Encryption / Decryption

Hi Ronald,

The functionality has been implemented for symmetrical algorithms, but the configuration required to support this is not yet available for configuration via the model. This can be activated using the configuration in Indicium. 

This is an experimental feature, so be sure to test this accordingly.

You can add the following configuration to the appsettings.json:

"CustomDataProtection": {
 "ProjectID": "",
 "DomainPrefixes": [ "prefix1_", "prefix2_" ],
 "StorageType": "string",
 "Algorithm": {
 "AlgorithmName": "AES",
 "CipherMode": "CBC",
 "PaddingMode": "PKCS7",
 "KeySize": 256,
 "BlockSize": 128,
 "HexIV": "",
 "HexKey": ""
 }
}

The ProjectID indicates the project using data encryption. The domain prefixes are used to determine the domains whose columns are subject to encryption.

HexIV is the hexadecimal initialization vector, used in the cypher. This should be a 16 byte hexadecimal string.

HexKey is the hexadecimal key, used in the cypher. This should be a 32 byte hexadecimal string.

The storagetype determines the storage type of the encrypted value on the database, binary or string. This is a bit tricky because the Software Factory will automatically create the database using the actual domain, not the storage type. This is the main reason we have yet to officially release this with configuration updates to the Software Factory. If the storage type is set to string and the domain is a character-based domain that can contain both the decrypted value and the encrypted value as hexadecimal text, this should work fine.

Logic such as defaults and layouts are called with the decrypted value, datamanipulations such as inserts, updates and tasks are called using the encrypted value.