The development of an application that handles encryption (AES) of data stored in a database (SQL server 2005) at the application level through C#. So in practice I would in C# do some simple data handling and then encrypt these data and then insert these data in the corresponding DB tables. This is what I am trying to develop, but I am just in a researching face for the moment, hence my question.
Can anybody reply me on the how difficult this should be to accomplish and where to concentrate my researching and if any body as any form of input to this I am very pleased to receive this too.
Thank you
Kenn Kikkenborg
Handling encryption at the application level
fode
Ahan OK, See the first point of Chunk S, The length of the encrypted data can highly vary with respect to Algorithm used and the key strength of the algrithm you chose. The reason of this thing is that encryption algorithm add pading characters while the encrypt to make encrypted data size to the multiple of some number:
like if you encrypt 2 bytes or 20 bytes both may produce 32 bytes of encrypted data!
Second thing the performance and efficency of application. Have you thought or tried to balance Type Take to encrypt data of 20 columns and then insert the decrypted data into the database and then retreive, decrypt and display
If security is your concern, Then go ahead and do it.
Anyhow! I'll give you some brief information about Encryption in general and Encryption in .Net (The Specific One)
There are 2 types of encyption algorithms:
To take it simples think in a symetric encryption you use a single key (password) to encrypt and decrypt the data while in an asymetric algorithm a key pair is used! a data is encrypted with the public key and is decrypted with private key.
Symetric Algorithms are quiet fast as compare to asymetric ones. And for large ammount of data, symetric encryption is the right choice on the other hand Asymetric Encryption algorithms are slow and are used to encrypt/decrypt small amount of data, Like passwords etc. Asymetric Algorithms provide more key strength (Means More security).
Both types of algorithms are supported in .Net.
RSACryptoServiceProvide class for Asymetric Encryption and RijndaelManaged class for Symetric encryption is the best choice of most of the .Net developers.
Both are extremely simple to use. See MSDN for more information.
If you need more help, please feel free to write again!
Best Regards,
Gary Ho
In the .NET Framework, you can find the AES implemented in the RijndaelManaged class.
Encryption and decryption are fairly straightforward: you can find good examples in the MSDN documentation for the RijndaelManaged class. They are pretty complete, which means they are also a bit long, but you can easily get an encryption method in five lines or so.
It will expand the input up to the blocksize, which for a 256 byte block is 32 bytes.
HTH
--mc
Scorpion1118
One thing I'd be concerned with is that encrypted data, depending on the encryption method used, tends to be longer in length than the unencrypted data it was created from. So you'd have to be careful, in the case of string fields (unless they are in a string field that doesn't specify a max length on creation) that you appropriate enough space for them and set the length of the field accordingly.
Unfortunately, I'm not familiar enough with AES to know how to help you further.