In this article Brian Patterson will cover some of the encryption classes provided in the .NET Framework. Once you have got a grasp on how to use these algorithms, he will wrap things up with a sample order application that will encrypt credit card information before saving it to either a SQL Server or Oracle database server.
String Encryption With Visual Basic .NET - Decrypting the Order Data (Page 6 of 7 )
As you may recall, when we started building this application we added a form to the project called AllOrders.vb. From the Project Explorer, go to this form and double click on the form. We want our code to be placed in the Form Load event. When the form loads, the data will be retrieved from the database, decrypted and shown in the ListView control. We could simply use a Grid control and bind to the database, but since we are dealing with encrypted data, we would have no way to decrypt the data before it is displayed in the control. Therefore, we must loop through every record, decrypting and displaying it in the ListView.
Add the following code (in bold) to the form load event.
Private Sub AllOrders_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Dim dr As DataRow Dim CCNumber As String Dim TDES As TripleDES Dim lvi As ListViewItem
' load all of the orders Dim gsConn As SqlConnection = New SqlConnection("data source=dotnetserver;initial catalog=3DESOrders; Trusted_Connection=true;workstation id=POWERHOUSE;packet size=4096")
' Declare our select command to retrieve all orders from the database Dim selectCMD As SqlCommand = New SqlCommand("SELECT * from CUSTOMER_ORDER", gsConn) selectCMD.CommandTimeout = 30 Dim itemDA As SqlDataAdapter = New SqlDataAdapter() itemDA.SelectCommand = selectCMD gsConn.Open()
' Fill a dataset with all the orders. Dim orderDS As DataSet = New DataSet() itemDA.Fill(orderDS, "CUSTOMER_ORDER") gsConn.Close()
' Loop through all the orders decrypting the credit card ' information For Each dr In orderDS.Tables("CUSTOMER_ORDER").Rows TDES = New TripleDES() CCNumber = TDES.Decrypt(dr.Item("CC_NUMBER"))
' Now that the information has been decrypted, lets ' add it to our ListView control. lvi = New ListViewItem() lvi.Text = dr.Item("FIRST_NAME") lvi.SubItems.Add(dr.Item("LAST_NAME")) lvi.SubItems.Add(dr.Item("ADDRESS")) lvi.SubItems.Add(dr.Item("CITY")) lvi.SubItems.Add(dr.Item("STATE")) lvi.SubItems.Add(dr.Item("ZIP")) lvi.SubItems.Add(dr.Item("CC_TYPE")) lvi.SubItems.Add(CCNumber) lvi.SubItems.Add(dr.Item("CC_EXP")) ListView1.Items.Add(lvi)
Next End Sub
Again, this code is intended for SQL Server, to use it you must change the data source specification to point to the server you intend to use. To use this with Oracle, all you need to do is change to connection string to use the Oracle driver as well as change all Sql references to OleDb. Change the connection string to the following line of code for use with Oracle:
Dim gsConn As OleDbConnection = New OleDbConnection ("Provider=MSDAORA.1;Password=orders;User ID=orders;Data Source=tst")
With this code in place you are now able to load and decrypt the data from the database. One thing that is missing, however, is code to actually open the form up. Return to Form1 of the project and double click the View Orders button so we can add some code to its Click event. Add the following code to the click event of that button.
Dim frmAllOrders As New AllOrders() frmAllOrders.ShowDialog()
We can proceed by running the application and clicking the View Orders button. After a few moments you should decrypted data displayed in the ListView as seen here.