CLR Assembly for Encryption/Decryption

0
votes

We recently implemented some symmetric keys in MS SQL 2005 for encrypting and decrypting credit card, check routing/account numbers.

Ideally, we would like a user defined function to be able to perform the encryption and decryption, however, its not possible since the encryptbykey and decryptbykey functions cannot be used within user defined functions.

Initially I thought we could create a CLR Assembly (in C#) with functions to do this, however, as I learned the same rules apply.

I was wondering what others have been doing to easily perform this functionality. Creating many stored procedures such as:

OPEN SYMMETRIC KEY...
SELECT username, decryptByKey(...) AS password CLOSE SYMMETRIC KEY...

... for the many areas in which we will encrypt/decrypt would be very tedious.

1
c#sql-serverencryptionassembliesclr
You're decrypting passwords? Really? You know that's not good design at all. Passwords should be one-way hashed. Decryptable keys renders every single password in your database vulnerable.user1228
Well mainly I will be using it for credit card numbers, and check routing/ account numbers.Chris Klepeis
I'd strongly suggest doing some research in encryption/security if you're working with this kind of sensitive information. Better to be well prepared than sorry!user1228
I use rot13 twice for extra protection! :DGavin Miller
@Will Some databases do store passwords to other's systems, case in point gmail's pop3 fetching service. I'd say do the decryption as late as possible and encryption as early as possible. Database is not safe place to have data decrypted at some time.Pasi Savolainen

1 Answers

1
votes

Whether it's a good idea or not, what about a stored procedure with output parameter to achieve the same as a udf?