通过 Web API 代码加密/解密字符串并将加密值存储在 SQL 数据库中?
[英]Encrypt/Decrypt a string via web API code and store encrypted value in SQL database?
问题描述
I need to be HIPAA compliant and those requirements indicate AES256 encryption will be sufficient for storing of sensitive data (first name, last name, SSN, ID, DOB, Phone, VIN, etc.).
我需要符合 HIPAA 标准,并且这些要求表明 AES256 加密足以存储敏感数据(名字、姓氏、SSN、ID、DOB、电话、VIN 等)。
I'm leaning towards encryption thru application code rather than using MS SQL or MySQL built in support for encrypted fields.我倾向于通过应用程序代码进行加密,而不是使用内置支持加密字段的 MS SQL 或 MySQL。 Avoid the SQL signed certificates process, setting MASTER KEY, etc.避免 SQL 签名证书过程、设置 MASTER KEY 等。
I researched AES256 encryption using .NET 6 and most warned to not use AES - CBC, ECB, EFB or CTS ... in fact even Microsoft's own documentation suggest NOT using CBC but also provide an Aes class code sample that makes no practical sense found here ?我使用 .NET 6 研究了 AES256 加密,大多数人警告不要使用 AES - CBC、ECB、EFB 或 CTS ......事实上,即使是微软自己的文档也建议不要使用 CBC,但也提供了一个没有实际意义的 Aes 类代码示例在这里? Encrypt then Decrypt within the same execution scope ... that would almost never happen in the real world where encrypted data is saved then retrieved and decrypted at some later date.在相同的执行范围内加密然后解密......这在现实世界中几乎永远不会发生,在现实世界中,加密数据被保存,然后在以后的某个日期检索和解密。
There is obviously going to be a performance hit when searching and/or reporting on (wild cards) any data that is encrypted, I'll have to iterate thru it before returning the data to requesting source (I have a threaded multi-core strategy here).在搜索和/或报告(通配符)任何加密的数据时,显然会对性能造成影响,我必须在将数据返回到请求源之前对其进行迭代(我有一个线程多核策略这里)。
What's the "current" best practices method for encrypting/decrypting field level data in a SQL database using application code?使用应用程序代码加密/解密 SQL 数据库中的字段级数据的“当前”最佳实践方法是什么? Will I need to allocate a field to hold a random value for each field I want to encrypt in addition to global application key?除了全局应用程序密钥之外,我是否需要分配一个字段来为要加密的每个字段保存一个随机值?
If AES .NET 6 crypto libraries are to be avoided, what are my other options?如果要避免使用 AES .NET 6 加密库,我还有哪些其他选择?
1 个解决方案
解决方案1
0 2022-05-11 22:08:52
Did you check this question?你检查过这个问题吗? Entity Framework with Sql Server Column Level Encryption I think this might be useful if you working with EF Core 具有 Sql Server 列级加密的实体框架我认为如果您使用 EF Core,这可能会很有用
You can use attributes for this.您可以为此使用属性。
1 - Create an attribute : 1 - 创建一个属性:
[AttributeUsage(AttributeTargets.All)]
public class EncryptData: System.Attribute
{
public EncryptData()
{
}
}
2 - Use it wherever you want : 2 - 在任何地方使用它:
public class Person
{
[EncryptData]
public string Name {get;set;}
}
3 - Use it on insert : 3 - 在插入时使用它:
public void Insert(T entity)
{
// your code
EncryptFields(entity,_context);
dbContext.SaveChanges();
}
` `
public virtual T EncryptFields(T entity, MyDbContext dbContext)
{
MetadataTypeAttribute[] metadataTypes = entity.GetType().GetCustomAttributes(true).OfType<MetadataTypeAttribute>().ToArray();
foreach (MetadataTypeAttribute metadata in metadataTypes)
{
PropertyInfo[] properties = metadata.MetadataClassType.GetProperties();
foreach (PropertyInfo pi in properties)
{
if (Attribute.IsDefined(pi, typeof(DB.PartialEntites.EncryptData)))
{
int id = ((EncryptData)pi.GetCustomAttributes(true)[0]).id;
dbContext.Entry(entity).Property(pi.Name).CurrentValue = // YOUR ENCRYPTION ALGORITHM;
}
}
}
return entity;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.