Storing encrypted data

[Matthew51]

I need to store payment tokens, and I want to encrypt them.  Encrypting the data and storing it isn't hard.  My question is how to store the decryption key.  The server and database are both on the same server.  It's an SQL database.  I want to avoid the computer equivalent of locking your door, then hanging the key next to the lock.

Thanks
Matthew

[kevin plummer]

It's a good question. I googled best practice and sounds like no perfect way but there are methods to make it harder if hacked.


http://stackoverflow.com/questions/723653/storing-encryption-keys-best-practices

[Matthew51]

I did the same with similar results.  The idea of breaking the key into part from that link I think I'll use.  It can easily be scaled up by keeping the key parts on other computers in the future.

[Matthew51]

And here I thought doing an xor on a string would be easy.  The only xor function I can find is the one in clarion, and it only takes a long.  The only way way I see to do it is to:
1 read the string into a string theory
2 Break the sting into bytes
3 Store the bytes in longs
4 repeat 1-3 for the other key part
5 xor the longs
6 puts the longs back into the string parts
7 put the whole string back together

Anyone else ever done this, and if so did you find an easier way?

[Bruce]

Hi Matthew,
using OVER it gets a bit simpler.

password       String(100)
overpassword  Long,Dim(25),Over(Password)

  Loop x = 1 to 25
    overpassword[ x] = BXOR(overpassword[ x],123456789)
  end


what would be interesting is a StringTheory method that XOR's on string with another string...

cheers
Bruce

[Matthew51]

Exactly the simple code I was looking for!  I was surprised string theory didn't already do that.  It does everything else I want and more.