Home/ Questions/Q 6567859
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T14:23:12+00:00

I am new to encryption. I need to keep a field encrypted in a

  • 0

I am new to encryption. I need to keep a field encrypted in a table (DocNumber). I keep this as an encrypted varbinary field by setting:

   docNumber = ENCRYPTBYPASSPHRASE('password', @docnumber)

When I want to query the table using docnumber I do the following:

   WHERE docNumber = DECRYPTBYPASSPHRASE('password', @docNumber)

However it fails to return eligible records. Then I observed that if I call ENCRYPTBYPASSPHRASE() repeatedly with same password and value, I end up getting different encrypted values.
Where am I making the mistake? How do you normally tackle this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve always used it this way, just a slightly different way to organize the predicate:

    WHERE CONVERT(VARCHAR(64), DECRYPTBYPASSPHRASE('password', docNumber)) = @docNumber;

    The difference is that you are running the decrypt on the original value, which includes the cipher at save time, whereas in the version you were trying, you are decrypting again and this generates a different cipher.

    EDIT adding a sample using HASHBYTES():

    USE tempdb;
GO
CREATE TABLE dbo.enctest(x VARBINARY(64));
GO
INSERT dbo.enctest(x) SELECT HASHBYTES('SHA1', 'foo');
INSERT dbo.enctest(x) SELECT HASHBYTES('SHA1', 'bar');
GO
SELECT x FROM dbo.enctest WHERE x = HASHBYTES('SHA1', 'foo');
GO
DROP TABLE dbo.enctest;
GO
    • 0