Persits Software, Inc. Web Site
Main Menu:  Home |  News |  Manual |  Tasks |  Object Reference |  Crypto 101 |  FAQ |  Download & Buy |  Clients |  Live Demo |  Contact
 Navigator:  Home |  Tasks |  Encrypt Credit Card Info with a Random Key
Implement Secure File Uploading and Downloading Encrypt/Decrypt Files and Messages
  Encrypt Credit Card Info with a Random Key
The encryption technique discussed in this section is perfect for securing short text strings such as credit card numbers stored in the database. The idea behind this technique is to use a random, rather than password-derived, 128-bit symmetric key. For the sake of simplicity, the encryption key itself will be stored unencrypted. We will store it in a "secret" location of the system registry which provides a reasonable degree of security to the entire system.

There are three code components in our system:

  • Key generation and storage.
  • Credit card encryption.
  • Credit card decryption.
  Generating and Storing the Random Key
The following code snippet creates a 128-bit RC2 encryption key and stores it in the registry unencrypted. Notice that we use the "Exponent 1" public key (see previous section) to obtain the unencrypted key blob. To use the Exponent 1 key without any concurrency problems, you must use Version 2.1 or higher of AspEncrypt to take advantage of the "containerless" mode of operation. This mode is invoked by passing an empty string to the OpenContext method.

Notice also that we are creating a backup copy of our key in a file. You should take this precaution in case your server crashes and the registry information is lost, or you will never be able to decrypt your secure data.

You must use the Enhanced Cryptographic provider for this code to work as we are generating a 128-bit key. If you only have the Base Provider, change the key length from 128 to 40.

<!--METADATA TYPE="TypeLib" UUID="{B72DF063-28A4-11D3-BF19-009027438003}"-->

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
Set Context = CM.OpenContext("", True)
' we must use containerless mode
Set key = Context.GenerateKey(calgRC2, 128)
Set Exp1Key = Context.CreateExponentOneKey
Set Blob = key.ExportToBlob( Exp1Key, cbtSimpleBlob )

' to avoid the Access Denied error
CM.LogonUser "domain", "administrator", "xxxx"

' key HKEY_LOCAL_MACHINE\Software\XYZ\AspEncrypt, value "MySecretLocation"
Blob.DumpToRegistry &H80000002, "Software\XYZ\AspEncrypt", "MySecretLocation"

' Create a file backup
Blob.DumpToFile "d:\path\creditcard.key"
%>

  Encrypting a Credit Card Number

Once a random key is generated and placed into the registry and a backup file, we can proceed to the encryption phase. The code below retrieves the key from the registry, uses it to encrypt a text string and saves the encrypted value in the database. Here we are using the Base64 format to store the encrypted blob in a text field of the database table. We could also use the Hex or Binary formats.

<!--METADATA TYPE="TypeLib" UUID="{B72DF063-28A4-11D3-BF19-009027438003}"-->

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
Set Context = CM.OpenContext("", True)
' we must use containerless mode
Set Exp1Key = Context.CreateExponentOneKey
Set Blob = CM.CreateBlob

' to avoid the Access Denied error
CM.LogonUser "domain", "administrator", "xxxx"

' Retrieve key from registry
Blob.LoadFromRegistry &H80000002, "Software\XYZ\AspEncrypt", "MySecretLocation"
Set Key = Context.ImportKeyFromBlob( Exp1Key, Blob, cbtSimpleBlob )

' Encrypt text data
Set EncryptedBlob = Key.EncryptText("1245-4354-3242-8654")

' Save it in the database in Base64 format
set rs = Server.CreateObject("adodb.recordset")
rs.Open "BlobTest", "dsn=crypto;uID=sa;PWD=;", 2, 3
rs.AddNew
rs("CCNumber").Value = EncryptedBlob.Base64
rs.Update
%>

  Decrypting Credit Card Numbers

The corresponding decryption code is very similar to the encryption code. Here, again, we retrieve the key from the registry, apply it to all encrypted values in the database and print out the decrypted results.

<!--METADATA TYPE="TypeLib" UUID="{B72DF063-28A4-11D3-BF19-009027438003}"-->

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
Set Context = CM.OpenContext("", True)
' we must use containerless mode
Set Exp1Key = Context.CreateExponentOneKey
Set Blob = CM.CreateBlob

' to avoid the Access Denied error
CM.LogonUser "domain", "administrator", "xxxx"

Blob.LoadFromRegistry &H80000002, "Software\XYZ\AspEncrypt", "MySecretLocation"
Set Key = Context.ImportKeyFromBlob( Exp1Key, Blob, cbtSimpleBlob )

' Decrypt all values
Set EncryptedBlob = CM.CreateBlob
set rs = Server.CreateObject("adodb.recordset")
rs.Open "BlobTest", "dsn=crypto;uID=sa;PWD=;", 2, 3
while Not rs.EOF
   EncryptedBlob.Base64 = rs("CCNumber").Value
   CCNumber = Key.DecryptText( EncryptedBlob )
   Response.Write CCNumber & "<BR>"
   rs.MoveNext
Wend
%>

Encrypt/Decrypt Files and Messages Implement Secure File Uploading and Downloading

Search this Site
  This site is owned and maintained by Persits Software, Inc. Copyright © 2000 - 2010. All Rights Reserved.