General Requirement

It is a common scenario wherein we would like to secure certain columns or feilds in the database that contains sensitive information. Implementing security needs proper planning and implementation of security logics and recommended steps at various stages or components within the program. It also comes with extra burden on program performance due to extra manipulation during application run-time.

We therefore work to identify certain information pieces (in the entire program suite) that need to be secured and protected from any mis-use. Information to be secured changes from program to program. An example of such sensitive information is a column or field in the database that stores user password. There are multiple security methods available in the industry today. In this article we shall discuss the simplest way to encrypt and decrypt information strings using C# in ASP.NET platform, and shall engange to encrypt and store password, along with decryption and usage of the same.

Data field Encryption

The very first thing we need to do is to create and implement two methods in the controller. First one is to take information as input, Encrypt it and return the encrypted information as output.

We implemented following method to achieve the result: -

public static string EncryptMyInfo(string myInfo)
   {
       try
       {
           byte[] encData_byte = new byte[myInfo.Length];
           encData_byte = System.Text.Encoding.UTF8.GetBytes(myInfo);
           string encryptedData = Convert.ToBase64String(encData_byte);
           return encryptedData;
       }
       catch (Exception ex)
       {
           throw new Exception("Error in base64Encode" + ex.Message);
       }
   }

Data field Decryption

Secondly, we'd need a method to decrypt the supplied encrypted information and return back the result string as decrypted information, so that it could be used at run-time.

public string DecryptMyInfo(string encodedInfo)
    {
        System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
        System.Text.Decoder utf8Decode = encoder.GetDecoder();
        byte[] todecode_byte = Convert.FromBase64String(encodedInfo);
        int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
        char[] decoded_chars = new char[charCount];
        utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_chars, 0);
        string decryptedData = new String(decoded_chars);
        return decryptedData;
    }

Usage of methods in Controller

Most probabily you'd have action methods like a User-Creation method in your program where you would want to get information from the user, withinn this, call EncryptMyInfo() method and further proceed to store it into the database column along with other un-encrypted columns.

Next, within a method like Login, just get the information from the user, fetch corresponding information from database encrypted column, decrypt it and compare the two in run-time.

The advantage of this approach is that none on the database side would be able to read encrypted information in the column.

Encrypting an existing Column information in database

It is extremely important to have the database backup in place even before thinking of applying any changes to the running program. You should be able to restore original database information in case anything goes wrong.

After taking a proper downtime for your program, you'd probably start implementing a loop in the program wherein you'd read value from the targetted column, encrypt it and store it back, before proceeding to the next value in column. You are anyways the best person to achieve the desired result(s).