Encrypt on CLR decrypt in SQL?

Hi folks,
I'm trying to encrypt a small token of data on my client c# application and have it decrypted by SQL on the server side, the problem is i cannot find articles on the subject. I don;t really want to get involved with certificates but base the system on a simple symmetric key that is shared by both parties.
I'm attempting to use the TRIPLE_DES algorithm on both sides and thus far have used the decryptbypassphrase on the server side with the data encrypted on the client side by .Net with no initialization vector setup.
If anyone can recommend any articles or have example (client and server side) code for this situation it would be greatly appreciated.
Many thanks in advance
Simon

I tried doing the exact same thing and so far didn't find a way of doing it. Even though both .net and sql server uses Triple DES algorithm I can not decrypt the string generated in .net from SQL Server.
I .net i use simple provider with a key and a vector. I assume the key corresponds to a passphrase in SQL Server, but unfortunetely I do not know what vector corresponds to.
.NET CODE
public static string Encrypt(string strPlainText)
string strKey16 = "123456789012345";
TripleDESCryptoServiceProvider crp = new TripleDESCryptoServiceProvider();
UnicodeEncoding uEncode = new UnicodeEncoding();
ASCIIEncoding aEncode = new ASCIIEncoding();
// Store plaintext as a byte array
byte[] bytPlainText = uEncode.GetBytes(strPlainText);
// Create a memory stream for holding encrypted text
MemoryStream stmCipherText = new MemoryStream();
// Private key
crp.Key = aEncode.GetBytes(strKey16.Substring(0, 16));
// Initialization vector is the encryption seed
crp.IV = aEncode.GetBytes(strKey16.Substring(8, 8));
// Create a crypto-writer to encrypt a bytearray into a stream
CryptoStream csEncrypted = new CryptoStream(stmCipherText, crp.CreateEncryptor(), CryptoStreamMode.Write);
csEncrypted.Write(bytPlainText, 0, bytPlainText.Length);
csEncrypted.FlushFinalBlock();
// Return result as a Base64 encoded string
return Convert.ToBase64String(stmCipherText.ToArray());
SQL 2005 CODE
DECLARE @cipherText varbinary(1000)
set @cipherText = CAST(N'4hRbT6QDk30DfyHbGyRqfA==' as varbinary(1000))
SELECT CAST(DecryptByPassphrase('WOhPorN5VIKZl$Eqcz4CR104O', @cipherText) AS nvarchar)
The SQL statement returns null.

Similar Messages

Is there a way to decrypt the SQL login-only encryption in the netmon trace or disable the SQL login-only encryption?

We know by default the SQL Server use the self-signed certificate to encrypt the SQL login information when building the connection, my question is if
there is a way to decrypt the SQL login-only encryption in the netmon trace or disable the SQL login-only encryption?
Please click the Mark as Answer button if a post solves your problem!

Not without login as admin. To avoid using credentials to login to SQL, use Windows Credentials instead.
jdweng

How to save encrypted mail in decrypted form?

This should not be so difficult on a Mac. Searching archives found a locked thread in 10.4 which was not properly resolved.
How to to save an encrypted email in decrypted form?
The wrong answer is to say, "You don't have to, only a certificate's ability to encrypt expires." As to why this is wrong, 1) I want to. And 2) Because the US Government in their infinite infallible wisdom deletes my prior certificate from CAC when issuing a new CAC. Can't copy certificates off a smart card.
So once the integrity of the email has been verified I want to strip the encryption off so it will be accessible in the future and accessible without having to dig for the CAC, have a smart card reader, and have the necessary software installed.
Using redirect shift-option-E to send the email back to myself only changed the certificate (to mine) but with the original From address so it was flagged as broken. All the while I thought I was forwarding it w/out encryption. And if thats not bad enough the original disappeared. The good news is a copy was left in my Send folder in the format desired, no encryption.

