mysql has been encrypted
How do you decode it again?
I do not know the key value
And it was all returned as null.
If it is encrypted you can not obtain the data without the encryption key, that is the whole point of encryption.
Related
I have data in mySQL database table as "2888f3f0-286a-11db-954d-b1740a14150f".
I am not sure how to decrypt it or get the actual text for this value.
First of all, check the algorithm/function through which it got encrypted and ultimately you will be able to decrypt the code IF decryption function is available
otherwise, you can't get the text from this text
There is a task to encrypt a message with a key stored in HSM (LMK I suppose) to save the encrypted message in database. And decrypt later as well.
The commands I find are M0/M2. As I could see both commands require my own key in addition.
I may generate own keys somehow (with HSM or by another way), but how the message be encrypted finally? With the both my and LMK key? Some other way? And should I store my own key somewhere also?
Is it a more direct way to encrypt message with internal HSM key?
Thank in advance, I am very new with HSM Thales.
Commands M0 and M2 on a Thales 9000 Payshield are Encrypt Data Block and Decrypt Data Block respectively.
To use these commands, you have to provide a key in the M0 command which will be used to encrypt the data.
The key you use must itself be encrypted under an LMK keypair, which is stored in the HSM and should not be accessible to you (except in a test environment where you will normally know the values of all the test LMK keypairs).
To get that data encryption key, generate a ZEK, using command A0. The A1 response to this will give you the key. The key you receive is encrypted under an LMK keypair.
You can then use this key in an M0/M2 command to encrypt a given block of data.
You will need to store the key you receive in the A1 command (it's likely just 16 or 32 hex chars) as it is not stored in the HSM.
Encryption/decryption of any of this data will always have to be performed via the HSM, because only the HSM has access to the LMK keypair required to decrypt your key and make it usable.
I want to implement a system where by encrypted data can be stored alongside everything you need to decrypt it except a human memorable password. The system I have in mind is that the encrypted data would be stored with the key that was used to encrypt that data, only that key would have been encrypted again using the hash of the users password. There would then be another hash of the password also stored in the same place, but this hash would have used a different hash function.
The decryption process would be:
user enters password
the password is hashed using hash function A and that hash is checked against the stored hash to ensure it was correct
if the password was correct, you rehash the given password with hash function B to get Key 1
Key 1 can then be used to decrypt Key 2 which was used to encrypt a block of data
This way you could store unlimited encrypted data, all encrypted using different randomly generated AES keys that are all encrypted by the hash of the password (Key 1). Ideally you could give this block of data to anyone and they couldn't decrypt it without the password. You could also send the password hash and a single block of encrypted data over a network and the end user can decrypt it on their end assuming they know the password.
I know the standard response to these things is don't roll your own, but I would like to know out of interest what the security concerns are for this system. Primarily Could it work and what pair of hash functions should be used and why? I am also interested in what the standard way to achieve this would be.
I am trying to encrypt and decrypt the data using SHA 5 in mysql. I am able to encrypt the data but unable to decrypt it. How can I achieve the decrption of SHA5 encrypted data in mysql.
What do you exactly want to do ? As Michael says, you will not be able to reverse a hash. We use hash when we want hide the real information and never decrypt it. If you want to decrypt it, then use an inversible function.
Hash algorithms (SHA = secure hash algorithm) are one way. You can use then to verify information such as a password by checking that the password entered, when SHA'd, equals the encrypted version on record. You can't decrypt with it though.
I created an asymmetric key on one of my SQL servers (2008). I encrypted a password field and I am able to retrieve that password just fine on my development server.
The issue comes into play where I need to move this data to a production server.
Here is the code for the key that was created:
CREATE MASTER KEY ENCRYPTION BY PASSWORD='#########'
CREATE ASYMMETRIC KEY UserEncryptionKey
WITH ALGORITHM = RSA_2048
Now, when I run this on the production server, it creates the key just fine. However, when I run my sproc to get the password, it returns NULL.
SQL:
SELECT EncryptByAsymKey(AsymKey_ID('UserEncryptionKey'), Password )
FROM Users WHERE UserName = '######'
Any thoughts on what I need to do to get the encrypted field to work on multiple SQL Servers?
Please let me know if I need to clarify something.
Thanks
Do not move encrypted data from a database to another. Technically is possible, true, but you will likely compromise the key in the process so I rather not tell you how to do it.
When data is exchanged between sites, the usual procedure separates the key management and deployment from data transfer. Data is decrypted before transfer and dedicate encryption schemes for data transfer are used, like TLS and SSL, that eliminate the problem of deploying and sharing the actual encryption keys.
Asa side note, normally one does no encrypt data with asymmetric keys. They are way too slow for data operations. What everybody does is they encrypt data with a symmetric key and then encrypt the symmetric key with an asymmetric key.