0

We have aes-256 encryption for some data in one of the tables and we are migrating this to sql server. The problem is that we cannot decrypt the data in sql server due to incompatibility. Is there any way we can encrypt data in MYSQL in a way which is compatible with sql server aswell. Any advise ?

Lamp Consultants
  • 1
  • 1
  • Then you must decrypt it in MySQL, move it and re-encrypt it in a way compatible with SQLServer – RiggsFolly Oct 27 '17 at 23:25
  • Well that is not an answer i am looking for @RiggsFolly. Data is sensitive and cant be send un-encrypted on the fly. – Lamp Consultants Oct 28 '17 at 12:11
  • I know its not an answer, thats why I put it in a comment – RiggsFolly Oct 28 '17 at 13:02
  • It might be useful if you told us a little more about what these incompatibilities are. Then maybe we could be of more use to you. – RiggsFolly Oct 28 '17 at 13:04
  • In MYSQL we have data encrypted using encryption_mode = 'aes-256-cbc'; Now we transfer data to sql server and then decrypt it there but it is not compaitable to sql server so do not decrypt. I am searching for the way that how to encrypt the data in MYSQL that when loaded into sql server can be decrypted via sql statement and providing the required key. – Lamp Consultants Oct 28 '17 at 13:10
  • Ok so have you found an encryption scheme that is comparable between MySQL and SQLServer – RiggsFolly Oct 28 '17 at 13:22
  • no, i haven't found anything. Perhaps need to develop some kind of data masking instead – Lamp Consultants Oct 28 '17 at 16:37

1 Answers1

0

if you know the secretkey then you can decrypt the data see following code for encryption and decryption of AES-256 . the code is written in JAVA check this link AES-256 Password Based Encryption/Decryption in Java

import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

public class EncryptionDecryption {

    private static String salt;
    private static int iterations = 65536  ;
    private static int keySize = 256;
    private static byte[] ivBytes;

    private static SecretKey secretKey;

    public static void main(String []args) throws Exception {

        salt = getSalt();

        char[] message = "PasswordToEncrypt".toCharArray();
        System.out.println("Message: " + String.valueOf(message));
        System.out.println("Encrypted: " + encrypt(message));
        System.out.println("Decrypted: " + decrypt(encrypt(message).toCharArray()));
    }

    public static String encrypt(char[] plaintext) throws Exception {
        byte[] saltBytes = salt.getBytes();

        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        PBEKeySpec spec = new PBEKeySpec(plaintext, saltBytes, iterations, keySize);
        secretKey = skf.generateSecret(spec);
        SecretKeySpec secretSpec = new SecretKeySpec(secretKey.getEncoded(), "AES");

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, secretSpec);
        AlgorithmParameters params = cipher.getParameters();
        ivBytes = params.getParameterSpec(IvParameterSpec.class).getIV();
        byte[] encryptedTextBytes = cipher.doFinal(String.valueOf(plaintext).getBytes("UTF-8"));

        return DatatypeConverter.printBase64Binary(encryptedTextBytes);
    }

    public static String decrypt(char[] encryptedText) throws Exception {

        System.out.println(encryptedText);

        byte[] encryptedTextBytes = DatatypeConverter.parseBase64Binary(new String(encryptedText));
        SecretKeySpec secretSpec = new SecretKeySpec(secretKey.getEncoded(), "AES");

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, secretSpec, new IvParameterSpec(ivBytes));

        byte[] decryptedTextBytes = null;

        try {
            decryptedTextBytes = cipher.doFinal(encryptedTextBytes);
        }   catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        }   catch (BadPaddingException e) {
            e.printStackTrace();
        }

        return new String(decryptedTextBytes);

    }

    public static String getSalt() throws Exception {

        SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
        byte[] salt = new byte[20];
        sr.nextBytes(salt);
        return new String(salt);
    }
}
Omar Sohel
  • 164
  • 4
  • The data in the MYSQL table is encrypted using aes-256. When we move this data to sql server we cannot decrypt it as this method is not supported in sql server. – Lamp Consultants Oct 27 '17 at 22:50