Once the cert expires, you will no longer be able to use it to encrypt or sign mail. However, you can still use it to decrypt messages that you have received. Just leave it in your keychain, and everything will continue to work without changes. If you look at your keychain, you will see it listed, but marked expired.
Likewise, other people that have the expired public key will be able to use that key to verify the signature or decrypt your messages; they will be notified as appropriate that the key has expired.
If you do not want to spend money on a new cert, you may be able to get a free one from Thawte, or perhaps use the one available from Apple. Enable encryption in iChat, which generates a .Mac cert for you. Once that process has completed, open Keychain Access, go to preferences, and set "Search .Mac for certificates" and restart mail. That should allow you to use the iChat certificate for mail.

Weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting Secret Key

Hi all,
I have one admin server 8 managed servers in cluster environment. I am using node
manager to start managed servers. I used the demo certificate and private key
file provided by BEA before getting my real certificate, but when I got the real
certificate the node manager can't no more. The error I am getting is this :
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
on command line options, try "java weblogic.nodemanager.NodeManager help">
<Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
Error decrypting Secret Key
     at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
     at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
     at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
     at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
     at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
     at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
--------------- nested within: ------------------
weblogic.security.internal.encryption.EncryptionServiceException - with nested
exception:
[weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
Secret Key]
     at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
     at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
     at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
     at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
     at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
here is the setting of node manager
# Set user-defined variables.
BEA_HOME="/opt/app/weblogic"
WL_HOME=${BEA_HOME}/weblogic700
NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
#Set NODEMANAGER variables
NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
NODEMANAGER_LISTENADDRESS="uxmwpr01"
NODEMANAGER_LISTENPORT="5501"
NODEMANAGER_REVERSEDNS="true"
NODEMANAGER_SSLVERIFICATION="true"
NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
NODEMANAGER_NATIVEIO="true"
${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
-Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
-Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
-Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
-Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
-Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
-Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
-Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
weblogic.nodemanager.NodeManager

"Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
Hi,
I am wondering if anyone has tried creating a domain on a weblogic server by copying
and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
to the new installation %bea_home%\config\DomainName.
When I do this I get the following error when starting up the weblogic server:
"The WebLogic Server did not start up properly. Exception raised:
weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
Secret Key" when loading config.xml
I assume this is because the weblogic system password is encrypted in the config.xml
file. Is there anyway I can get around this so I can easily clone weblogic servers?
Thanks,
JasJas,
Yeah the security key is tied to the server, what exactly are you
trying to accomplish? Do you want seperate domains or servers? Are
they on different physical servers?
Also what version of wls? 6 or 7?
Will try to help you if I can
Steve

Need pl/sql code to Encrypted data to decryption formate

Hi All,
I have Encrypted data 64 bit formate like
encrypt
780D0287
FA57C55510D258C73DE93059E3DC49EC
need output as a Decryption data..kindly give me output

This is your duplicate post...
Re: Need pl/sql code to decryption
*009*

Decrypt PL/SQL programs

Hi,
The below mentioned link is with reference to a question which has been asked by the user regarding how to encrypt pl./sql programs .. and the answer which has been given is using WRAP command ,..
Encrypt PL/SQL
At the same stage, later on, if I want to decrypt the PL/SQL program and want to view the original contents ... how can I achieve this ???
Regards

Hi,
Thanks for your reply .. Well, the below is what I got the oracle documentation ..
The header can contain comments. For example, the Wrap Utility converts
CREATE PACKAGE
-- Author: J. Hollings
-- Date: 10/15/99
banking AS
minimum_balance CONSTANT REAL := 25.00;
insufficient_funds EXCEPTION;
END banking;
into
CREATE PACKAGE
-- Author: J. Hollings
-- Date: 10/15/99
banking wrapped
0
abcd ...
Now, you said, the user who has created it can view the original code, how is that possible ?? Do you mean, if i login with my user id and password (with whom I have encrypted the program) I only can view the code ( the original code) ?? Please clarify
Regards

Looking code encrypted data to Decryption data

Hi All,
I have Encrypted data like
encrypt
780D0287
FA57C55510D258C73DE93059E3DC49EC
need output AS A Decryption data..kindly give me output

This is your duplicate post...
Re: Need pl/sql code to decryption
*009*

RSA with Cryptix: can encrypt but not decrypt? Please help.. :)

