Databases Reference
In-Depth Information
Running the
Save()
method on the
UserProperties
class creates a record in the
UserProperties
table.
The following code shows how to call the
Save
method:
1. class Program
2. {
3. static void Main(string[] args)
4. {
5. // Declare the encryption object and encrypt our secret value
6. Encryption e = new Encryption();
7. CipherText ct = e.EncryptAES("secret value goes here...");
8.
9. UserProperties.Save("MySecret", ct);
10.
11. }
12. }
Figure
3-3
shows the content of the table after you run the program. The Value column is your encrypted value,
the Vector is the
@vector
variable from the stored procedure, and the Token column is the calculated hash passed
as the
@hash
variable.
Figure 3-3.
Record with the encrypted value, a hash, and a vector
Last but not least, you should know that SQL Server and SQL Database both support hashing natively. Support
for hashing was until recently limited to the MD5 and SHA-1 algorithms. However SQL Database and SQL Server 2012
now support hashes with 256 and 512 bit strengths. As a result you could use the HASHBYTES command to create the
Token value previously created in C#. Here is a quick example of how to compute an SHA-256 hash in SQL:
SELECT HASHBYTES('sha2_256', 'MySecret')
The output of
HASHBYTES()
is a byte array as well:
0x49562CFC3B17139EA01C480B9C86A2DDACB38FF1B2E9DB1BF66BAB7A4E3F1FB5
You could change the stored procedure created previously to perform the hashing function in it, instead of
using C# code. However keeping the hashing algorithm in C# may make sense for performance reasons because it is
a CPU-intensive operation. If your application calculates hashes constantly you may want to keep hashing in C# to
save database CPU cycles for other tasks. If you decide to hash values using T-SQL you may want to first convert your
