Encrypted data is not a text string, it is an array of binary octets. You will have to do something like base64 encode/decode when treating it as a text string.

/r$

Your "string" is not portable (it isn't even a string). Whence, storing
it as a string in your database isn't a good thing to do.
Try encoding it in base64 after your encryption, and store the result
(which will be a clean portable string).
An alternative solution is to store your encrypted value as binary data.

In fact, following your link, those are the first 2 answers...
--
Erwann ABALEA

Can anyone PLZ tell me how can one do base64 encode/decode on OPENSSL

PLz provide a link where can learn how to use the base64 in openssl

Or the OP should use a data type of the database which allows storing
binary actets, like BLOB (Sybase) or IMAGE (Oracle) or ... depends on
your DBS.

matthias
--
Sent from my FreeBSD netbook

Matthias Apitz | - No system with backdoors like Apple/Android
E-mail: ***@unixarea.de | - Never being an iSlave
WWW: http://www.unixarea.de/ | - No proprietary attachments, no HTML/RTF in E-mail
phone: +49-170-4527211 | - Respect for open standards
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Look up the documentation of the following OpenSSL functions (Yes this
is a bit roundabout for encoding a single string, but this is all
OpenSSL exposes):

BIO_f_base64
BIO_s_mem

A better way is to use a non-OpenSSL library to Base64 (or Base32 or
Base85 or Base16 or whatever you like) the binary data directly, without
the gratuitous insertion of newlines and "=" sign padding done
by the file-oriented BIO_f_base64.

An even better way is to use the SQL syntax for explicitly specifying
non-textual bytes in field values (ask an SQL expert or read the
documentation that came with your database development tools).
Enjoy

Jakob

There is greater need for precision in what is desired. Doing a
base64 encoding and storing encrypted data are two entirely different
matters, required sometimes in quite different circumstances. I
generally do not bother with encoding as that is not normally needed
in what I do, but a 30 second search using google found this somewhat
dated note: http://www.ioncannon.net/programming/34/howto-base64-encode-with-cc-and-openssl/
Perhaps someone who knows openssl much better than I can tell us if
the information contained in it is still accurate. My experience with
openssl is primarily in using it to create and manage certificates.
Any handling of encrypting and storing data, I typically divide
between whatever RDBMS I am using for a given task and perl.

That said, if the only real requirement is to store encrypted data in
a database, the task is dirt simple (or perhaps simpler, as a soil
scientist would probably tell us that dirt isn't so simple). First,
one must recognize that the encrypted data is binary data, not plain
text (i.e., for the OP, what blowfish returned to you wasn't a string
at all, but rather binary data, and it is a mistake to try to treat it
like a string). Once you know that, then the task becomes as
trivially simple as to define the field in the table that is to hold
that data to be of type varbinary, with a suitable maximum length.
That is fairly standard across RDBMS. It is available in all the
RDBMS I have worked with (MS SQL Server, MySQL, PostgreSQL), and has
been for a rather long time.The connector library documentation you
use to connect to whatever database you're using ought to have
sufficient documentation on how to handle varbinary data.

And, of course, if you're storing encrypted data in your database, you
must ensure that you are storing everything you need to be able to
decrypt it (and there is little point in storing it encrypted if the
key used is stored in the same database, as any bad guy who gains
access to your DB has thus access to both the encrypted data and the
key needed to decrypt it, but that gets to an issue in the
architecture of the software system you're building, and I am sure you
don't wwant me to talk about use of multiple servers on multiple
subnets each separated from the others by firewalls using a blend of
techniques such as IP filtering - my enthusiasm for paranoia might
just get the best of me if I do .... ).

Cheers

Ted
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Hahaha, I thought I was reading my own notes there for a minute Ted.

I would highly recommend the key not being on the same machine, or even in the
same cluster.
And honestly, not the same data warehouse for that matter. (Anything in the
warehouse can be cross-tracked and traced, and you're be surprised how many
times it's a worker at the warehouse who doesn't know what he doesn't know.)

My 2cents/agreeing with Ted,

Paranoia RULZ.

After while crocodiles.
~dodi.

-----Original Message-----
From: owner-openssl-***@openssl.org [mailto:owner-openssl-***@openssl.org]
On Behalf Of Ted Byers
Sent: Thursday, March 28, 2013 6:40 PM
To: openssl-***@openssl.org
Subject: Re: how to STORE encrypted string in database

There is greater need for precision in what is desired. Doing a
base64 encoding and storing encrypted data are two entirely different matters,
required sometimes in quite different circumstances. I generally do not
bother with encoding as that is not normally needed in what I do, but a 30
second search using google found this somewhat dated note:
http://www.ioncannon.net/programming/34/howto-base64-encode-with-cc-and-openssl/
Perhaps someone who knows openssl much better than I can tell us if the
information contained in it is still accurate. My experience with openssl is
primarily in using it to create and manage certificates.
Any handling of encrypting and storing data, I typically divide between
whatever RDBMS I am using for a given task and perl.

