Here is my issue. I have an account object as follows:
public class Account
{
public virtual int AccountId { get; set; }
[Required(ErrorMessage = "Email address is required.")]
public virtual string EmailAddress { get; set; }
[Required(ErrorMessage = "A password is required.")]
public virtual string Password { get; set; }
}
I want to encrypt the password using a symmetric or asymmetric key. We already have a symmetric key created on the server, but in the case of passwords I don't need to decrypt them.
Keep in mind that the solution needs to be PCI Compliant. That is why I would prefer to let the database handle my encryption. I don't want to use stored procedures unless I absolutely have to.
Question 1: How do I set up the fluent mapping for my Account object so that the password set in the model is encrypted when it is placed into the database?
Question 2: Can I make the password come back null any time an account object is pulled back? I do not want the encrypted values coming back out of the database. I understand this may require me to have a few different account objects, one with the password for creating the account and another without the password to be passed back out of the database. I understand this might not work if I have to compare the encrypted values in the model/service layer.
Question 3: When the user signs in, how do I then compare the entered password with the encrypted password?
Question 4: Should I be using asymmetic encryption instead, since I do not want or intend for my encrypted data to be decrypted?
What is the best practice for storing encrypted passwords with fluent nhibernate and then validating logins?