Visus.DataProtection 1.2.2

dotnet add package Visus.DataProtection --version 1.2.2                
NuGet\Install-Package Visus.DataProtection -Version 1.2.2                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Visus.DataProtection" Version="1.2.2" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Visus.DataProtection --version 1.2.2                
#r "nuget: Visus.DataProtection, 1.2.2"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Visus.DataProtection as a Cake Addin
#addin nuget:?package=Visus.DataProtection&version=1.2.2

// Install Visus.DataProtection as a Cake Tool
#tool nuget:?package=Visus.DataProtection&version=1.2.2                

Visus.DataProtection

A library that adds per-column encryption (for string columns) to Entity Framework Core.

How it works

The library must be injected when building a database model. It functions as a conversion for a property of an entity, which encrypts the data using AES when writing it and decrypts it when reading it. In order to perform the AES encryption, you need to provide an encryption key in your appsettings.json via the DataProtectionConfiguration options class. If you provide an initialisation vector here, this value will be used for all properties, otherwise, random IV will be created every time.

[!CAUTION] You must not change DataProtectionConfiguration.DatabaseKey nor DatabaseKey.InitialisationVector after you wrote the first data to the database or you will lose access to the data already written!

Usage

Add a section for DataProtectionConfiguration in your appsettings.json. Set a DatabaseKey, which will be converted to an AES key via PBKDF2. You can configure the iterations via DataProtectionConfiguration.Iterations. The default is 10,000.

"DataProtection": {
    "DatabaseKey": "Some random stuff that you should keep secret."
}

Add the configuration to the service collection:

builder.Services.AddOptions<DataProtectionConfiguration>()
    .Bind(config.GetSection("DataProtection"));

In you database context, inject IOptions<DataProtectionConfiguration> to get access to the cryto parameters.

public MyContext(DbContextOptions<MyContext> dbOptions,
        IOptions<DataProtectionConfiguration> dpOptions)
        : base(dbOptions) {
    this._dataProtection = dpOptions.Value;
}

Override OnModelCreating to add the encryption converter:

modelBuilder.Entity<MyEntity>(b => {
    b.AddDataProtection(this._dataProtection);
});

The encryption will affect all properties of MyEntity which have been marked with [Protected]:

public sealed class MyEntity {

    [Key, Column(Order = 0)]
    [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
    public int ID { get; set; }

    [Column(Order = 1)]
    [Protected]
    public string Secret { get; set; }

    [Column(Order = 1)]
    [Protected(Searchable = "ADFKJ$asdjb234134m.djn34änds/(gsd")]
    public string Secret { get; set; }
}

Setting the Searchable property of the ProtectedAttribute forces the initialisation vector of the column to be derived from the property, even if random IVs were configured in DataProtectionConfiguration. This enables searching the column for exact matches, because the search string can be encrypted the same way as the data.

[!WARNING] Do not copy the Searchable value from the example, but use your own string. If possible, to not check in the code to a public repository.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.1 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.2.2 97 10/9/2024
1.2.1 189 4/26/2023
1.2.0 159 4/26/2023
1.1.0 168 4/26/2023
1.0.0 159 4/26/2023