How to Add Encrypted Properties for Profiles
Commerce Server 2009 supports asymmetric encryption and one-way hashing to enable the encryption of profile properties.
To use asymmetric encryption, you typically follow these steps:
Add profile properties that can be encrypted.
Generate public and private keys.
Migrate data to a new public/private key pair. Data migration is not covered in this topic.
Modify the application code to do the following:
Supply the tokens used in the encryption process to the Profile Service and Commerce Server OLE DB Provider.
Encrypt properties.
Decrypt properties.
One-way hashing is used to encrypt data that does not have to be decrypted, such as passwords. After the encrypted values are stored, data can be compared with the stored values by using a hashing algorithm in a string comparison implementation.
Follow these steps to add new profile properties that can be encrypted. Do not mark properties that have preexisting data as encryptable. Otherwise, the preexisting data will be lost.
Note
If you want to use asymmetric encryption, you will need to follow all three procedures. If you want to use one-way hashed encryption, you only need to follow the last procedure, "To add encrypted properties to a profile."
To add a new property for the key index
Expand Commerce Server Manager, expand Global Resources, expand Profile Catalog, expand Profile Definitions, and then click User Object.
In the right pane, click Profile System in the Properties list.
Click Add in the right pane.
In the Add-Web Page dialog box, select Add a new property, and then click OK.
In the Attributes section, do the following:
Use this
To do this
Name
Type the name, for example, KeyIndex.
Display Name
Type the name to be displayed on the Custom Attributes tab, for example, KeyIndex.
Description
Type the description of the KeyIndex custom attribute.
Type
Select Number.
Type Reference
Select as blank. Cannot be a JoinKey, PrimaryKey, DualKey, or HashingKey.
Click Advanced Attributes section, and do the following:
Use this
To do this
Active
Clear the Yes check box.
Map to Data
Click ellipsis button [...] to create data member of type number if it has not already been created.
Click Apply, and then click the Save icon on the toolbar.
To add a profile level custom attribute
Right-click your profile (for example, User Object), and then select Properties.
In the Profile Properties dialog box, on the Custom Attributes tab, click New.
In the Custom Attribute dialog box, do the following:
Use this
To do this
Name
Type KeyIndex.
Display Name
Type the name to be displayed, for example, KeyIndex.
Description
Type the description of the KeyIndex custom attribute.
Value
Type KeyIndex.
This should be the same property name as the profile created in the previous procedure.
Click OK in the Custom Attribute dialog box.
Click Apply in the User Object Properties dialog box, and then click OK.
To add encrypted properties to a profile
Click Add in the right pane.
In the Add-Web Page dialog box, select Add a new property, and then click OK.
In the Attributes section, do the following:
Use this
To do this
Name
Type the property name.
Display Name
Type the name to be displayed.
Description
Type the description of the property.
Type
Select Password or String.
In the Advanced Attributes section, do the following:
Use this
To do this
Map to data
Click the ellipsis button [...] to map the property to a data member.
Key type
Leave blank.
The key type cannot be a UniqueKey, JoinKey, PrimaryKey, DualKey, or HashingKey.
Encrypted
Select one of the encryption types from the drop-down list.
Exported
Clear the Yes check box.
Multi-valued
Leave blank.
Searchable
Clear the Yes check box.
Hashing Key
Clear the Yes check box.
In the Custom Attributes section, you cannot mark encrypted properties as displaycolumn or friendlyname (for use in the profile editors only).
You cannot create a custom attribute at the property level with a name of EncryptedType (case insensitive).
Encrypted properties are limited to 795 Unicode characters.
To provide a password property with asymmetric encryption, use an Attribute Type of String or Long String, do not use the Password type. For Database Type, use the NVarchar or Text type.
Click Apply, and then click the Save icon on the toolbar.