That said, if the only real requirement is to store encrypted data in a
database, the task is dirt simple (or perhaps simpler, as a soil scientist
would probably tell us that dirt isn't so simple). First, one must recognize
that the encrypted data is binary data, not plain text (i.e., for the OP, what
blowfish returned to you wasn't a string at all, but rather binary data, and
it is a mistake to try to treat it like a string). Once you know that, then
the task becomes as trivially simple as to define the field in the table that
is to hold that data to be of type varbinary, with a suitable maximum length.
That is fairly standard across RDBMS. It is available in all the RDBMS I have
worked with (MS SQL Server, MySQL, PostgreSQL), and has been for a rather long
time.The connector library documentation you use to connect to whatever
database you're using ought to have sufficient documentation on how to handle
varbinary data.

And, of course, if you're storing encrypted data in your database, you must
ensure that you are storing everything you need to be able to decrypt it (and
there is little point in storing it encrypted if the key used is stored in the
same database, as any bad guy who gains access to your DB has thus access to
both the encrypted data and the key needed to decrypt it, but that gets to an
issue in the architecture of the software system you're building, and I am
sure you don't wwant me to talk about use of multiple servers on multiple
subnets each separated from the others by firewalls using a blend of
techniques such as IP filtering - my enthusiasm for paranoia might just get
the best of me if I do .... ).

Cheers

Ted
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org




______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

The newlines and padding are required by PEM, and MIME,
and even today sometimes useful for their intended use cases.
You can suppress the newlines with BIO_FLAGS_BASE64_NO_NL .
(But not in PEM_read/write_xxx which manages its own b64BIO.)

EVP_{Encode,Decode}Block aren't documented but are external-linkage
in evp.h (not evp_locl.h) and have been stable for a long time,
and straightforward to use.

Or as you say another base64 implementation or other encoding.
That too.



______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Yes, it is useful for e-mail (MIME, S/MIME and PEM), but nothing but
problems for
many other uses, such as XML attribute values, tab/space/CSV files, SQL
databases,
URL parameters, cookie values etc. Unfortunately these concerns were not
sufficiently dealt with in the standalone Base64/Base32/Base16 RFC,
which blindly
repeats the padding rules from MIME.
That is really badly hidden then. No mention in the BIO_f_base64
manpage, no
nearby "base64" grep result in evp.h., and no base64 substring in the
function names
themselves.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

Since SQlite was mentioned that would be BLOB.

http://sqlite.org/datatype3.html

I've done this before with mysql and the BINARY type and requires no
conversion
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

hi,

i have tried all the datatype in SQLite that can hold string and char
(CHARACTER,VARCHAR,VARYING CHARACTER,NCHAR,NATIVE
CHARACTER,NVARCHAR,TEXT,CLOB,BLOB)

BUT NONE have hold the encrypted string that i'm trying to Store and retieve

i even tried on to store on text file but with the same result??

base 64 fail for cases where the bizzare symbol is 00x00

PLZ can anyone help - to store encrypted text generated by Openssl (EVP)
to STORE in Database SQLite


On Mon, Apr 1, 2013 at 8:48 AM, Daniel Black

One solution i thought could work was to convert the char into int and use
mode 128 to bring then in the range of ascii caracters

but it consists of negative number as well which complicate thing

difficult to fit in the ascii space

++++

when convert same int to char get different char

A sample example is ::

int test = -90; // == to '▓' when char converted to int

char letter = '▓';

printf("Char TO int %c \n",(int)letter); // -90

printf("int TO Char %c \n",(char)test); //ª WHICH is not = '▓'


PLZ can someone provide a solution -- to store encrypted text in a database
- SQLite??

Ø PLZ can someone provide a solution -- to store encrypted text in a database - SQLite??

You might have gotten all the help that the volunteers who read this list are going to give you. If you look through the archives, you might see that people here generally do not post complete source code solutions. Code fragments, and suggestions of techniques and where to look are far more common.

The comment “base 64 doesn’t work” means you are doing something wrong. If the OpenSSL API is giving you problems, perhaps http://base64.sourceforge.net/b64.c will be more useful to you.

/r$

Daniel Black gave the solution :
I confirm that SQLLite supports BLOB, that is to say "binary storage".
http://www.sqlite.org/datatype3.html

It is strange that it does not work...

Apart from that, dummy storage of binary data as ascii is trivial (no
need of any sophisticated encoding such as b64) :

just store hexa number "8F" as two ascii characters "8" and "F".
Ok, then you need 2 bytes to store 1, so a 200% expansion,
but is storage space really a problem in your case ?

I am surprised of a so big thread for a so trivial question.

Encrypted or not is not the problem.
Or I mean "encrypt/decrypt" and storage of keys is another pb. Some
directions have also been given in the thread for that.

Best,

Pierre

Base64 never fails for any binary data. Something's wrong in your steps. As
far as I understand you are using Qt, right? In Qt you have direct methods
in QByteArray class for converting to Base64 String and retrieving back
from it.