How to do encryption and decryption in query string value?

Question

I want to use an two way algorithm(means i should both encrypt and decrypt). The below is my

Scenario:

I have a application where user can register by providing their First name, Last name and Email address. Once the data is stored in DB a mail will be sent to Registered User's Registered email address with the below content

Please click the link to configure your account: http://mysitename.com?somepage.aspx?enc=EmailaddresinencyptedFormat

what i am doing is attaching registered user's registered email address in query string in encrypted format. user will click the following link and will be redirected to a configuration page where user enters his/her username,secretquestion. Then the input data and the encrypted emailaddress in the querystring will be passed to service and the service will decrypt them and validate the emailaddress.

Required:

What algorithm can be used to encrypt and decrpt? let me know BEST algorithm for this scenario. Please help me out

Answer 1

Instead of encrypting the email address, place in the database a sufficiently large, 100% random value (such as a GUID or UUID), and associate it with a salted hash of the email address of the person who signed up. Send the GUID to the user in the link. Then, when they finish, you can saltedly hash the email they filled in on the second link and match it to the email address.

Since it is random there is no possibility of guessing random urls and stumbling across other people's registrations, and even if the database leaks only salted hashed emails are exposed, which cannot be decrypted into an email.

http://www.martinstoeckli.ch/php/php.html#bcrypt is a good resource on what hashing is and what it's for.