DbEncryptedString

One of the new features in 3.1 is the DbEncryptedString class. This class allows you to have a property value automatically encrypted upon write to and decrypted upon read from the database.

You can use it as the property type for any mapped class by simply declaring the property as a DbEncryptedString:

public class Thing
{
    public DbEncryptedString SecureData { get; set; }
}

The DbEncryptedString class provides automatic conversion from a .NET string class so you can easily use it as follows:

var thing = new Thing { SecureData = "My Secret data..." };

Once the object is saved to the database (via ISession.Insert() or ISession.Update()) the column will contain the Base64 encoded cipher text (encrypted value). When the object is read from the database it will be decrypted and the clear text will be visible in the property.

The encrypted value will look something along the lines of MlZPjm49IKNGtOQoHAAgEa2+ycQHzXk8FIRbJ/SQ/BM=@ngWykCGsVyD/aD8ZWIhXWw==

If you choose to use DbEncryptedString, you need to manually register the type converter for it. The DbEncryptedStringTypeConverter is designed to work with any implementation of SymmetricAlgorithm and in order to do this, the creation of the SymmetricAlgorithm has been abstracted from the type converter.

The constructor for the DbEncryptedStringTypeConverter is as follows:

public class DbEncryptedStringTypeConverter
{
    public DbEncryptedStringTypeConverter(ISymmetricAlgorithmProvider algorithmProvider)
    {
    }
}

In order to instantiate the DbEncryptedStringTypeConverter, we need to provide it with an implementation of MicroLite.Infrastructure.ISymmetricAlgorithmProvider. MicroLite 3.1 ships with an implementation of this interface which reads the encryption key and algorithm type from the app.config. In order to use it, add 2 values to the appsettings section:

  <appSettings>
    <add key="MicroLite.DbEncryptedString.EncryptionKey" value="bru$3atheM-pey+=!a5ebr7d6Tru@E?4" />
    <add key="MicroLite.DbEncryptedString.SymmetricAlgorithm" value="AesManaged" />
  </appSettings>

The SymmetricAlgorithm can be any which can be created by SymmetricAlgorithm.Create.

It is then possible to instantiate the DbEncryptedStringTypeConverter with the AppSettingSymmetricAlgorithmProvider as follows and register it with MicroLite:

Then register the type converter:

using MicroLite.Infrastructure;
using MicroLite.TypeConverter;

ISymmetricAlgorithmProvider algorithmProvider = new AppSettingSymmetricAlgorithmProvider();
ITypeConverter typeConvter = new DbEncryptedStringTypeConverter(algorithmProvider);

TypeConverter.Converters.Add(typeConverter);
Advertisements

One thought on “DbEncryptedString

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s