Click here to Skip to main content
14,493,287 members
Rate this:
Please Sign up or sign in to vote.
See more:
How to encrypt and decrypt password using VB.Net and store it to sql server database?
Posted
Updated 1-Feb-11 1:04am
v2
Rate this:
Please Sign up or sign in to vote.

Solution 1

You should store it in its encrypted form, and when the user enters his password, you should encrypt it, and compare it with the version in the database. Here's some encryption code. Converting it to VB shouldn't be an issue - if you want to do it fast, use one of the free online converters. Of course, you could just put this code into a C# assembly, and use it as is:

using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;

namespace Paddedwall.CryptoLib
{
	/// <summary>
	/// basic Encrption/decryption functionaility
	/// </summary>
	public class Crypto
	{
		#region enums, constants & fields
		//types of symmetric encyption
		public enum CryptoTypes
		{
			encTypeDES = 0,
			encTypeRC2,
			encTypeRijndael,
			encTypeTripleDES
		}

        private const string CRYPT_DEFAULT_PASSWORD = "CB06cfE507a1";
		private const CryptoTypes CRYPT_DEFAULT_METHOD = CryptoTypes.encTypeRijndael;

		private byte[] mKey = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24};
		private byte[] mIV = {65, 110, 68, 26, 69, 178, 200, 219};
		private byte[] SaltByteArray  = {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76};
		private CryptoTypes mCryptoType = CRYPT_DEFAULT_METHOD;
		private string mPassword = CRYPT_DEFAULT_PASSWORD;
		#endregion

		#region Constructors

		public Crypto()
		{
			calculateNewKeyAndIV();
		}

		public Crypto(CryptoTypes CryptoType)
		{
			this.CryptoType = CryptoType;
		}
		#endregion

		#region Props

		/// <summary>
		///		type of encryption / decryption used
		/// </summary>
		public CryptoTypes CryptoType
		{
			get 
			{
				return mCryptoType;
			}
			set
			{
				if (mCryptoType != value) 
				{
					mCryptoType = value;
					calculateNewKeyAndIV();
				}
			}
		}

		/// <summary>
		///		Passsword Key Property.
		///		The password key used when encrypting / decrypting
		/// </summary>
		public string Password
		{
			get 
			{
				return mPassword;
			}
			set 
			{	
				if (mPassword != value)
				{
					mPassword = value;
					calculateNewKeyAndIV();
				}
			}
		}
		#endregion

		#region Encryption

		/// <summary>
		///		Encrypt a string
		/// </summary>
		/// <param name="inputText">text to encrypt</param>
		/// <returns>an encrypted string</returns>
		public string Encrypt(string inputText)
		{
			//declare a new encoder
			UTF8Encoding UTF8Encoder = new UTF8Encoding();
			//get byte representation of string
			byte[] inputBytes = UTF8Encoder.GetBytes(inputText);
			
			//convert back to a string
			return Convert.ToBase64String(EncryptDecrypt(inputBytes,true));
		}

		/// <summary>
		///		Encrypt string with user defined password
		/// </summary>
		/// <param name="inputText">text to encrypt</param>
		/// <param name="password">password to use when encrypting</param>
		/// <returns>an encrypted string</returns>
		public string Encrypt(string inputText, string password)
		{
			this.Password = password;
			return this.Encrypt(inputText);
		}

		/// <summary>
		///		Encrypt string acc. to cryptoType and with user defined password
		/// </summary>
		/// <param name="inputText">text to encrypt</param>
		/// <param name="password">password to use when encrypting</param>
		/// <param name="cryptoType">type of encryption</param>
		/// <returns>an encrypted string</returns>
		public string Encrypt(string inputText, string password, CryptoTypes cryptoType)
		{
			mCryptoType = cryptoType;
			return this.Encrypt(inputText,password);
		}
		
		/// <summary>
		///		Encrypt string acc. to cryptoType
		/// </summary>
		/// <param name="inputText">text to encrypt</param>
		/// <param name="cryptoType">type of encryption</param>
		/// <returns>an encrypted string</returns>
		public string Encrypt(string inputText, CryptoTypes cryptoType)
		{
			this.CryptoType = cryptoType;
			return this.Encrypt(inputText);
		}

		#endregion

		#region Decryption

		/// <summary>
		///		decrypts a string
		/// </summary>
		/// <param name="inputText">string to decrypt</param>
		/// <returns>a decrypted string</returns>
		public string Decrypt(string inputText)
		{	
			//declare a new encoder
			UTF8Encoding UTF8Encoder = new UTF8Encoding();
			//get byte representation of string
			byte[] inputBytes = Convert.FromBase64String(inputText);

			//convert back to a string
			return UTF8Encoder.GetString(EncryptDecrypt(inputBytes,false));
		}

		/// <summary>
		///		decrypts a string using a user defined password key
		/// </summary>
		/// <param name="inputText">string to decrypt</param>
		/// <param name="password">password to use when decrypting</param>
		/// <returns>a decrypted string</returns>
		public string Decrypt(string inputText, string password)
		{
			this.Password = password;
			return Decrypt(inputText);
		}

