0

I have an encrypted database, I am encrypting it using this StringCipher done by CraigTP on this post.

However when I try to search my database I am unable to search using Decrypted values, Since every value i encrypt is different, encrypting the search value and trying to match it to the database is useless. Now I'm decrypting the list and trying to match the search value to this decrypted list, but I still can't get results to appear. However If I search for the encrypted value grabbed directly from the DB I do get the results. I've tried everything I can think of and I'm out of ideas.

Here is my index method: 

public ViewResult Index(string sortOrder, string searchString)
        {
            ViewBag.CurrentSort = sortOrder;
            ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "Username" : "";


            ViewBag.CurrentSort = sortOrder;

            var Users = from s in db.Users
                           select s;
            foreach(User element in Users)
            {

                element.Username = StringCipher.Decrypt(element.Username.ToString());
                element.Password = StringCipher.Decrypt(element.Password.ToString());

            }

            if (!String.IsNullOrEmpty(searchString))
            {

                Users = Users.Where(s => s.Username.Contains(searchString));
            }
            switch (sortOrder)
            {
                case "Username":
                    Users = Users.OrderByDescending(s => s.Username);
                    break;
            }

            return View(Users.ToList());
        }

And here is my Index view:

    @model IEnumerable<EncryptTest.Models.User>

@{
    ViewBag.Title = "Index";
}

<h2>Index</h2>

<p>
    @Html.ActionLink("Create New", "Create")
</p>

@using (Html.BeginForm())
{
    <p>
        Find by name: @Html.TextBox("SearchString")  
        <input type="submit" value="Search" /></p>
}

<table class="table">
    <tr>
        <th>
            @Html.ActionLink("Username", "Index", new { sortOrder = ViewBag.NameSortParm })
        </th>
        <th>
            Password
        </th>
        <th></th>
    </tr>

    @foreach (var item in Model)
    {

        <tr>
            <td>
                @Html.DisplayFor(modelItem => item.Username)
            </td>
            <td>
                @Html.DisplayFor(modelItem => item.Password)
            </td>
            <td>
                @Html.ActionLink("Edit", "Edit", new { id = item.ID_User}) |
                @Html.ActionLink("Details", "Details", new { id = item.ID_User }) |
                @Html.ActionLink("Delete", "Delete", new { id = item.ID_User })
            </td>
        </tr>
    }

</table>
Twhite1195
  • 351
  • 6
  • 17
  • 1
    For security reasons most (all) encryption functions give a different encrypted value every time you encrypt the same string (https://security.stackexchange.com/questions/55202/doesnt-the-same-string-encrypted-with-the-same-key-generate-the-same-encrypted). If you need to search for encrypted data then you need to find encryption functions that do not do it (this weakens encryptions strength) or, better still, use built in SQL encryption e.g. [TDE](https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-2017). – Alex Apr 11 '19 at 22:24
  • [Always Encrypted](https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-2017) is also worth taking a look at. There is no need to encrypt usernames and passwords are usually hashed, rather than encrypted (https://www.securityinnovationeurope.com/blog/page/whats-the-difference-between-hashing-and-encrypting) – Alex Apr 11 '19 at 22:28

0 Answers0