EntityFrameworkCore.DataEncryption
7.0.0
dotnet add package EntityFrameworkCore.DataEncryption --version 7.0.0
NuGet\Install-Package EntityFrameworkCore.DataEncryption -Version 7.0.0
<PackageReference Include="EntityFrameworkCore.DataEncryption" Version="7.0.0" />
paket add EntityFrameworkCore.DataEncryption --version 7.0.0
#r "nuget: EntityFrameworkCore.DataEncryption, 7.0.0"
// Install EntityFrameworkCore.DataEncryption as a Cake Addin #addin nuget:?package=EntityFrameworkCore.DataEncryption&version=7.0.0 // Install EntityFrameworkCore.DataEncryption as a Cake Tool #tool nuget:?package=EntityFrameworkCore.DataEncryption&version=7.0.0
EntityFrameworkCore.DataEncryption
EntityFrameworkCore.DataEncryption
is a Microsoft Entity Framework Core extension to add support of encrypted fields using built-in or custom encryption providers.
Disclaimer
<h4 align="center">This project is maintained by SoftFluent</h4><br>
This library has been developed initialy for a personal project of mine which suits my use case. It provides a simple way to encrypt column data.
I do not take responsability if you use/deploy this in a production environment and loose your encryption key or corrupt your data.
How to install
Install the package from NuGet or from the Package Manager Console
:
PM> Install-Package EntityFrameworkCore.DataEncryption
Supported types
Type | Default storage type |
---|---|
string |
Base64 string |
byte[] |
BINARY |
Built-in providers
Name | Class | Extra |
---|---|---|
AES | AesProvider | Can use a 128bits, 192bits or 256bits key |
How to use
EntityFrameworkCore.DataEncryption
supports 2 differents initialization methods:
- Attribute
- Fluent configuration
Depending on the initialization method you will use, you will need to decorate your string
or byte[]
properties of your entities with the [Encrypted]
attribute or use the fluent IsEncrypted()
method in your model configuration process.
To use an encryption provider on your EF Core model, and enable the encryption on the ModelBuilder
.
Example with AesProvider
and attribute
public class UserEntity
{
public int Id { get; set; }
[Encrypted]
public string Username { get; set; }
[Encrypted]
public string Password { get; set; }
public int Age { get; set; }
}
public class DatabaseContext : DbContext
{
// Get key and IV from a Base64String or any other ways.
// You can generate a key and IV using "AesProvider.GenerateKey()"
private readonly byte[] _encryptionKey = ...;
private readonly byte[] _encryptionIV = ...;
private readonly IEncryptionProvider _provider;
public DbSet<UserEntity> Users { get; set; }
public DatabaseContext(DbContextOptions options)
: base(options)
{
_provider = new AesProvider(this._encryptionKey, this._encryptionIV);
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.UseEncryption(_provider);
}
}
The code bellow creates a new AesProvider
and gives it to the current model. It will encrypt every string
fields of your model that has the [Encrypted]
attribute when saving changes to database. As for the decrypt process, it will be done when reading the DbSet<T>
of your DbContext
.
Example with AesProvider
and fluent configuration
public class UserEntity
{
public int Id { get; set; }
public string Username { get; set; }
public string Password { get; set; }
public int Age { get; set; }
}
public class DatabaseContext : DbContext
{
// Get key and IV from a Base64String or any other ways.
// You can generate a key and IV using "AesProvider.GenerateKey()"
private readonly byte[] _encryptionKey = ...;
private readonly byte[] _encryptionIV = ...;
private readonly IEncryptionProvider _provider;
public DbSet<UserEntity> Users { get; set; }
public DatabaseContext(DbContextOptions options)
: base(options)
{
_provider = new AesProvider(this._encryptionKey, this._encryptionIV);
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
// Entities builder *MUST* be called before UseEncryption().
var userEntityBuilder = modelBuilder.Entity<UserEntity>();
userEntityBuilder.Property(x => x.Username).IsRequired().IsEncrypted();
userEntityBuilder.Property(x => x.Password).IsRequired().IsEncrypted();
modelBuilder.UseEncryption(_provider);
}
}
Create an encryption provider
EntityFrameworkCore.DataEncryption
gives the possibility to create your own encryption providers. To do so, create a new class and make it inherit from IEncryptionProvider
. You will need to implement the Encrypt(string)
and Decrypt(string)
methods.
public class MyCustomEncryptionProvider : IEncryptionProvider
{
public byte[] Encrypt(byte[] input)
{
// Encrypt the given input and return the encrypted data as a byte[].
}
public byte[] Decrypt(byte[] input)
{
// Decrypt the given input and return the decrypted data as a byte[].
}
}
To use it, simply create a new MyCustomEncryptionProvider
in your DbContext
and pass it to the UseEncryption
method:
public class DatabaseContext : DbContext
{
private readonly IEncryptionProvider _provider;
public DatabaseContext(DbContextOptions options)
: base(options)
{
_provider = new MyCustomEncryptionProvider();
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.UseEncryption(_provider);
}
}
Thanks
I would like to thank all the people that supports and contributes to the project and helped to improve the library. π
Credits
Package Icon : from Icons8
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. |
.NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
.NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen40 was computed. tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- Microsoft.EntityFrameworkCore (>= 3.1.0 && < 6.0.0)
-
net6.0
- Microsoft.EntityFrameworkCore (>= 6.0.36 && < 8.0.0)
-
net7.0
- Microsoft.EntityFrameworkCore (>= 7.0.0 && < 9.0.0)
-
net8.0
- Microsoft.EntityFrameworkCore (>= 8.0.11)
-
net9.0
- Microsoft.EntityFrameworkCore (>= 9.0.0)
NuGet packages (11)
Showing the top 5 NuGet packages that depend on EntityFrameworkCore.DataEncryption:
Package | Downloads |
---|---|
FamilyHubs.SharedKernel
Package Description |
|
Perigee.Framework.EntityFramework
Package Description |
|
TBC.VNext.Framework.Domain
Package Description |
|
GuiLi.Abp.Crypto.EntityFrameworkCore
Package Description |
|
Szyj.Pecis.Core
ε°ε²ε»ε₯ι’εζ₯ζcore |
GitHub repositories
This package is not used by any popular GitHub repositories.