Hi all,
I've been trying to do RSA encryption/decryption using a pair of keys created with keytool. I've been able to encrypt some bytes, but when I attempt to decrypt the results immediately using the private key, I received the following exception:
IllegalBlockSizeException: RSA: Cipher in DECRYPT state with an incomplete final block
Please can anyone save me out of my misery and shed some light on this problem? Thanks a great deal in advance.
Best Regards,
Kenshin
Here are the code snippets:
// 1. imported APIs:
import javax.net.ssl.*;
import java.io.*;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import javax.crypto.*;
import javax.crypto.spec.*;
import cryptix.provider.Cryptix;
import xjava.security.Cipher;
import xjava.security.CipherInputStream;
import xjava.security.CipherOutputStream;
import xjava.security.interfaces.*;
import cryptix.provider.rsa.*;
// 2. Getting the Public Key from the created cert:
File certFile = new File("c:/keystore/jbossSSL.cer");
FileInputStream certFileInStream = new FileInputStream(certFile);
CertificateFactory cf = CertificateFactory.getInstance("X509");
Certificate cert = (Certificate)cf.generateCertificate(certFileInStream);
RSAPublicKey serverPublicKey = (RSAPublicKey)cert.getPublicKey();
// 3. Doing the encryption:
Security.addProvider( new cryptix.provider.Cryptix());
Cipher cipherInstance = Cipher.getInstance("RSA/ECB/PKCS7", "Cryptix");
CryptixRSAPublicKey vCryptixRSAPubKey = (CryptixRSAPublicKey) new RawRSAPublicKey(serverPublicKey.getPublicExponent());
cipherInstance.initEncrypt(vCryptixRSAPubKey);
System.out.println("String to be encypted: " + sRandomString);
// Sample of what is printed: String to be encypted: 2201162506010696613
ByteArrayInputStream clearTextInStream = new ByteArrayInputStream(sRandomString.getBytes());
CipherInputStream cInStream = new CipherInputStream(clearTextInStream, cipherInstance);
ByteArrayOutputStream cipherTextOutStream = new ByteArrayOutputStream();
CipherOutputStream cOutStream = new CipherOutputStream(cipherTextOutStream, cipherInstance);
byte[] buffer = new byte[8192];
int length;
while((length= cInStream.read(buffer))!=-1)
cOutStream.write(buffer, 0, length);
cOutStream.close();
cInStream.close();
cipherTextOutStream.close();
clearTextInStream.close();
String sEncodedString = new String(cipherTextOutStream.toByteArray());
System.out.println("String encrpted: " + sEncodedString);
// Sample of what is printed: String to encrpted: 2 2 01 1 6 25 0 6 01 0 6 96 6 1 3☺ ☻☻
// 4. Getting the Private key from the keystore
FileInputStream in = new FileInputStream("C:/keystore/jbossSSL.keystore");
KeyStore catalinaKeyStore = KeyStore.getInstance("jks");
catalinaKeyStore.load(in, "jbossSSL".toCharArray());
RSAPrivateKey privateK = (RSAPrivateKey)catalinaKeyStore.getKey("jbossSSL", "jbossSSL".toCharArray());
CryptixRSAPrivateKey vCryptixRSAPriKey = (CryptixRSAPrivateKey) new RawRSAPrivateKey(privateK.getPrivateExponent(), privateK.getModulus());
cipherInstance.initDecrypt(vCryptixRSAPriKey);
// 5. Doing the decryption:
ByteArrayInputStream cipherTextInStream = new ByteArrayInputStream(sEncodedString.getBytes());
cInStream = new CipherInputStream(cipherTextInStream,cipherInstance);
ByteArrayOutputStream clearTextOutStream = new ByteArrayOutputStream();
cOutStream = new CipherOutputStream(clearTextOutStream,cipherInstance);
while((length= cInStream.read(buffer))!=-1)
cOutStream.write(buffer, 0, length); >> exception thrown here
cOutStream.close();
cInStream.close();
clearTextOutStream.close();
cipherTextInStream.close();
String sDecodedString = new String(clearTextOutStream.toByteArray());
System.out.println("Stringdecrpted: " + sDecodedString);

