Managing Encrypted Profile Properties
This topic describes many of the components necessary to create a site that maintains the security of important data. One area that this topic does not address is key management.
.gif "Ee783907.important(en-US,CS.20).gif")
Important
- Commerce Server does not include a key management system. You must design and create a key management system that can generate, store, and retrieve public and private keys for use in encryption. For your application to be secure, you must appropriately address this critical issue.
Commerce Server 2002 supports asymmetric encryption and one-way hashing to enable the encryption of profile properties.
To use asymmetric encryption, you normally perform these steps:
- Use Business Desk to add profile properties that can be encrypted.
- Generate public and private keys.
- Modify the application code to:
- Supply the tokens used in the encryption process to the Profile Service and Commerce Server OLE DB Provider
- Encrypt properties
- Decrypt properties
- Migrate data to a new public/private key pair. Data migration is not covered in this topic.
One-way hashing is used to encrypt data that does not need to be decrypted, such as passwords. Once the encrypted values are stored, data can be compared with the stored values using a hashing algorithm in a string comparison implementation.
This section contains:
- Adding Encrypted Properties to the Profile Service
- Generating Public and Private Keys
- Adding Values for Public Key, Private Key, and Key Index Tokens
- Creating and Retrieving a Profile Instance with an Encrypted Property
- One-Way Hashing: Converting and Comparing User Input to the Hashed Value
- Important Notes for Encrypting Profile Keys
Copyright © 2005 Microsoft Corporation.
All rights reserved.