Question

Encryption / Decryption

  • 7 May 2020
  • 1 reply
  • 86 views

Badge +3

In the thinkwise roadmap of 2019 i red that it is planned to encrypt en decrypt sensitive data with Indicium. Below is the text what i mean. We want to use this functionality to store passwords for an ftp server. Also we want te use the password in .Net.

Does anyone known if this is already possible? An how it works.

Kinds regards

Ronald 

 


Text in the article
Data Encryption - Do you want to store passwords or other sensitive data? Let Indicium encrypt and decrypt this data for you!


1 reply

Userlevel 6
Badge +2

Hi Ronald,

The functionality has been implemented for symmetrical algorithms, but the configuration required to support this is not yet available for configuration via the model. This can be activated using the configuration in Indicium. 

This is an experimental feature, so be sure to test this accordingly.

You can add the following configuration to the appsettings.json:

"CustomDataProtection": {
"ProjectID": "",
"DomainPrefixes": [ "prefix1_", "prefix2_" ],
"StorageType": "string",
"Algorithm": {
"AlgorithmName": "AES",
"CipherMode": "CBC",
"PaddingMode": "PKCS7",
"KeySize": 256,
"BlockSize": 128,
"HexIV": "",
"HexKey": ""
}
}

The ProjectID indicates the project using data encryption. The domain prefixes are used to determine the domains whose columns are subject to encryption.

HexIV is the hexadecimal initialization vector, used in the cypher. This should be a 16 byte hexadecimal string.

HexKey is the hexadecimal key, used in the cypher. This should be a 32 byte hexadecimal string.

The storagetype determines the storage type of the encrypted value on the database, binary or string. This is a bit tricky because the Software Factory will automatically create the database using the actual domain, not the storage type. This is the main reason we have yet to officially release this with configuration updates to the Software Factory. If the storage type is set to string and the domain is a character-based domain that can contain both the decrypted value and the encrypted value as hexadecimal text, this should work fine.

Logic such as defaults and layouts are called with the decrypted value, datamanipulations such as inserts, updates and tasks are called using the encrypted value.

Reply