Here is working RSA example Maybe will help you. (may has a few typing errors becosu I rmoved some confidential data ;) )
import java.util.*;
import javax.swing.*;
import java.io.*;
import java.security.*;
import javax.crypto.Cipher;
import xjava.security.*;
import cryptix.provider.Cryptix;
import xjava.security.interfaces.CryptixRSAPublicKey;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.KeyGenerator;
import xjava.security.SecretKey;
public class testcipher extends javax.swing.JFrame{
    /** Creates new test */
    public testcipher() throws Exception {
    * @param args the command line arguments
    public static void main(String [] args) throws Exception {
        Provider pd = new cryptix.provider.Cryptix();
        Security.addProvider(pd);
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "Cryptix");
        kpg.initialize(1024, new java.security.SecureRandom());
        System.out.println("Generating key pair...");
        KeyPair kp = kpg.genKeyPair();
        System.out.println("Key pair generated...");
        xjava.security.Cipher cp = xjava.security.Cipher.getInstance("RSA/ECB/PKCS7", "Cryptix");
        cp.initEncrypt(kp.getPublic());
        FileInputStream fis = new FileInputStream("c:\\temp\\b2b\\index.htm");
        CipherInputStream cin = new CipherInputStream(fis, cp);
        FileOutputStream fout = new FileOutputStream("C:\\temp\\b2b\\enc.htm");
        CipherOutputStream cout = new CipherOutputStream(fout, cp);
        byte[] buffer = new byte[8192];
        int length;
        while((length=cin.read(buffer))!=-1)
            cout.write(buffer, 0, length);
        cout.close();
        cin.close();
        fout.close();
        fis.close();
        cp.initDecrypt(kp.getPrivate());
        fis = new FileInputStream("c:\\temp\\b2b\\enc.htm");
         cin = new CipherInputStream(fis, cp);
         fout = new FileOutputStream("C:\\temp\\b2b\\dec.htm");
         cout = new CipherOutputStream(fout, cp);
                while((length=cin.read(buffer))!=-1)
            cout.write(buffer, 0, length);
        cout.close();
        cin.close();
        fout.close();
        fis.close();
}

Encrypt in C - Decrypt in Java

Hi,
I need to encrypt a message in C and decrypt it in Java using DES algorithm. When trying to decrypt the message im getting :
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA6275)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA6275)
I'm using the same key for encryption and decryption(maybe the C program using the key differently than the Java program).
Is it possible to encrypt a message in C and decrypt it in Java ?
Thanks in advance for your help.
Nir.

Can you decrypt in C? It sounds as if the encryption hasn't been performed correctly in C or like the key being used doesn't correspond to the decryption key. I'd initially get it working in C first both encryption and decryption then try to get it working in Java. I don't see any problem with getting C to encrypt and Java to decrypt as they should both be working to the same standard practices.
The last time I had a problem with a bad padding exception the answer lay in the key I was using and the keystore I was retrieving the key from.

Using CLR Integration in SQL Server 2005

I have several CLR SQLProcedures in my SQL Database for performing performing complex selects with regex etc. These work exceptionally well form with Visual Strudio for retrieving a dataset. However from within Crystal Reports I can not see these stored procedures, so cannot use the to report on, which was the whole idea of creating them.
Also, if I create a standard sql stored procedure, but include a CLR SQLFunction, it also fails in Crystal Reports.
Considering CLR Intergration ha sbeen around since 2004/5, I would have expected CR 2008 to ba able to make use of them, but I can find no way to make them work.
I hope some one can assist me in this quest.

Please post this query to the Crystal Reports Design forum:
SAP Crystal Reports
That forum is monitored by qualified technicians and you will get a faster response there. Also, all BOE queries remain in one place and thus can be easily searched in one place.
Thank you for your understanding,
Ludek

