You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
EntityFrameworkCore.DataEncryption is a Microsoft Entity Framework Core extension to add support of encrypted fields using built-in or custom encryption providers.
Disclaimer
This project is maintained by SoftFluent
This library has been developed initialy for a personal project of mine which suits my use case. It provides a simple way to encrypt column data.
I do not take responsability if you use/deploy this in a production environment and loose your encryption key or corrupt your data.
How to install
Install the package from NuGet or from the Package Manager Console :
Depending on the initialization method you will use, you will need to decorate your string or byte[] properties of your entities with the [Encrypted] attribute or use the fluent IsEncrypted() method in your model configuration process.
To use an encryption provider on your EF Core model, and enable the encryption on the ModelBuilder.
Example with AesProvider and attribute
publicclassUserEntity{publicintId{get;set;}[Encrypted]publicstringUsername{get;set;}[Encrypted]publicstringPassword{get;set;}publicintAge{get;set;}}publicclassDatabaseContext:DbContext{// Get key and IV from a Base64String or any other ways.// You can generate a key and IV using "AesProvider.GenerateKey()"privatereadonlybyte[]_encryptionKey= ...;privatereadonlybyte[]_encryptionIV= ...;privatereadonlyIEncryptionProvider_provider;publicDbSet<UserEntity>Users{get;set;}publicDatabaseContext(DbContextOptionsoptions):base(options){_provider=newAesProvider(this._encryptionKey,this._encryptionIV);}protectedoverridevoidOnModelCreating(ModelBuildermodelBuilder){modelBuilder.UseEncryption(_provider);}}
The code bellow creates a new AesProvider and gives it to the current model. It will encrypt every string fields of your model that has the [Encrypted] attribute when saving changes to database. As for the decrypt process, it will be done when reading the DbSet<T> of your DbContext.
Example with AesProvider and fluent configuration
publicclassUserEntity{publicintId{get;set;}publicstringUsername{get;set;}publicstringPassword{get;set;}publicintAge{get;set;}}publicclassDatabaseContext:DbContext{// Get key and IV from a Base64String or any other ways.// You can generate a key and IV using "AesProvider.GenerateKey()"privatereadonlybyte[]_encryptionKey= ...;privatereadonlybyte[]_encryptionIV= ...;privatereadonlyIEncryptionProvider_provider;publicDbSet<UserEntity>Users{get;set;}publicDatabaseContext(DbContextOptionsoptions):base(options){_provider=newAesProvider(this._encryptionKey,this._encryptionIV);}protectedoverridevoidOnModelCreating(ModelBuildermodelBuilder){// Entities builder *MUST* be called before UseEncryption().varuserEntityBuilder=modelBuilder.Entity<UserEntity>();userEntityBuilder.Property(x =>x.Username).IsRequired().IsEncrypted();userEntityBuilder.Property(x =>x.Password).IsRequired().IsEncrypted();modelBuilder.UseEncryption(_provider);}}
Create an encryption provider
EntityFrameworkCore.DataEncryption gives the possibility to create your own encryption providers. To do so, create a new class and make it inherit from IEncryptionProvider. You will need to implement the Encrypt(string) and Decrypt(string) methods.
publicclassMyCustomEncryptionProvider:IEncryptionProvider{publicbyte[]Encrypt(byte[]input){// Encrypt the given input and return the encrypted data as a byte[].}publicbyte[]Decrypt(byte[]input){// Decrypt the given input and return the decrypted data as a byte[].}}
To use it, simply create a new MyCustomEncryptionProvider in your DbContext and pass it to the UseEncryption method:
