readme.txt

关于SQL SERVER 的加密和解密包

Encryption and Encoding 
Sample Extended Stored Procedures 
for SQL Server 2000

Michael Coles, MCDBA 7/2005

// Updated to version 0.9.0.0 on 1/19/2006.  The updates across the board were
// all fixes to deal with memory fragmentation resulting from very large data-
// sets.
//
// Update to SQL Installation on 1/19/2006.  This update changed the AES UDF's
// to use VARBINARY.  SQL dumps whitespace at the end of VARCHARs, which might
// cause problems.
//
// Update to SQL Scripts on 1/19/2006.  Modified install script to install AES
// UDF's using VARBINARY data type.  Also modified test script to use VARBINARY
// where necessary, and added a fake credit card number encryption test.
//

/*****************************************************************************/
/**                                                                         **/
/** Parts of these sample programs are derivative works based on the work   **/
/** the following individuals:                                              **/
/**                                                                         **/
/** Base64 encoding/decoding - AMMimeUtils by Anders Molin.  Original source**/
/**     is available on the Code Project at                                 **/
/**     http://www.codeproject.com/string/ammimeutils.asp                   **/
/**                                                                         **/
/** Blowfish encryption/decryption - Blowfish by Bruce Schneier.  Original  **/
/**     source is available at Bruce Schneier's website:                    **/
/**     http://www.schneier.com/                                            **/
/**                                                                         **/
/*****************************************************************************/


------------
Installation
------------

1.  Copy the DLL files from the INSTALL directory to the "Microsoft SQL 
Server\MSSQL\Binn" directory on your computer.

2.  Run the provided SQL Script "ADD_XP.SQL" in Query Analyzer.

That's it.  There are sample SQL Scripts provided in the SAMPLE_SQL directory
demonstrating how to use these extended stored procedures.

----------
How to use
----------

xp_rot13 @param1 [,@param2 OUTPUT]

	Performs a ROT13 "Caesar Shift" encryption on @param1.  If @param2 is 
	specified as an OUTPUT parameter, the results are returned in @param2
	otherwise the results are returned as a SQL resultset.

xp_base64encode @param1 [,@param2 OUTPUT]

	Performs a Base64 encoding of @param1.  If @param2 is specified, the
	result is returned in @param2.  If not, the result is returned via a
	SQL resultset.

xp_base64decode @param1 [,@param2 OUTPUT]

	Decodes the Base64 data in @param1.  If @param2 is specified, the result
	is returned in @param2.  If not, the result is returned via a SQL result
	set.

xp_blowfishencrypt @param1, @param2 [,@param3 OUTPUT]

	Encrypts @param1 using the Blowfish encryption algorithm.  Note that for
	xp_blowfishencrypt, @param1 is plain text and @param2 is the key in Base64
	format.  If @param3 is specified, it receives the results, otherwise the
	result is returned via SQL resultset.  Results of encoding are returned in
	Base64 format.

xp_blowfishdecrypt @param1, @param2, [,@param3 OUTPUT]

	Decrypts @param1 using the Blowfish decryption algorithm.  Note that for
	xp_blowfishdecrypt, @param1 is Base64 encoded encrypted text and @param2
	is the Base64-encoded key.  If @param3 is specified, it receives the 
	results otherwise result is returned via a SQL resultset.  Results of
	decoding are returned in plain text format.

xp_generatekey @param1 [,@param2 OUTPUT]

	Generates a random encryption key.  @param1 specifies the number of bits
	for the encryption key.  Blowfish requires keys to be between 32 and 448
	bits, and a multiple of 8.  If @param2 is specified, the key is returned
	in @param2 in Base64 encoded format.  If no @param2, then the key is
	returned in Base64 format via a SQL Resultset.

xp_aesencrypt @param1, @param2 [,@param3 OUTPUT]

	Encrypts using AES (Rijndael) encryption.  Note that for AES encryption, no
	Base64 format is used.  This implementation of AES pads your plaintext out
	to the next greater 16 byte block; so if your text is 10 bytes, the encrypted
	text will be 16 bytes.  If your text is 16 bytes, the encrypted text will be
	32 bytes.  Key size for Rijndael is be 128, 192 or 256 bits (16 bytes,
	24 bytes or 32 bytes).  The key is not Base64-encoded for this implementation.

xp_aesdecrypt @param1, @param2 [,@param3 OUTPUT]
	
	Decrypts an encrypted string using AES (Rijndael) encryption.  Note that for
	this AES implementation, Base64 is not used.  This implementation removes
	previously added padding after the string is decrypted.  The padding method
	used is defined by FIPS:  zeroes are added to pad the plaintext string to
	a 16-byte block; the number of zeroes added is stored in the last position of
	the string.  On unencryption, all padding characters are stripped off.