Decrypt the encrypted value from database

Question

I want to save an encrypted value in the database and while getting the value from database I want to decrypt and show the value in the UI. Here is the code I used

private string Decryptdata(string encryptpwd)
{
    string decryptpwd = string.Empty;
    UTF8Encoding encodepwd = new UTF8Encoding();
    Decoder Decode = encodepwd.GetDecoder();
    encryptpwd = encryptpwd.Replace(" ", "+");
    byte[] todecode_byte = Convert.FromBase64String(encryptpwd);
    int charCount = Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
    char[] decoded_char = new char[charCount];
    Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
    decryptpwd = new String(decoded_char);
    return decryptpwd;
}

But I'm getting error as Invalid length for a Base-64 char array. I'm using c#.net

encrypt function:

Encryptdata(string password) { 
       string strmsg = string.Empty; 
       byte[] encode = new byte[password.Length]; 
       encode = Encoding.UTF8.GetBytes(password); 
       strmsg = Convert.ToBase64String(encode); 
       return strmsg; 
}

private string Encryptdata(string password) { string strmsg = string.Empty; byte[] encode = new byte[password.Length]; encode = Encoding.UTF8.GetBytes(password); strmsg = Convert.ToBase64String(encode); return strmsg; } — user2235775, Apr 17 '13 at 10:21
If I use those two function sright after eachother, it works fine. So somewhere else something is going wrong. Is this just to check a password? It's not very safe way to handle this. You should encrypt the password into database and then when user logs on, take the typed password, encrypt it and then check against encrypted value in database `string password = tbPassWord.Text; string encrypted = Encryptdata(password); if (encrypted != databasevalue) { //invalid username or pass }` — Yeronimo, Apr 17 '13 at 10:26
I want to save a value to the database in an encrypted form.It's not password. I want to get the value from database in decrypted form. — user2235775, Apr 17 '13 at 10:30
this isn't encrypting, this is encoding. This is not even remotely secure... — Liam, Apr 17 '13 at 10:30
try this http://stackoverflow.com/questions/12416249/hashing-a-string-with-sha256, **note**: *this is one way hashing not encryption* which you probably want to google. — Liam, Apr 17 '13 at 10:33

Sam Jenkins · Answer 1 · 2013-04-17T15:01:59.023

If you are storing passwords in a database unless you have a really good reason for needing to be able to get the plain text you should be hashing your passwords rather than storing them encrypted or in plain text.

The difference between encryption and hashing is that encryption you can retrieve the plain text from where as hashing you cannot. When you store passwords you should be taking the password that the user has supplied and hashing it (ideally with a salt), then when the user tries to login next time using the password, you again hash it and then compare the stored hash against the one you just generated, if they match then they are the same.

I have written about this here (Password storage, how to do it right) with a fuller explanation.

I have a few hashing functions available on my website with code (in VB.NET but they are easily moved to C#), probably the best would be to use SHA512 (Calculate the SHA512 hash of string or file).

If you're still not sure about hashing etc. please feel free to say what you don't understand and I'll try to help :)

Decrypt the encrypted value from database

1 Answers1