0

We have a column of type varchar(25) in a SQL Server table that mistakenly had plain text values inserted when they should have been encrypted with AES. We are going to remove the plain text values from the database. The plan was to verify the block size of the field, though this would cause some unencrypted values to be left. Is there any other criteria I can check to reliably identify valid encrypted data?

We need it to be a T-SQL only solution.

Update

Just dug a little deeper, it's getting the values back from a web service. This web service encrypts them using AES in ASP.Net. It takes the returned byte array and then it uses this method to conver the byte array to a string:

static public string ByteArrToString(byte[] byteArr)
{
  byte val;
  string tempStr = "";
  for (int i = 0; i <= byteArr.GetUpperBound(0); i++)
  {
    val = byteArr[i];
    if (val < (byte)10)
      tempStr += "00" + val.ToString();
    else if (val < (byte)100)
      tempStr += "0" + val.ToString();
    else
      tempStr += val.ToString();
  }
  return tempStr;
}

For clarity, I should say I did not originally write this code!

Cheers

4

1 回答 1

0

Not really, especially since the encoding method doesn't look normal to me. It is more common to base64 encode the data which makes it very distinctive. It really depends what the unencrypted data consists of as to how easily it is to determine whether the data is encrypted or not - for instance, is it words, numbers, does it have spaces etc (since the encoded data has no spaces for instance).

It looks like your encoded data will all be numeric represented as a string so depending on length of data, you could see if your column will cast to a BIGINT.

Not sure the best way off the top of my head but there is an answer here that might help you "try cast" in T-SQL StackOverflow-8453861

于 2013-06-06T16:04:04.480 回答