SgDotNet
Singapore Professional .NET User Group -For Cool Developers
Forums » SgDotNet Community Projects » Paladin » Encrypted fields

Encrypted fields

rated by 0 users
This post has 1 Reply | 0 Followers

Top 500 Contributor
Posts 5
Reply
chid Posted: 08-09-2005 12:37 AM
Ok, how about this... also in my app I have the requirement for encrypted fields.  In my previous framework (VB6), I handled this at the data level.  If a field was marked as encrypted, it was encrypted prior to saving to the DB and decrypted when it was read into the object.  I used it for a variety of fields, passwords, sensitive info, etc.  The encryption was probably weak by today's standards, but it did the job.  Anyways, I read an article a while back that talked about encrypting fields in a db and come up with some ideas for how to do it in the .NET/Paladin world.  Let me know what you think:

First we'd need a new attribute, something like this:
<Serializable(), AttributeUsage(AttributeTargets.Field)> _
Public Class EncryptedFieldAttribute
    Inherits Attribute

    Private _VectorField As String = ""
    Private _Scheme As EncryptionSchemes = EncryptionSchemes.None
    Private _DatabaseDataType As DataTypes = DataTypes.Text

    Public ReadOnly Property Scheme() As EncryptionSchemes
        Get
            Return _Scheme
        End Get
    End Property

    ' ?? the underlying data storage type might be Varchar, but the public property could be Int
    Public ReadOnly Property DatabaseDataType() As PaladinDbType
        Get
            Return _DatabaseDataType
        End Get
    End Property
    Public ReadOnly Property VectorField() As String
        Get
            Return _VectorField
        End Get
    End Property

    Public Sub New()
        MyClass.New(EncryptionSchemes.None, "", PaladinDbType.Text)
    End Sub
    Public Sub New(ByVal Scheme As EncryptionSchemes)
        MyClass.New(Scheme, "", DataTypes.Text)
    End Sub
    Public Sub New(ByVal Scheme As EncryptionSchemes, ByVal VectorField As String)
        MyClass.New(Scheme, VectorField, DataTypes.Text)
    End Sub
    Public Sub New(ByVal Scheme As EncryptionSchemes, ByVal VectorField As String, ByVal DatabaseDataType As PaladinDbType)
        _Scheme = Scheme
        _VectorField = VectorField
        _DatabaseDataType = DatabaseDataType
    End Sub
End Class
These are the possible values for EncryptionScheme:
Public Enum EncryptionSchemes
    None
    Hashed         ' MD5, one-way encryption
    PublicVector     ' RijndaelManaged (using an application level vector)
    PrivateVector     ' RijndaelManaged (using a row level vector -- highest security) 
    Custom         ' User overridable
End Enum
Usage(s):

' hashed password value
<DataField("tblUsers", "tblUsers", "Password", "Password", true, 255, false, false, false, 0, 0, PaladinDbType.NVarchar), _
 EncryptedField(EncryptionSchemes.Hashed)> _
Friend Password As System.String = String.Empty

' private vector value, points to another field for the vector value
<DataField("tblUsers", "tblUsers", "SSN", "SSN", true, 255, false, false, false, 0, 0, PaladinDbType.NVarchar), _
 EncryptedField(EncryptionSchemes.PrivateVector, "SSN_Key")> _
Friend SSN As System.String = String.Empty

' private vector key value -- key is generated on insert
<DataField("tblUsers", "tblUsers", "SSN_Key", "SSN_Key", true, 255, false, false, false, 0, 0, PaladinDbType.NVarchar)> _
Friend SSN_Key As System.String = String.Empty

' private vector value, points to another field for the vector value
<DataField("tblUsers", "tblUsers", "Salary", "Salary", true, 8, false, false, false, 8, 4, PaladinDbType.Real), _
 EncryptedField(EncryptionSchemes.Custom)> _
Friend Salary As Double = 0

' overriden EntityBase.Encrypt/Decrypt methods
Protected Overrides Function Encrypt(ByVal Field As String) As String
    select case Field.ToLower
        case "salary"
            Return {some custom algorithm to encrpyt)
        Case Else
            Return MyBase.Encrypt(Field)
    End Select
End Function

Protected Overrides Function Decrypt(ByVal Field As String, ByVal Value As String) As String
    select case Field.ToLower
        case "salary"
            Return {some custom algorithm to decrpyt)
        Case Else
            Return MyBase.Decrypt(Field, Value)
    End Select    
End Function
Challenges:

 - Data Type conversion.  Since most encrypted values are text, how do you handle encrypting numeric data.  Ideally the object would display the correct the datatype and internally the framework would handle the proper "DB" type.  I thought maybe the property on the encryptedfieldattribute could handle this.
 - Private vector fields.  On insert, this field won't be populated, so you'd have to add it at some point so it shows up in the ChangedColumns collection (otherwise it won't get inserted, right?)
 - For one-way encryption, you'd have to be careful not to encrypt and already encypted value.  Since it is one way, the object's value would be the encypted value, so it should only be (re)encrypted if it has been changed.

I have a class to encrypt/decrypt using MD5 and RijndaelManaged if you need it Stick out tongue [:P]

Anyone else have a requirement for this?

-Mike

Top 10 Contributor
Posts 1,626
Reply
Firedancer replied on 08-09-2005 9:53 PM

Hi Mike,

I think it is pretty overkill to build that into the framework as I feel that the data can actually be encrypted before assigning to the entities. I have not came across such requirements.Geeked [8-|]

Anyway, I will have to temporary stop implementing new features into the framework to buy more time for myself to learn up .NET 2.0. Crying [:'(]

Software development made easy with Paladin RAD Framework. Save some trees, use Stickies.NET
Page 1 of 1 (2 items) | RSS
Copyright SgDotNet 2004-2008
Powered by Community Server (Commercial Edition), by Telligent Systems