The valid encrypted column data types are:
Not currently supported:
- Key versioning
- Only one encryption key can be used.
- Using a CRC or SHA to assert the encrypted data hasn't been modified.
- Encrypted columns can't be row constants, primary keys, or identity columns.
- Table conditions (filtering down results)
- Max length
How to set up database encryption
- Create a class named Encryption that implements SystemEncryptionProvider and put it in the Library/Configuration/Providers Folder.
- Override the required Key property. If you're using the default SymmetricAlgoritm, use use Rijndael.Create() to generate your key.
- Create the database table, which includes an IV column and as many encrypted columns as you desire. To reduce headaches with overflow, set their data type to varbinary(max).
- In Development.xml, create the element EncryptedTables as a child of database
For each table, create a table element which has:
- A tableName attribute, which is the table's name.
A IvColumnName attribute, which is the name of the initialization vector column, which should be unique to each row
- This is required.
Create a column element as a child of the table element, which has:
- A ColumnName attribute
- A DataType attribute, which is one of the above supported types.
- If this is for a table with no existing rows, you are done.
- If this is for a table with existing rows, set the encrypted empty columns to 0x. This is only possible for the data types above that support a null value.
- Override the default string encoding of UFT8 by overriding the StringEncoding property
- Any encryption algorithm can be used that implements SymmetricAlgorithm. This encryption algorithm will be called by the framework to encrypt, decrypt, and generate IVs.
- All of the above supported primitive data types encryption and decryption implementations can be overridden in this provider. This is useful if using EWL encryption in a solution where an encryption implementation already existed.