Password-Protecting Sensitive InfoPath Form Fields
page 3 of 6
by S.Y.M. Wong-A-Ton
Average Rating: 
Views (Total / Last 10 Days): 38101/ 55

Encryption in a Nutshell

Encryption is the conversion of sensitive information known as plain text into illegible cipher text using a bit-string referred to as a key.  The general idea is that the more bits a key has, the stronger the cryptographic algorithm will be.  Nonetheless, each cryptographic algorithm can be broken, given enough time and processing power.

The goals of cryptography are:

1.      Confidentiality (protect data from being read)

2.      Data integrity (detect whether data has been altered)

3.      Authentication (assure data originated from a particular party)

There are three types of encryption: hashing, symmetric encryption, and asymmetric encryption.


Hashing algorithms are often one-way functions, i.e. you cannot un-hash hashed data.  Hashing is typically used to detect if data has been tampered with.  On passwords, hashing is used to see if someone knows a password without exposing the password itself.

Symmetric / Asymmetric Encryption

Symmetric encryption algorithms use one key for both encryption and decryption.  The sender and receiver must share this key with each other before they can start exchanging data using symmetric encryption.  Asymmetric algorithms use two separate keys for encryption and decryption.  These keys are known as the public key and the private key.  The private key must be kept secret at all times, while the public key may be shared with everyone.  Symmetric encryption is faster than asymmetric encryption, making it ideal for encrypting large amounts of data.

Encryption in the Solution

The solution outlined in this article makes use of symmetric encryption, i.e. the same key used for encryption is also used for decryption.  The password the user enters into the form is used to generate this key.  Since it is theoretically possible that two users could use the same password to protect their individual InfoPath forms, extra text, called salt, is added to ensure uniqueness of the generated key.  The user name of the logged on user is used as the salt for the key.

View Entire Article

User Comments

No comments posted yet.

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-04-22 4:56:35 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search