May 8, 2009 at 4:15 pm
Hi,
I am using EncryptByPassPhrase() function to encrypt the password and it is encrypting it correctly but the problem is, it is inserting some junk kind of characters into the field which is conflicting with my XML data. Can anybody tell me how to put the simple text or number using EncryptByPassPhrase() function and then decrypt it easily. My stored procedure is below: Thanks in advance
ALTER PROCEDURE [dbo].[RegisterUser]
@userName varchar(40),
@passwordHash varchar(50)
AS
BEGIN
Declare @encrystaff varchar(80);
DECLARE @PassphraseEnteredByUser nvarchar(128);
SET @PassphraseEnteredByUser = 'sometext';
-- here,we use asymmetric encryption to cipher the hashed password
SET @encrystaff=Convert(varchar(80),EncryptByPassPhrase( @PassphraseEnteredByUser,@passwordHash));
INSERT INTO Users VALUES(@userName,@encrystaff )
END
May 9, 2009 at 6:47 am
EncryptByPassPhrase() returns a varbinary() data type. Change @encrystaff and the subsequent column in the table to varbinary(128).
K. Brian Kelley
@kbriankelley
May 9, 2009 at 10:53 am
Thanks for your response.
Database is already in production and cannot make any change in column data types.
Thanks
shailesh
May 9, 2009 at 12:56 pm
Actually, I'm sorry, it should be varbinary(256). nvarchar is 2 bytes per character. The varbinary is not guaranteed to be readable characters, meaning the conversion may store something that doesn't convert properly to the password. That's why the change is required. The EncryptByPassPhrase is going to give a stream of bytes out. So you need something to properly store that stream of bytes, and that's varbinary.
I understand what you're saying about a change to production, but unfortunately, you're doing encryption here. And with encryption, you're working with bits and bytes, not characters. Meaning your implementation probably won't work or won't be accurate as it is right now.
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply