DOT NET developer blog: Encryption using DataProtectionProvider

Scenario:

Encryption using DataProtectionProvider

Solution:

The data-protection uses symmetric key encryption to protect data. Key contains random data which is used to encrypt the data and also decrypt.

The same key can be used for different purposes, but to seperate the concerns .NET Core provides "purposes". The data protection system has a parent key (can't be used directly). You derivechild keys out of it and use it to encrypt and decrypt.

//add nuget pakage - Microsoft.AspNetCore.DataProtection.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30 public sealed class PasswordEncrypt
        {
            IDataProtectionProvider _rootProvider;

            public PasswordEncrypt(IDataProtectionProvider provider)
            {
                _rootProvider = provider;
            }

            public IDataProtector GetDataProtector(string purpose)
            {
                IDataProtector protector = _rootProvider.CreateProtector(purpose);

                return protector;
            }

            public string EncryptData(string data, IDataProtector protector)
            {
                var encryptedData = protector.Protect(data);

                return encryptedData;
            }

            public string DecryptData(string encryptedData, IDataProtector protector)
            {
                var decryptedData = protector.Unprotect(encryptedData);

                return decryptedData;
            }
        }

The encrypted data is isolated as you can only decrypt using the same purpose child key though if you lost the child key you can still use parent key to decrypt if you know then purpose. The keys are also auto rotated (90 days). The collection of all keys is key ring.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 static void Main(string[] args)
        {
            var serviceCollection = new ServiceCollection();
            serviceCollection.AddDataProtection();

            var services = serviceCollection.BuildServiceProvider();

            var instance = ActivatorUtilities.CreateInstance<PasswordEncrypt>(services);

            var password = "mypassword";

            var protector = instance.GetDataProtector("Login");

            var encryptedData = instance.EncryptData(password, protector);

            Console.WriteLine(encryptedData);

            var decryptedData = instance.DecryptData(encryptedData, protector);

            Console.WriteLine(decryptedData);

            Console.ReadLine();
        }

Avoid using this for long term encryption of data as keys expire and also rotated and if keys are deleted then encrypted data cant be recovered.

DOT NET developer blog

Encryption using DataProtectionProvider

Scenario:

Solution:

The data-protection uses symmetric key encryption to protect data. Key contains random data which is used to encrypt the data and also decrypt.

The same key can be used for different purposes, but to seperate the concerns .NET Core provides "purposes". The data protection system has a parent key (can't be used directly). You derivechild keys out of it and use it to encrypt and decrypt.

The encrypted data is isolated as you can only decrypt using the same purpose child key though if you lost the child key you can still use parent key to decrypt if you know then purpose. The keys are also auto rotated (90 days). The collection of all keys is key ring.

No comments:

Post a Comment

Move Github Sub Repository back to main repo