Skip to content

Data Encryption

Robin Rodricks edited this page Sep 12, 2023 · 7 revisions

Part of the Data Transformation suite of functions.

AES Symmetric Encryption

This sink implements symmetric encryption for upload/download data. I.e. uploaded data is encrypted with a key, and decrypted after download.

It uses AES encryption with default settings. You control which Key and IV are used.

To add:

IBlobStorage storage = StorageFactory.Blobs
   .XXX()
   .WithAesSymmetricEncryption(string encryptionKey, string encryptionSecret)

Rijndael Symmetric Encryption

Note: Rijndael is obsolete in .NET 6 and beyond!

This sink implements symmetric encryption for upload/download data. I.e. uploaded data is encrypted with a key, and decrypted after download.

It uses Rijndael encryption with default settings, which is a superset of AES encryption algorithm (read about differences). You control which Key and IV are used.

To add:

IBlobStorage storage = StorageFactory.Blobs
   .XXX()
   .WithSymmetricEncryption(string encryptionKey, string encryptionSecret)

The encryption key is a baase64 encoded binary key. To generate it, you can use the following snippet:

void Main()
{
	var cs = new RijndaelManaged();
	cs.GenerateKey();
	string keyBase64 = Convert.ToBase64String(cs.Key);
	
	Console.WriteLine("new encryption key:" + keyBase64);
}

Note that it's your own responsibility to store the key securely, make sure it's not put in plaintext anywhere it can be stoken from!