Skip to content
/ EntityFrameworkCore.DataEncryption Public

A plugin for Microsoft.EntityFrameworkCore to add support of encrypted fields using built-in or custom encryption providers.

License

MIT license
328 stars 56 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SoftFluent/EntityFrameworkCore.DataEncryption

BranchesTags

Repository files navigation

EntityFrameworkCore.DataEncryption

.NET Nuget Nuget Downloads

EntityFrameworkCore.DataEncryption is a Microsoft Entity Framework Core extension to add support of encrypted fields using built-in or custom encryption providers.

Disclaimer

This project is maintained by SoftFluent


This library has been developed initialy for a personal project of mine which suits my use case. It provides a simple way to encrypt column data.

I do not take responsability if you use/deploy this in a production environment and loose your encryption key or corrupt your data.

How to install

Install the package from NuGet or from the Package Manager Console :

PM> Install-Package EntityFrameworkCore.DataEncryption

Supported types

Type Default storage type
string Base64 string
byte[] BINARY

Built-in providers

Name Class Extra
AES AesProvider Can use a 128bits, 192bits or 256bits key

How to use

EntityFrameworkCore.DataEncryption supports 2 differents initialization methods:

  • Attribute
  • Fluent configuration

Depending on the initialization method you will use, you will need to decorate your string or byte[] properties of your entities with the [Encrypted] attribute or use the fluent IsEncrypted() method in your model configuration process. To use an encryption provider on your EF Core model, and enable the encryption on the ModelBuilder.

Example with AesProvider and attribute

public class UserEntity
{
	public int Id { get; set; }
	
	[Encrypted]
	public string Username { get; set; }
	
	[Encrypted]
	public string Password { get; set; }
	
	public int Age { get; set; }
}

public class DatabaseContext : DbContext
{
	// Get key and IV from a Base64String or any other ways.
	// You can generate a key and IV using "AesProvider.GenerateKey()"
	private readonly byte[] _encryptionKey = ...; 
	private readonly byte[] _encryptionIV = ...;
	private readonly IEncryptionProvider _provider;

	public DbSet<UserEntity> Users { get; set; }
	
	public DatabaseContext(DbContextOptions options)
		: base(options)
	{
		_provider = new AesProvider(this._encryptionKey, this._encryptionIV);
	}
	
	protected override void OnModelCreating(ModelBuilder modelBuilder)
	{
		modelBuilder.UseEncryption(_provider);
	}
}

The code bellow creates a new AesProvider and gives it to the current model. It will encrypt every string fields of your model that has the [Encrypted] attribute when saving changes to database. As for the decrypt process, it will be done when reading the DbSet<T> of your DbContext.

Example with AesProvider and fluent configuration

public class UserEntity
{
	public int Id { get; set; }
	public string Username { get; set; }
	public string Password { get; set; }
	public int Age { get; set; }
}

public class DatabaseContext : DbContext
{
	// Get key and IV from a Base64String or any other ways.
	// You can generate a key and IV using "AesProvider.GenerateKey()"
	private readonly byte[] _encryptionKey = ...; 
	private readonly byte[] _encryptionIV = ...;
	private readonly IEncryptionProvider _provider;

	public DbSet<UserEntity> Users { get; set; }
	
	public DatabaseContext(DbContextOptions options)
		: base(options)
	{
		_provider = new AesProvider(this._encryptionKey, this._encryptionIV);
	}
	
	protected override void OnModelCreating(ModelBuilder modelBuilder)
	{
		// Entities builder *MUST* be called before UseEncryption().
		var userEntityBuilder = modelBuilder.Entity<UserEntity>();
		
		userEntityBuilder.Property(x => x.Username).IsRequired().IsEncrypted();
		userEntityBuilder.Property(x => x.Password).IsRequired().IsEncrypted();

		modelBuilder.UseEncryption(_provider);
	}
}

Create an encryption provider

EntityFrameworkCore.DataEncryption gives the possibility to create your own encryption providers. To do so, create a new class and make it inherit from IEncryptionProvider. You will need to implement the Encrypt(string) and Decrypt(string) methods.

public class MyCustomEncryptionProvider : IEncryptionProvider
{
	public byte[] Encrypt(byte[] input)
	{
		// Encrypt the given input and return the encrypted data as a byte[].
	}
	
	public byte[] Decrypt(byte[] input)
	{
		// Decrypt the given input and return the decrypted data as a byte[].
	}
}

To use it, simply create a new MyCustomEncryptionProvider in your DbContext and pass it to the UseEncryption method:

public class DatabaseContext : DbContext
{
	private readonly IEncryptionProvider _provider;

	public DatabaseContext(DbContextOptions options)
		: base(options)
	{
		_provider = new MyCustomEncryptionProvider();
	}

	protected override void OnModelCreating(ModelBuilder modelBuilder)
	{
		modelBuilder.UseEncryption(_provider);
	}
}

Thanks

I would like to thank all the people that supports and contributes to the project and helped to improve the library. 😄

Credits

Package Icon : from Icons8

About

A plugin for Microsoft.EntityFrameworkCore to add support of encrypted fields using built-in or custom encryption providers.

Topics

plugin encryption dotnet-core entity-framework-core netstandard ef-core netstandard20 custom-encryption

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

328 stars

Watchers

19 watching

Forks

56 forks
Report repository

Releases 6

Version 6.0.0 Latest
Oct 15, 2024
+ 5 releases

Packages

No packages published

Contributors 6

Languages