Data protection

The data protection plugin provides facilities to easily encrypt/decrypt data, for instance to store it in the database or on disk. It supports several policies for different requirements.

For now, the only encryption provider available is the AesGcmProtectionProvider which implements symmetric aes-gcm encryption using a key stored in a Stormancer secrets store.

Server plugin

Nuget package: Stormancer.Server.Plugins.DataProtection

Usage

The server class must import IDataProtector in its constructor to use the Api:

public class DPsample
{
    private readonly IDataProtector _protector;
    public DpSample(IDataProtector protector)
    {
        _protector = protector;
    }

    public async Task<string> Encrypt(string input)
    {
        var data = Encoding.Utf8.GetBytes(input);
        return await _protector.ProtectBase64Url(data,"mypolicy");
    }

    public async Task<string> Decrypt(string encryptedStr)
    {
        var decryptedData = await _protector.UnProtectBase64Url(encryptedStr);

        return Encoding.Utf8.GetString(decryptedData,"mypolicy");

    }
}

Configuration

To use the data protection API, at least a default policy must be specified in the configuration:

"dataProtection":{
    // Id of the policy.
    // Serveral policies can be declared, and are referenced when using the dataProtection C# API in the server app.
    // If the policy referenced by the code does not exist in the configuration, data protection falls back to the default policy.
    "default":{
        "provider":"aes-gcm",

        //The path to the key in a stormancer secrets store. The store must be created beforhand.
        //If the provider doesn't find the key, it will generate a new one.
        //The key is expected to be a 256bit cryptographically secure random byte array.
        "key":"my-account/secrets-key/key-id",

        //Create the key in the store if it doesn't exist. true by default, set to false to disable automated key generation.
        "createKeyIfNotExists":true,

        //The nonce is optional. It shouldn't be specified in most cases.
        //When specified, all instances of encrypted data from the same original data
        //will be the same too. It can be useful to perform matches on the db without
        //having to decrypt the data, however it reduces security.
        //Format: random 96 bits (12 bytes), Base64 encoded.
        "nonce":"dkMRLIlJJAKZjQPx"
    }
}