|
This function uses a private key handle to decrypt strings
previously encrypted with xp_rsa_pub_enc.
Comparing to all previous version XP_CRYPT 3.5 has the feature of
" bulk encryption". This means that from now it can encrypt not only VARCHAR
variables but also variables of all types (except TEXT and IMAGE ) and produce
one encrypted string which includes all variables. You can also encrypt NULL
and empty values. NOTE: All information decrypted with new xp_rsa_pub_enc
cannot be successfully decrypted with the older version. The older version will
output some garbage characters which in the new version are consider as controlling symbols.
The new xp_rsa_priv_dec function allows to get more than one
decrypted value. You can specify up to 252 output values.
Syntax
xp_rsa_priv_dec { encrypted_text, private_key_src,
variable1 OUTPUT, [variable2 OUTPUT, variable3 OUTPUT
... ], [ src_password ]}
Arguments
encrypted_text
VARCHAR or VARBINARY. String to be decrypted.
private_key_src
VARCHAR. Source of the private key. It can be a handle, a filename or a key
body. If you specify something other than a key handle you must specify the
password for reading the key as 4th parameter.
On success this variables holds decrypted clear_text string.
variable1 OUTPUT [, variable2 OUTPUT , variable3 OUTPUT ...]
Variables hold the decrypted information. The order of the variables
should be the same with the order of the variables given to the xp_rsa_pub_enc
function.
Result of the decryption.
src_password
VARCHAR. A password for reading the key if its source is in the file of key
string. If the pswd_cache option is set to yes and the given
password is '?' XP_CRYPT will try to load the key with a password
stored in the session. See xp_crypt_set_option
for more information about pswd_cache option.
Permissions
Execute permissions default to the public role.
Return Code Values
0 - success, or Error code
if failed.
Example
-- Decryption with explicit loading of the private
key
exec xp_rsa_load_key 'privkey.pem', @PrivateKey output, 'SecurePassword'
exec xp_rsa_priv_dec @Encrypted , @PrivateKey , @ClearText output
exec xp_rsa_free_key @PrivateKey
-- Decryption with key stored in .pem file. Key will be loaded
and freed automatically
exec xp_rsa_priv_dec , @Encrypted ,'<privkey.pem' , @ClearText output,
'SecurePassword'
- Shows new bulk encryption feature
declare @name as varchar (100)
declare @dateofbirth as datetime
declare @department int
declare @return_code int
select @name=name_field , @dateofbirth=dateofbirth_field ,
@department = department_field from employees
exec xp_rsa_pub_enc @name, @dateofbirth , @department ,
'<pubkey.pem' , @CryptedText output
-- @CryptedText contains the base64 encoded block of 3 fields
joined togather.
-- decrypt it now with the private key stored in 'privatekey.pem'
exec @return_code = xp_rsa_priv_dec @CryptedText, '<privatekey.pem', @name
OUTPUT, @dateofbirth OUTPUT , @department OUTPUT, 'PassForThePrivateKey'
if @return_code != 0
then
RaiseError ("Decryption failed ",16,10)
end
|
|
