Decrypt a field from SQL Server via VB.NET and display in DataGridView

Question

I am trying to decrypt two string fields that were encrypted upon insertion into the database.

They are simply name fields, so no, I won't be checking against a hashed password to ensure validity. I actually need to see the names.

The decryption method I am trying to use is from Microsoft ( http://msdn.microsoft.com/en-us/library/ms172831.aspx ) and works perfectly.

Say the user is searching for someone by first name or last name. How do I use the function to return plain text in the GridView?

See below:

    SearchFirsttxt.Text = eFirst
    SearchLastTxt.Text = eLast

    If SearchFirsttxt.Text = "" Then
        SqlCommand.CommandText = "Select * FROM PARTICIPANT WHERE LAST_NM_TXT = '" & eLast & "';"
    ElseIf SearchLastTxt.Text = "" Then
        SqlCommand.CommandText = "Select * FROM PARTICIPANT WHERE FIRST_NM_TXT = '" & eFirst & "';"
    Else
        SqlCommand.CommandText = "Select * FROM PARTICIPANT WHERE FIRST_NM_TXT = '" & eFirst & "' and LAST_NM_TXT = '" & eLast & "';"
    End If
    'SQL Command returns rows where values in database and textboxes are equal

    dFirst = clsEncrypt.DecryptData(eFirst)
    dLast = clsEncrypt.DecryptData(eLast)
    SearchFirsttxt.Text = dFirst
    SearchLastTxt.Text = dLast

    Dim myAdapter As New SqlDataAdapter(SqlCommand) 'holds the data
    myAdapter.Fill(dt) 'datatable that is populated into the holder (DataAdapter)
    DataGridView1.DataSource = dt 'Assigns source of information to the gridview (DataTable)

    SQLConnection.Close() 'Closes Connection for security measures

Answer 1

It all depends on how you are retrieving the data from your DB.

If you're populating a collection of your class, I'd extend the class to have a property that decrypts the field. So if you're encrypted column is called Name, I'd create a read only property called NameDecrypted that runs your decryption routine on the encrypted Name property.

If you're executing SQL directly via something like a stored procecure, you could do it via a binding event on the grid. I'm not sure what grid product you're using but the one we use has an event that is fired when a cell is bound to the datasource. You could then decrypt the encrypted value that is in the grid.

Answer 2

Here's what I used, which is just modified code from: How do I Iterate Through DataTable and Decrypt a field?

For i As Integer = 0 To dt.Rows.Count - 1
        dt.Rows(i)("FIRST_NM_TXT") = clsEncrypt.DecryptData(dt.Rows(i)("FIRST_NM_TXT"))
        dt.Rows(i)("LAST_NM_TXT") = clsEncrypt.DecryptData(dt.Rows(i)("LAST_NM_TXT"))
Next

I assume the ("FIRST_NM_TXT") must be the Column name of the particular field you're wanting to loop through and decrypt. Edit: The format could also be dt.Rows(i)("Index") , not just ColumnName

Answer 3

For Each row As DataGridViewRow In DatagridView1.Rows
    DatagridView1.Rows(0).Cells(0).Value = Encrypt(row.Cells("Password").Value.ToString)
Next

Here is the code for Encrypt()

Public Function Encrypt(ByVal clearText As String) As String
    Dim EncryptionKey As String = "MAKV2SPBNI99212"
    Dim clearBytes As Byte() = Encoding.Unicode.GetBytes(clearText)
    Using encryptor As Aes = Aes.Create()
        Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, _
         &H65, &H64, &H76, &H65, &H64, &H65, _
         &H76})
        encryptor.Key = pdb.GetBytes(32)
        encryptor.IV = pdb.GetBytes(16)
        Using ms As New MemoryStream()
            Using cs As New CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write)
                cs.Write(clearBytes, 0, clearBytes.Length)
                cs.Close()
            End Using
            clearText = Convert.ToBase64String(ms.ToArray())
        End Using
    End Using
    Return clearText
End Function