		/// <summary>
		///		decrypts a string acc. to decryption type and user defined password key
		/// </summary>
		/// <param name="inputText">string to decrypt</param>
		/// <param name="password">password key used to decrypt</param>
		/// <param name="cryptoType">type of decryption</param>
		/// <returns>a decrypted string</returns>
		public string Decrypt(string inputText, string password, CryptoTypes cryptoType)
		{
			mCryptoType = cryptoType;
			return Decrypt(inputText,password);
		}

		/// <summary>
		///		decrypts a string acc. to the decryption type
		/// </summary>
		/// <param name="inputText">string to decrypt</param>
		/// <param name="cryptoType">type of decryption</param>
		/// <returns>a decrypted string</returns>
		public string Decrypt(string inputText, CryptoTypes cryptoType)
		{
			this.CryptoType = cryptoType;
			return Decrypt(inputText);
		}
		#endregion

		#region Symmetric Engine

		/// <summary>
		///		performs the actual enc/dec.
		/// </summary>
		/// <param name="inputBytes">input byte array</param>
		/// <param name="Encrpyt">wheather or not to perform enc/dec</param>
		/// <returns>byte array output</returns>
		private byte[] EncryptDecrypt(byte[] inputBytes, bool Encrpyt)
		{
			//get the correct transform
			ICryptoTransform transform = getCryptoTransform(Encrpyt);

			//memory stream for output
			MemoryStream memStream = new MemoryStream();	

			try 
			{
				//setup the cryption - output written to memstream
				CryptoStream cryptStream = new CryptoStream(memStream,transform,CryptoStreamMode.Write);

				//write data to cryption engine
				cryptStream.Write(inputBytes,0,inputBytes.Length);

				//we are finished
				cryptStream.FlushFinalBlock();
				
				//get result
				byte[] output = memStream.ToArray();

				//finished with engine, so close the stream
				cryptStream.Close();

				return output;
			}
			catch (Exception e) 
			{
				//throw an error
				throw new Exception("Error in symmetric engine. Error : " + e.Message,e);
			}
		}

		/// <summary>
		///		returns the symmetric engine and creates the encyptor/decryptor
		/// </summary>
		/// <param name="encrypt">whether to return a encrpytor or decryptor</param>
		/// <returns>ICryptoTransform</returns>
		private ICryptoTransform getCryptoTransform(bool encrypt)
		{
			SymmetricAlgorithm SA = selectAlgorithm();
			SA.Key = mKey;
			SA.IV = mIV;
			if (encrypt) 
			{
				return SA.CreateEncryptor();
			}else 
			{
				return SA.CreateDecryptor();
			}
		}
		/// <summary>
		///		returns the specific symmetric algorithm acc. to the cryptotype
		/// </summary>
		/// <returns>SymmetricAlgorithm</returns>
		private SymmetricAlgorithm selectAlgorithm()
		{
			SymmetricAlgorithm SA;
			switch (mCryptoType)
			{
				case CryptoTypes.encTypeDES:
					SA = DES.Create();
					break;
				case CryptoTypes.encTypeRC2:
					SA = RC2.Create();
					break;
				case CryptoTypes.encTypeRijndael:
					SA = Rijndael.Create();
					break;
				case CryptoTypes.encTypeTripleDES:
					SA = TripleDES.Create();
					break;
				default:
					SA = TripleDES.Create();
					break;
			}
			return SA;
		}

		/// <summary>
		///		calculates the key and IV acc. to the symmetric method from the password
		///		key and IV size dependant on symmetric method
		/// </summary>
		private void calculateNewKeyAndIV()
		{
			//use salt so that key cannot be found with dictionary attack
			PasswordDeriveBytes pdb = new PasswordDeriveBytes(mPassword,SaltByteArray);
			SymmetricAlgorithm algo = selectAlgorithm();
			mKey = pdb.GetBytes(algo.KeySize / 8);
			mIV = pdb.GetBytes(algo.BlockSize / 8);
		}

		#endregion
	}

	/// <summary>
	/// Hashing class. Only static members so no need to create an instance
	/// </summary>
	public class Hashing
	{
		#region enum, constants and fields
		//types of hashing available
		public enum HashingTypes
		{
			SHA, SHA256, SHA384, SHA512, MD5
		}
		#endregion

		#region static members
		public static string Hash(String inputText)
		{
			return ComputeHash(inputText,HashingTypes.MD5);
		}
		
		public static string Hash(String inputText, HashingTypes hashingType)
		{
			return ComputeHash(inputText,hashingType);
		}

		/// <summary>
		///		returns true if the input text is equal to hashed text
		/// </summary>
		/// <param name="inputText">unhashed text to test</param>
		/// <param name="hashText">already hashed text</param>
		/// <returns>boolean true or false</returns>
		public static bool isHashEqual(string inputText, string hashText)
		{
			return (Hash(inputText) == hashText);
		}

		public static bool isHashEqual(string inputText, string hashText, HashingTypes hashingType)
		{
			return (Hash(inputText,hashingType) == hashText);
		}
		#endregion

