Compartilhar via


Compress

Passport Crypt Object

The Passport Crypt object is used to locally encrypt or decrypt information stored as local cookies or sent between site pages on a query string. This enables a participating site to use the same security rules locally that Microsoft .NET Passport uses when transmitting profile information through HTTP. In general, you are advised to encrypt local profile information if it is visible to the user as clear text or if .NET Passport profile information is stored in other cookies.

The Passport Crypt object has the following capabilities:

  • Encrypts blobs of data using the same participant key that is used to exchange .NET Passport information sent to the .NET Passport network.
  • Decrypts data using the same key.
  • Provides Helper functions for compressing and decompressing strings to improve encryption efficiency.
  • Calls OnStartPage internally so that the object is reading the correct site key if multiple sites are enabled on a single installation.

Creating a Passport Crypt Object in an ASP Page

To create a Passport Crypt object in an ASP page, use the Active Server Pages (ASP) method, Server.CreateObject:

set oCrypt = Server.CreateObject("Passport.Crypt")

You can also create this object in application scope.

Note  If you use the Passport Crypt object in application or session scope, using the Site property can set the encryption key in the shared Passport Crypt object.

The Passport Crypt object has a built-in OnStartPage method that is called in ASP whenever the page containing the object is loaded. For cases in which more than one host/site/installation is being served from the same physical server, the OnStartPage method will load the key for the current site configuration based on its host name automatically. It is not necessary to change the Host or Site properties of the Passport Crypt object if it was created in page scope. If created in application or session scope, you may need to set the key for the site attempting encryption/decryption by setting the Host or Site properties of the shared object.

Passport Crypt Properties

Passport Crypt Methods

Compress Given a string, compresses the string into a double-byte representation of the same string. This is typically done before calling Encrypt because a string that is encrypted in double-byte representation will save space on the query string or in storage.
Decompress Given a string, decompresses the string from a double-byte representation of the same string. This is typically done after calling Decrypt because a string that is encrypted in double-byte representation will save space on the query string or in storage. This method should be used on any decrypted strings that arrive from the kppvc parameter received for purposes of Kids Passport account verification.
Decrypt Decrypts data encrypted with Encrypt, using the same key.
Encrypt Encrypts data using the same participant key that is used to exchange .NET Passport information sent to the .NET Passport network.

Configuration of Multiple Sites

If your site uses a single Site ID and encryption key, and if no servers in your installation serve Passport Manager for multiple sites on one physical computer, the Passport Crypt object can be instantiated in page, session, or application scope. However, if you have servers configured to handle multiple sites, and each site uses a different encryption key, then the Passport Crypt object should always be created in page scope. When created in page scope, the object's built-in OnStartPage method is called when the object is loaded, and this method determines the host name information being used. Host name information is used to look in the registry and load the correct key for that site configuration. If you must create the object in session or application scope, set the Site or Host properties of the object in order to load the correct keys each time.

See Also

Configuring Multiple Sites