CLR triggers and SQL Server CE

I have an SQL Server 2012 database where a table should fire a trigger which populates an SQL Server CE 4.0 table.
Developing the trigger was no problem. The problem I'm facing is the System.Data.SqlServerCe.dll registration in my SQL Server database. I'm getting the following error:
Warning: The SQL Server client assembly 'system.data.sqlserverce, version=4.0.0.0, culture=neutral, publickeytoken=89845dcd8080cc91, processorarchitecture=msil.' you are registering is not fully tested in SQL Server hosted environment.
Msg 6218, Level 16, State 2, Line 1
CREATE ASSEMBLY for assembly 'System.Data.SqlServerCe' failed because assembly 'System.Data.SqlServerCe' failed verification. Check if the referenced assemblies are up-to-date and trusted (for external_access or unsafe) to execute in the database. CLR Verifier error messages if any will follow this message
[ : System.Data.SqlServerCe.SqlCeCommand::ExecuteCommandText][mdToken=0x6000115][offset 0x00000033][trovato address of value 'System.Data.SqlServerCe.MEDBBINDING'][previsto address of Native Int] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::ExecuteCommandText][mdToken=0x6000115][offset 0x00000035][trovato address of Native Int] Previsto tipo numerico nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::ExecuteCommandText][mdToken=0x6000115][offset 0x00000028][trovato Native Int][previsto address of Native Int] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::OpenCursor][mdToken=0x6000118][offset 0x00000106][trovato Native Int][previsto address of Int32] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::OpenCursor][mdToken=0x6000118][offset 0x000000DA][trovato unmanaged pointer][previsto unmanaged pointer] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::OpenCursor][mdToken=0x6000118][offset 0x000000E3][trovato address of Int32] Previsto tipo numerico nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::OpenCursor][mdToken=0x6000118][offset 0x000000C6][trovato Native Int][previsto address of Int32] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::CompileQueryPlan][mdToken=0x6000120][offset 0x000000E4][trovato Native Int][previsto address of Native Int] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::CompileQueryPlan][mdToken=0x6000120][offset 0x00000075][trovato address of value 'System.Data.SqlServerCe.MEDBBINDING'][previsto address of Native Int] Tipo non previsto nello stack.
[ : System.Data.SqlServerCe.SqlCeCommand::CompileQueryPlan][mdToken=0x6...
Is it possible to have such a trigger? Or is there no way at all?
Thank you in advance, regards
pg

System.Data.SqlServerCe.dll is not on the SQLCLR supported assemblies list. You can try registering that assembly (and your caller assembly) as PERMISSION_SET = UNSAFE but, even if this works now, there's no guarantees about it being supported
in future.
Hope this helps, Bob

Improving CLR performance in SQL Server (redux)

I have been spending a lot of time trying to eek out the maximum performance out of a C# CLR UDF. I have already set IsDeterministic and IsPrecise to true, as well as SystemDataAccessKind.None and DataAccessKind.None.
I am now experimenting with the overhead of transferring to CLR. I created a simple CLR UDF that just returns the input value, e.g.,
[Microsoft.SqlServer.Server.SqlFunction(IsDeterministic=true, IsPrecise=true)]
public static SqlString MyUDF(SqlString data)
return data;
Defined as:
CREATE FUNCTION dbo.MyUDF(@data nvarchar(4000)) RETURNS nvarchar(4000) WITH EXECUTE AS CALLER
AS EXTERNAL NAME [MyAssembly].[UserDefinedFunctions].[MyUDF];
I then use the UDF in a View on the Primary Key (nvarchar) of a table with about 6M rows.
I know there is a small overhead going through a View versus a Table. However, when I query through the table, it is about 2000% faster than querying through the View with the CLR UDF. E.g., 3 seconds for the table and 60 seconds for the view! I checked
the Query Plans for each and they are both using Parallelization.
I have to assume that all the overhead is in the transition to CLR. Is that much overhead to be expected? Is there any way to improve that?
Incidentally, this is a followup to this question:
http://stackoverflow.com/questions/24722708/sql-server-clr-udf-parallelism-redux

Assuming that a way is found to reduce this apparent overhead, what is the intended operation within the function? I ask because the advantages of SqlChars over SqlString might be moot if you will need to operate on the full string all
at once as opposed to reading it as a stream of characters.
Also, with regards to why the CLR UDF is so much faster than the T-SQL version, some amount of it certainly could be the ability to participate in a Parallel plan, but also a change was made in SQL Server 2012 that improved performance of deterministic CLR
functions:
Behavior Changes to Database Engine Features in SQL Server 2012
Constant Folding for CLR User-Defined Functions and Methods
In SQL Server 2012, the following user-defined CLR objects are now foldable:
Deterministic scalar-valued CLR user-defined functions.
Deterministic methods of CLR user-defined types.
This improvement seeks to enhance performance when these functions or methods are called more than once with the same arguments.
Also, 60 seconds down to 3 seconds is a 95% improvement, not 2000%. Or you could say that the operation is 20x faster without the UDF.
Now, outside of that, I recall seeing in another forum that someone was converting their string to VARBINARY using SqlBinary / SqlBytes and then returning VARBINARY and converting it back in T-SQL. Might be worth a test.