		#region Hashing Engine

		/// <summary>
		///		computes the hash code and converts it to string
		/// </summary>
		/// <param name="inputText">input text to be hashed</param>
		/// <param name="hashingType">type of hashing to use</param>
		/// <returns>hashed string</returns>
		private static string ComputeHash(string inputText, HashingTypes hashingType)
		{
			HashAlgorithm HA = getHashAlgorithm(hashingType);

			//declare a new encoder
			UTF8Encoding UTF8Encoder = new UTF8Encoding();
			//get byte representation of input text
			byte[] inputBytes = UTF8Encoder.GetBytes(inputText);
			
			
			//hash the input byte array
			byte[] output = HA.ComputeHash(inputBytes);

			//convert output byte array to a string
			return Convert.ToBase64String(output);
		}

		/// <summary>
		///		returns the specific hashing alorithm
		/// </summary>
		/// <param name="hashingType">type of hashing to use</param>
		/// <returns>HashAlgorithm</returns>
		private static HashAlgorithm getHashAlgorithm(HashingTypes hashingType)
		{
			switch (hashingType)
			{
				case HashingTypes.MD5 :
					return new MD5CryptoServiceProvider();
				case HashingTypes.SHA :
					return new SHA1CryptoServiceProvider();
				case HashingTypes.SHA256 :
					return new SHA256Managed();
				case HashingTypes.SHA384 :
					return new SHA384Managed();
				case HashingTypes.SHA512 :
					return new SHA512Managed();
				default :
					return new MD5CryptoServiceProvider();
			}
		}
		#endregion

	}

    //public class testCrypt
    //{
    //    public void testEncryption()
    //    {
    //        string input = "Thi$ is @ str!&n to tEst encrypti0n!";
    //        Crypto c = new Crypto(Utils.Crypto.CryptoTypes.encTypeTripleDES);
    //        string s1 = c.Encrypt(input);
    //        string s2 = c.Decrypt(s1);
    //        Assert.IsTrue(s2 == input);

    //        s1 = Hashing.Hash(input);
    //        s2 = Hashing.Hash(input,Utils.Hashing.HashingTypes.MD5);
    //        Assert.IsTrue(s1 == s2);
    //        Assert.IsTrue( Hashing.isHashEqual(input,s1));

    //        s1 = Hashing.Hash(input,Utils.Hashing.HashingTypes.SHA512);
    //    }
    //}
}
   
Comments
   
My 5. Most essential point is comparison only encrypted forms, many are confused.
--SA
Rate this:
Please Sign up or sign in to vote.

Solution 2

I searched the exact title in Google[^]

Imports System.IO
Imports System.Text
Imports System.Security.Cryptography

Public Class Crypto

    Private Shared DES As New TripleDESCryptoServiceProvider
    Private Shared MD5 As New MD5CryptoServiceProvider

    Public Shared Function MD5Hash(ByVal value As String) As Byte()
        Return MD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(value))
    End Function

    Public Shared Function Encrypt(ByVal stringToEncrypt As String, ByVal key As String) As String
        DES.Key = Crypto.MD5Hash(key)
        DES.Mode = CipherMode.ECB
        Dim Buffer As Byte() = ASCIIEncoding.ASCII.GetBytes(stringToEncrypt)
        Return Convert.ToBase64String(DES.CreateEncryptor().TransformFinalBlock(Buffer, 0, Buffer.Length))
    End Function

    Public Shared Function Decrypt(ByVal encryptedString As String, ByVal key As String) As String
        Try
            DES.Key = Crypto.MD5Hash(key)
            DES.Mode = CipherMode.ECB
            Dim Buffer As Byte() = Convert.FromBase64String(encryptedString)
            Return ASCIIEncoding.ASCII.GetString(DES.CreateDecryptor().TransformFinalBlock(Buffer, 0, Buffer.Length))
        Catch ex As Exception
            MessageBox.Show("Invalid Key", "Decryption Failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
        End Try
    End Function

End Class


You can use any key.
   
Rate this:
Please Sign up or sign in to vote.

Solution 5

Use these two function for encryption & decryption of a value and then save in database.


Public Function base64Encode(sData As String) As String
Try
Dim encData_byte As Byte() = New Byte(sData.Length - 1) {}

encData_byte = System.Text.Encoding.UTF8.GetBytes(sData)

Dim encodedData As String = Convert.ToBase64String(encData_byte)


Return encodedData
Catch ex As Exception
Throw New Exception("Error in base64Encode" + ex.Message)
End Try
End Function
'Method To Decode Password

Public Function base64Decode(sData As String) As String

Dim encoder As New System.Text.UTF8Encoding()

Dim utf8Decode As System.Text.Decoder = encoder.GetDecoder()

Dim todecode_byte As Byte() = Convert.FromBase64String(sData)

Dim charCount As Integer = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length)

Dim decoded_char As Char() = New Char(charCount - 1) {}

utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0)

Dim result As String = New [String](decoded_char)

Return result

End Function
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100