带有 Sql Server 列级加密的实体框架

Question

I have a requirement to encrypt a number of database columns (in Sql Server 2012). It has been decided that we should use column level encryption (implemented in sql server). On the application side i will be building a web api on top of some complex domain models. I really want to utilize Entity Framework's code first approach, to maintain a clean domain model). Does anyone have a workable solution here that does not involve resorting back to stored procedures? Ideally I would like to somehow manipulate the sql generated by entity framework to wrap certain fields to do the sql encryption / decryption functions.

Ideally , something like:

modelBuilder.Entity<MyTable>().ToTable("Table1").Property(p => p.SensativeData).encrypt("keyName",authenticatorFunc);

Answer 1

In SQL Server 2012, column level encryption can be done mainly in two ways ie,

1. Defining Custom Encryption function in Entity framework. this blog
2. SQL Cell Level Encryption implementation done in entity framework in dbcontext Class (execute open symmetric key code here) using this blog and using stored procedure (which contain decryption code for specified field in tables ) retrieve result sets.

In SQL server 2016 there is new feature ie, Always encrypted and has its implementation in entity framework here .

Answer 2

I know it's a bit old, but if you are using Entity Framework Core, I have developed an Entity Framework Core plugin that handles data encryption of a string field using a custom attribute. Actually there is only the AES encryption provider available, but you can easily implement new encryption providers. Check it out here: https://github.com/Eastrall/EntityFrameworkCore.DataEncryption

It's compatible with EF Core 2 and 3.

Quick example:

public class UserEntity
{
    public int Id { get; set; }

    [Encrypted]
    public string Username { get; set; }

    [Encrypted]
    public string Password { get; set; }

    public int Age { get; set; }
}

public class DatabaseContext : DbContext
{
    // Get key and IV from a Base64String or any other ways.
    // You can generate a key and IV using "AesProvider.GenerateKey()"
    private readonly byte[] _encryptionKey = ...; 
    private readonly byte[] _encryptionIV = ...;
    private readonly IEncryptionProvider _provider;

    public DbSet<UserEntity> Users { get; set; }

    public DatabaseContext(DbContextOptions options)
        : base(options)
    {
        this._provider = new AesProvider(this._encryptionKey, this._encryptionIV);
    }

    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        modelBuilder.UseEncryption(this._provider);
    }
}

Answer 3

Crypteron has a free Entity Framework adapter, CipherDb , that can work with any SQL Server. In fact, Crypteron CipherDb works with any Entity Framework compatible database - even MySQL, PostGreSQL and more.

You can annotate the data model with [Secure] or name a property to something like Secure_SocialSecurityNumber (the Secure_ is the key part) and CipherDb automatically performs data encryption, tamper protection, secure key storage, secure key distribution, caching, key roll overs, ACLs and more. You can also use Crypteron to protect streams, files, objects, message queues, noSQL etc.

You can find the sample apps on GitHub at https://github.com/crypteron/crypteron-sample-apps

Disclaimer: I work there and we do have a free community edition which anyone can use.