Case Status Kiln
Log In

Wiki

Options

 
Implementing Database Encrypti…
  • RSS Feed

Last modified on 3/17/2014 5:49 PM by User.

Tags:

Implementing Database Encryption

The valid encrypted column data types are:

  • System.Int32
  • Nullable<System.Int32>
  • System.Guid
  • Nullable<System.Guid>
  • System.DateTime
  • Nullable<System.DateTime>
  • System.String
  • System.Byte[]
  • System.Boolean
  • Nullable<System.Boolean>

Not currently supported:

  • Key versioning
  • Only one encryption key can be used.
  • Integrity hashes
    • Using a CRC or SHA to assert the encrypted data hasn't been modified.
  • Encrypted columns can't be row constants, primary keys, or identity columns.
  • Table conditions (filtering down results)
  • Max length

How to set up database encryption

  1. Create a class named Encryption that implements SystemEncryptionProvider and put it in the Library/Configuration/Providers Folder.
  2. Override the required Key property. If you're using the default SymmetricAlgoritm, use use Rijndael.Create() to generate your key.
  3. Create the database table, which includes an IV column and as many encrypted columns as you desire. To reduce headaches with overflow, set their data type to varbinary(max).
  4. In Development.xml, create the element EncryptedTables as a child of database
  5. For each table, create a table element which has:
    1. A tableName attribute, which is the table's name.
    2. A IvColumnName attribute, which is the name of the initialization vector column, which should be unique to each row
      1. This is required.
  6. Create a column element as a child of the table element, which has:
    1. A ColumnName attribute
    2. A DataType attribute, which is one of the above supported types.
  7. If this is for a table with no existing rows, you are done.
  8. If this is for a table with existing rows, set the encrypted empty columns to 0x. This is only possible for the data types above that support a null value.

Advanced

  • Override the default string encoding of UFT8 by overriding the StringEncoding property
  • Any encryption algorithm can be used that implements SymmetricAlgorithm. This encryption algorithm will be called by the framework to encrypt, decrypt, and generate IVs.
  • All of the above supported primitive data types encryption and decryption implementations can be overridden in this provider. This is useful if using EWL encryption in a solution where an encryption implementation already existed.