Encrypted Profile Properties
Commerce Server supports two types of encryption: asymmetric encryption (AE), and one-way hashing. Commerce Server 2002 does not support symmetric encryption.
.gif "Ee825400.important(en-US,CS.20).gif")
Important
- Commerce Server does not include a key management system. You must design and create a key management system that can generate, store, and retrieve public and private keys for use in encryption.
Asymmetric Encryption
Asymmetric encryption is used for data that needs to be decrypted later. This encryption scheme uses a pair of keys for encryption: the public key encrypts data, and a corresponding secret key, the private key, decrypts it.
To use asymmetric encryption, you normally perform these steps:
- Use Business Desk to add profile properties that can be encrypted.
- Generate public and private keys.
- Modify the application code to:
- Supply the tokens used in the encryption process to the Profile Service and Commerce Server OLE DB Provider
- Encrypt properties
- Decrypt properties
- Migrate data to a new public/private key pair.
One-way Hashing
One-way hashing is used for hiding data, or for encrypting data that you do not need to decrypt. Example data that would be subject to one-way hashing is a user password. Commerce Server 2002 uses a "salt" with the user data to hash it. The salt is a 32-bit random number that is prefixed to the user data before performing the hash.
See Also
Adding Encrypted Properties to the Profile Service
Generating a New Cookie Encryption Key
Copyright © 2005 Microsoft Corporation.
All rights reserved.