EntityFrameworkCore.DataEncryption is a Microsoft Entity Framework Core extension to add support of encrypted fields using built-in or custom encryption providers.
Install the package from NuGet or from the Package Manager Console :
PM> Install-Package EntityFrameworkCore.DataEncryptionTo use EntityFrameworkCore.DataEncryption, you will need to decorate your string properties of your entities with the [Encrypted] attribute and enable the encryption on the ModelBuilder.
To enable the encryption correctly, you will need to use an encryption provider, there is a list of the available providers:
| Name | Class | Extra |
|---|---|---|
| AES | AesProvider | Can use a 128bits, 192bits or 256bits key |
public class UserEntity
{
public int Id { get; set; }
[Encrypted]
public string Username { get; set; }
[Encrypted]
public string Password { get; set; }
public int Age { get; set; }
}
public class DatabaseContext : DbContext
{
// Get key and IV from a Base64String or any other ways.
// You can generate a key and IV using "AesProvider.GenerateKey()"
private readonly byte[] _encryptionKey = ...;
private readonly byte[] _encryptionIV = ...;
private readonly IEncryptionProvider _provider;
public DbSet<UserEntity> Users { get; set; }
public DatabaseContext(DbContextOptions options)
: base(options)
{
this._provider = new AesProvider(this._encryptionKey, this._encryptionIV);
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.UseEncryption(this._provider);
}
}The code bellow creates a new AesEncryption provider and gives it to the current model. It will encrypt every string fields of your model that has the [Encrypted] attribute when saving changes to database. As for the decrypt process, it will be done when reading the DbSet<T> of your DbContext.
EntityFrameworkCore.DataEncryption gives the possibility to create your own encryption providers. To do so, create a new class and make it inherit from IEncryptionProvider. You will need to implement the Encrypt(string) and Decrypt(string) methods.
public class MyCustomEncryptionProvider : IEncryptionProvider
{
public string Encrypt(string dataToEncrypt)
{
// Encrypt data and return as Base64 string
}
public string Decrypt(string dataToDecrypt)
{
// Decrypt a Base64 string to plain string
}
}To use it, simply create a new MyCustomEncryptionProvider in your DbContext and pass it to the UseEncryption method:
public class DatabaseContext : DbContext
{
private readonly IEncryptionProvider _provider;
public DatabaseContext(DbContextOptions options)
: base(options)
{
this._provider = new MyCustomEncryptionProvider();
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.UseEncryption(this._provider);
}
}