|
1 | 1 | # EntityFrameworkCore.DataEncryption |
2 | 2 |
|
3 | | -[](https://dev.azure.com/eastrall/EntityFrameworkCore.DataEncryption/_build/latest?definitionId=9&branchName=refs%2Fpull%2F14%2Fmerge) |
4 | | -[](https://www.codacy.com/app/Eastrall/EntityFrameworkCore.DataEncryption?utm_source=github.com&utm_medium=referral&utm_content=Eastrall/EntityFrameworkCore.DataEncryption&utm_campaign=Badge_Grade) |
| 3 | +[](https://dev.azure.com/eastrall/EntityFrameworkCore.DataEncryption/_build/latest?definitionId=9&branchName=master) |
5 | 4 | [](https://codecov.io/gh/Eastrall/EntityFrameworkCore.DataEncryption) |
6 | 5 | [](https://www.nuget.org/packages/EntityFrameworkCore.DataEncryption) |
7 | 6 |
|
@@ -72,6 +71,8 @@ The code bellow creates a new `AesEncryption` provider and gives it to the curre |
72 | 71 |
|
73 | 72 | ## Create an encryption provider |
74 | 73 |
|
| 74 | +> :warning: This section is outdated and doesn't work for V3.0.0 and will be updated soon. |
| 75 | +
|
75 | 76 | `EntityFrameworkCore.DataEncryption` gives the possibility to create your own encryption providers. To do so, create a new class and make it inherit from `IEncryptionProvider`. You will need to implement the `Encrypt(string)` and `Decrypt(string)` methods. |
76 | 77 |
|
77 | 78 | ```csharp |
@@ -108,15 +109,35 @@ public class DatabaseContext : DbContext |
108 | 109 | } |
109 | 110 | ``` |
110 | 111 |
|
111 | | - |
112 | 112 | ## Important notes |
113 | 113 |
|
114 | 114 | ### AES Provider structure |
115 | 115 |
|
116 | 116 | The following section describes how encrypted fields using the built-in AES provider encrypts data. |
| 117 | +There is two available modes : |
| 118 | + |
| 119 | +* Fixed IV |
| 120 | +* Dynamic IV |
| 121 | + |
| 122 | +#### Fixed IV |
| 123 | + |
| 124 | +A fixed IV is generated at setup and is used for every encrypted fields on the database. |
| 125 | +This might be a security issue depending on your context. |
| 126 | + |
| 127 | +#### Dynamic IV |
117 | 128 |
|
118 | 129 | For each encrypted field, the provider generates a new IV with a length of `16 bytes`. These 16 bytes are written at the begining of the `CryptoStream` followed by the actual input to encrypt. |
119 | 130 |
|
120 | 131 | Similarly, for reading, the provider reads the first **16 bytes** from the input data converted as a `byte[]` to retrieve the initialization vector and then read the encrypted content. |
121 | 132 |
|
122 | 133 | For more information, checkout the [`AesProvider`](https://github.com/Eastrall/EntityFrameworkCore.DataEncryption/blob/master/src/EntityFrameworkCore.DataEncryption/Providers/AesProvider.cs#L58) class. |
| 134 | + |
| 135 | +> :warning: When using Dynamic IV, you cannot use the Entity Framework LINQ extensions because the provider will generate a new IV per value, which will create unexpected behaviors. |
| 136 | +
|
| 137 | +## Thanks |
| 138 | + |
| 139 | +I would like to thank all the people that supports and contributes to the project and helped to improve the library. :smile: |
| 140 | + |
| 141 | +## Credits |
| 142 | + |
| 143 | +Package Icon : from [Icons8](https://icons8.com/) |
0 commit comments