EntityFrameworkCore.DataEncryption 7.0.0
EntityFrameworkCore.DataEncryption
EntityFrameworkCore.DataEncryption
is a Microsoft Entity Framework Core extension to add support of encrypted fields using built-in or custom encryption providers.
Disclaimer
This project is maintained by SoftFluent
This library has been developed initialy for a personal project of mine which suits my use case. It provides a simple way to encrypt column data.
I do not take responsability if you use/deploy this in a production environment and loose your encryption key or corrupt your data.
How to install
Install the package from NuGet or from the Package Manager Console
:
PM> Install-Package EntityFrameworkCore.DataEncryption
Supported types
Type | Default storage type |
---|---|
string |
Base64 string |
byte[] |
BINARY |
Built-in providers
Name | Class | Extra |
---|---|---|
AES | AesProvider | Can use a 128bits, 192bits or 256bits key |
How to use
EntityFrameworkCore.DataEncryption
supports 2 differents initialization methods:
- Attribute
- Fluent configuration
Depending on the initialization method you will use, you will need to decorate your string
or byte[]
properties of your entities with the [Encrypted]
attribute or use the fluent IsEncrypted()
method in your model configuration process.
To use an encryption provider on your EF Core model, and enable the encryption on the ModelBuilder
.
Example with AesProvider
and attribute
public class UserEntity
{
public int Id { get; set; }
[Encrypted]
public string Username { get; set; }
[Encrypted]
public string Password { get; set; }
public int Age { get; set; }
}
public class DatabaseContext : DbContext
{
// Get key and IV from a Base64String or any other ways.
// You can generate a key and IV using "AesProvider.GenerateKey()"
private readonly byte[] _encryptionKey = ...;
private readonly byte[] _encryptionIV = ...;
private readonly IEncryptionProvider _provider;
public DbSet<UserEntity> Users { get; set; }
public DatabaseContext(DbContextOptions options)
: base(options)
{
_provider = new AesProvider(this._encryptionKey, this._encryptionIV);
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.UseEncryption(_provider);
}
}
The code bellow creates a new AesProvider
and gives it to the current model. It will encrypt every string
fields of your model that has the [Encrypted]
attribute when saving changes to database. As for the decrypt process, it will be done when reading the DbSet<T>
of your DbContext
.
Example with AesProvider
and fluent configuration
public class UserEntity
{
public int Id { get; set; }
public string Username { get; set; }
public string Password { get; set; }
public int Age { get; set; }
}
public class DatabaseContext : DbContext
{
// Get key and IV from a Base64String or any other ways.
// You can generate a key and IV using "AesProvider.GenerateKey()"
private readonly byte[] _encryptionKey = ...;
private readonly byte[] _encryptionIV = ...;
private readonly IEncryptionProvider _provider;
public DbSet<UserEntity> Users { get; set; }
public DatabaseContext(DbContextOptions options)
: base(options)
{
_provider = new AesProvider(this._encryptionKey, this._encryptionIV);
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
// Entities builder *MUST* be called before UseEncryption().
var userEntityBuilder = modelBuilder.Entity<UserEntity>();
userEntityBuilder.Property(x => x.Username).IsRequired().IsEncrypted();
userEntityBuilder.Property(x => x.Password).IsRequired().IsEncrypted();
modelBuilder.UseEncryption(_provider);
}
}
Create an encryption provider
EntityFrameworkCore.DataEncryption
gives the possibility to create your own encryption providers. To do so, create a new class and make it inherit from IEncryptionProvider
. You will need to implement the Encrypt(string)
and Decrypt(string)
methods.
public class MyCustomEncryptionProvider : IEncryptionProvider
{
public byte[] Encrypt(byte[] input)
{
// Encrypt the given input and return the encrypted data as a byte[].
}
public byte[] Decrypt(byte[] input)
{
// Decrypt the given input and return the decrypted data as a byte[].
}
}
To use it, simply create a new MyCustomEncryptionProvider
in your DbContext
and pass it to the UseEncryption
method:
public class DatabaseContext : DbContext
{
private readonly IEncryptionProvider _provider;
public DatabaseContext(DbContextOptions options)
: base(options)
{
_provider = new MyCustomEncryptionProvider();
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.UseEncryption(_provider);
}
}
Thanks
I would like to thank all the people that supports and contributes to the project and helped to improve the library. :smile:
Credits
Package Icon : from Icons8
Showing the top 20 packages that depend on EntityFrameworkCore.DataEncryption.
.NET 6.0
- Microsoft.EntityFrameworkCore (>= 6.0.36 && < 8.0.0)
.NET 7.0
- Microsoft.EntityFrameworkCore (>= 7.0.0 && < 9.0.0)
.NET 8.0
- Microsoft.EntityFrameworkCore (>= 8.0.11)
.NET 9.0
- Microsoft.EntityFrameworkCore (>= 9.0.0)
.NET Standard 2.0
- Microsoft.EntityFrameworkCore (>= 3.1.0 && < 6.0.0)