Encrypting Data With the SQL Server Encrypt Function

EncryptingDataWiththeSQLServerEncryptFunction

AcommonquestionI'maskedbyclientsishowtoencryptdataandstoreitinSQLServer.OneofthemajorproblemsIseeinthefieldiswhenpeoplestoresensitivedataunencryptedintoSQLServer.Forexample,ifapasswordisstoredunencryptedintoSQLServer,amalitioususercouldeasilyreadallofthepasswordswithasimpleselectstatement.YoucandevelopyourownCOMmechanismstoencryptthepasswordbutinthisarticle,we'lldiscussamethodthatisbuildintoSQLServer.

SinceSQLServer6.x,youcanusetheENCRYPTfunctiontoencryptdatawiththesamemethodusedbytheWITHENCRYPTIONkeyword.There'saratherlargeproblemthatIwilldiscussaftertheexample.TousetheENCRYPTfunction,useitbeforethestringvalueasshownbelow:

SELECTENCRYPT('TestPW1')

Willoutputthefollowingresult:

------------------------------

0x5400650073007400500057003100

(1row(s)affected)

Let'sgoaheadandcreateasampletableandtryoutthisfunction.Createthefollowingusertableandloadthesampledatabelow:

CREATETABLEUsers(

UserIDVarchar(10),

UserPWVarchar(20))

INSERTINTOUSERSvalues('TestUser1',ENCRYPT('TestPW1'))

INSERTINTOUSERSvalues('TestUser2',ENCRYPT('TestPW2'))

INSERTINTOUSERSvalues('TestUser3',ENCRYPT('TestPW3'))

INSERTINTOUSERSvalues('TestUser4',ENCRYPT('TestPW4'))

Ifyounowselectthedataitwillappearencrypted.NoticeifyourunaSELECTENCRYPT('TestPW1')thatthedatathatyouseedifferentthatwhatappearswhenyouselectoutoftheUserstableafteryouinsertthevalue.ThealgorithmthatSQLServerusestoencryptthedataisrelativilyeasyandiscasesensitiveuntilit'sstoredintoatable.Atthatpointitbecomesverydifficulttoread.

Datastoredinanencryptedcolumncanbeusedtostorepasswords.Onceencrypted,youcan'tdirectlyunencryptthedata.Youcouldonlyperformchecksagainstitasshownbelow:

SELECT*fromUserswhereUserID='TestUser2'

andUserPW=ENCRYPT('TestPW2')

Keepinmindthattheabovecommandiscasesensitive.Ifyouwantthistobecase-insensitive,itisbesttostoreallthedatainuppercasebyusingtheUPPERfunction.TheUPPERfunctionwillhavetobeusedintheinsertstatementaswellastheselectstatementthatwe'vementioned.Forexample,theinsertstatementwouldlooklikethis:

INSERTINTOUSERSvalues('TestUser1',ENCRYPT(UPPER('TestPW1')))

SELECT*fromUserswhereUserID='TestUser2'

andUserPW=ENCRYPT(UPPER('TestPW2'))

Anothernotetomentionisthatlikeanynicelyencrypteddata,thedatamayappearonelengthwhenviewingit,butisactuallystoredatadifferentlength.

UserIDUserPW

------------------------------

TestUser1T

TestUser2T

TestUser3T

TestUser4T

(4row(s)affected)

ButinactualityifweselectthelengthofthefieldbyusingtheLENfunction,wecanseethetruelength.

useridLength

---------------------

TestUser114

TestUser214

TestUser314

TestUser414

(4row(s)affected)

Withthatpointmade,makesurethatthelengthofyourcolumnrepresentstheencryptedlength,nottheunencryptedlenth.Now,forthelargecaveatthatImentionedearlier.ThisstoredprocedureisunsupportedbyMicrososftandtheycouldeasilychangeitorripitout.AgoodexampleofthisfunctionchangingwasbetweenSQLServer6.5and7.0.Anothercommonquestionisdecryption.Obiously,MicrosoftdoesnotmakethiseasyandstringscanonlybeeasilydecryptedusingthecomparisontechniqueIshowedearlier.Ifyoudon'tusethismethodtoencryptyourpasswords,thereareothermethodsthataremuchbetter.Thesemethodsaremuchmorerobustandsecurethanwhatwediscussed.Forexample,LesSmithhas2articlesthatshowyouhowtouseJavaorCOMtoencryptpasswordsat:http://www.sqlservercentral.com/columnists/lsmith/usingjavatoencryptpasswords.asp.Ifyou'reseriousaboutencryptionofyourdata,theencryptfunctionisnotthewaytogo.Instead,useoneoftheothercustommethodsthatLesSmithmentionsinhisarticles.Thesetypesofmethodsofencryptionwillnotchangefromreleasetoreleasebutrequireslightlymorework.