation.  So the question is has anyone decrypted data that has been encrypted using Sql 2005 from within a strataframe app using the TripleDesWrapper or is this even possible?

By Trent L. Taylor - 11/11/2008

If you do not hold both pieces of the key, then whether you are using the 3DESWrapper or something else, you will not be able to decrypt this.  I recommend the approach I mentioned using the BO to do this.  This way it is totally encrypted while stored in SQL Server, yet you are in control.
By Cory Cookson - 11/11/2008

Thanks Trent I appreciate the quick response Smile
By Trent L. Taylor - 11/11/2008

No problem Smile