Encrypting traffic between Sharepoint and SQL

We have a 2013 Environment used by internal and external users. External traffic (external users accessing the extranet site) is encrypted using SSL certs. Internal traffic (internal users to the intranet site) is not encrypted which is fine. We are being
asked by some auditors to encrypt traffic between SharePoint (WFE and APP servers) to SQL backend. What options do we have and how involved each one is? On SQL backend we know we can enforce encryption.
Thanks

When you say just enforce encryption on SQL does that mean no steps to take on SharePoint to facilitate the process? Will traffic be automatically encrypted once encryption is done on SQL?
Absolutely correct! You will need to restart the SQL Server service, which will cause a brief outage for SharePoint, but you do not need to do anything for SharePoint. You'll
probably want a certificate that is trusted by the SharePoint servers. I was personally using a Microsoft Certificate Authority server which hands out certificates to machine names and also hands out root certificates to all machines on the domain
(thus a trusted issuer). I am also using a SQL alias on my SharePoint servers, so the alias/SQL machine name mismatch is not an issue.
Once the SQL Server is set to encrypted, you can use the following T-SQL statement and validate the encrypt_option is TRUE. You may also consider adding a SPN to the SQL Server Service account (MSSQLSvc protocol) to enable Kerberos connections, which are
not only faster, but significantly more secure. You can use the same T-SQL statement to see if connections are using NTLM or Kerberos.
select * from sys.dm_exec_connections
Trevor Seward
Follow or contact me at...
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Encrypted machine keeps decrypting for no reason

I have a machine with a encryption policy assigned and recently it has
started to decrypt and then re-encrypt. I look at the "Emergency Recovery"
tab on the device in ZCC and see 16 recovery entries where on most other
machines I see the one from when I first encrypted it. Nothing in message
log on the policy or the device. What can I check to see why this one
machine keeps doing this?
Jim Koerner
Server - ZCM 11.2.1 w/MU1 and Internal Database on Win2008R2x64
Client - ZCM 11.2.1 w/MU1 on Win7SP1x64

My second SR for this finally got moved along to backline. Was kind of told
this may be a known issue and hope to have more info shortly.
Jim Koerner
"Jim Koerner" wrote in message
news:0MZ5s.162$[email protected]..
Dropped in a SR yesterday. I'll post back the outcome.
Jim
"bbeachem" <[email protected]> wrote in message
news:[email protected]..
>
> Open a SR and attached FDE Diagnostics package.... Start
> Menu->Programs->Novell->ZENworks->FDE About Box->Diagnostics button...
> it will create it on the desktop.
>
>
> --
> bbeachem
> ------------------------------------------------------------------------
> bbeachem's Profile: http://forums.novell.com/member.php?userid=103657
> View this thread: http://forums.novell.com/showthread.php?t=459635
>

Re: encrypting in c#, decrypting in java

Hello,
I am trying to use RSA so I can encrypt in c# (encrypt a password) and decrypt it in my web service to check the password.
But, I am having some problems when I try to read in the file with my private key. I am currently getting an error of: too much data for RSA block.
I am using bouncycastle for the algorithms.
Has anyone seen any example of encrypting in C# and decrypting in Java?
Thanx.

Your C# may be using padding without your knowledge...
This is from the docs for C# RSACryptoServiceProvider:
public byte[] Encrypt(
byte[] rgb,
bool fOAEP
rgb The data to be encrypted
fOAEP true to perform direct RSA encryption using OAEP padding (only available on a computer running Microsoft Windows XP or later); otherwise, false to use PKCS#1 v1.5 padding.
It looks like Bouncy Castle's RSA can use either no padding or OAEP (please correct me if Im wrong,
I couldnt find documentation for this). So you'll have to figure out how to sync the two up.

Encrypt on CLR decrypt in SQL?

Similar Messages

Maybe you are looking for