3

There is a field in one of my tables that is encrypted using 

ENCRYPTBYPASSPHRASE(<passphrase>,<value>)

When the value is placed into the object the field is still encrypted so I can't do anything with it. I can't create a view or stored proc or any other item that decrypts the fields on the database because then it defeats the purpose of encrypting the fields. Is there a way of having the frame work run something like

DECRYPTBYPASSPHRASE(<passphrase>, <columnName>)

before assigning the value to the object?

Right now I'm Getting the data then calling ExecuteQuery to decrypt the value. and assigning that new value over the encrypted value on my data model class. It works but I was just wondering if it could be done automatically through some options I don't know about. I've tried searching but have not found anything.

Improve this question
3
  • How will you automatically know the passPhrase and the type to convert the clear varbinary too, or do you want to retrieve a byte[]? Commented Sep 20, 2013 at 13:32
  • I know the PassPhrase Right now I get the Decrypt the value calling ExecuteQuery with something like the following. Commented Sep 20, 2013 at 17:38
  • I know the PassPhrase Right now I get the Decrypt the value calling ExecuteQuery with something like the following. "Select CAST(DECRYPTBYPASSPHRASE('{0}', {1}) AS NVARCHAR(MAX)) AS {2} FROM Table Whered PrimaryKey = {3}" Where 0 = phassphrase, 1 = column, 2 = name of column returned, 3 = key to exact record i want to decrypt. So I"m getting the value now. Its just that it takes me an extra step. After the data is populated into the object from the database. I have to run an extra query to to get the decrypted values. Commented Sep 20, 2013 at 17:46

2 Answers 2

Reset to default
1

I'm assuming that you are using linq-to-sql and that the table you are pulling from is structured like so:

+--------+---------------+
| UserId |   Passphrase  |
+--------+---------------+
|      1 | laskdfmlsadkf |
+--------+---------------+

With this information, you can apply the decrypt method during your select.

var password = "password";
var userId = 1;

var result = usertable.Where(c => c.UserId == userId).ToList()
.Select(t => new 
{
    Passphrase = DECRYPTBYPASSPHRASE(t.Passphrase)
}).First()

bool areSame = (password == result.Passphrase);
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I haven't had a chance to go back and try this. I hope to get some time here soon.
DECRYPTBYPASSPHRASE is TSQL function, not a .Net one.
@Jodrell You would need to push the DECRYPTBYPASSPHRASE stored procedure in to your linq2sql model so it would be useable from .NET code.
@ScottChamberlain, is that implied by this answer?
The DecryptByPassphrase function takes at least 2 parameters and returns some clear varbinary, not a passphrase for comparison with a password. technet.microsoft.com/en-us/library/ms188910.aspx
0

As demonstrated by this fiddle, the following SQL is perfectly effective,

SELECT
            E.[Key],
            CAST(
                      DecryptByPassPhrase(
                          'test',
                          E.[Encrypted])
                AS
                    varchar(8000)) [Clear],
            E.[Other]
    FROM
            [Example] E;

So use this overload of ExecuteQuery to do something like,

var examples = context.ExecuteQuery<Example>(
    @"SELECT
                E.[Key],
                CAST(
                          DecryptByPassPhrase(
                              @p0,
                              E.[Encrypted])
                    AS
                        varchar(8000)) [Clear],
                E.[Other]
        FROM
                [Example] E;",
    passPhrase);

to retrieve and decrypt your data in one call.

Improve this answer

1 Comment

yeah I was just coming to the conclusion that I was going to have to run the ExecuteQuery and provide the query myself.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.