Field Encryption

Prashanth's Avatar

Prashanth

08 Jan, 2014 07:12 AM

Using PostSharp I would like to do Encryption/Decryption on Field Interception

I have a Class

public class guestbookentry

{
[Encryption] // This Attribute has to Encrypt and Decrypt public string Message { get; set; } public string GuestName { get; set; }
}

I am saving the object in Azure Tables. Only particular Field has to be get En/Decrypt.

PostSharp Attribute on Field Interception

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using PostSharp;
using PostSharp.Aspects;
using EncryptionDecryption;
using PostSharp.Serialization;
using PostSharp.Aspects.Advices;
using PostSharp.Extensibility;

namespace GuestBook_Data
{ [Serializable] public class EncryptionAttribute : LocationInterceptionAspect
{
[MulticastPointcut(Targets = MulticastTargets.Field, Attributes = MulticastAttributes.Instance)] public override void OnSetValue(LocationInterceptionArgs args) { base.OnSetValue(args); if (args.Value != null) {
MD5CryptoServiceExample objMD5Encrypt = new MD5CryptoServiceExample(); args.Value = objMD5Encrypt.Encrypt(args.Value.ToString()).Replace(" ", "+"); args.ProceedSetValue(); } }

public override void OnGetValue(LocationInterceptionArgs args)
{
    base.OnGetValue(args);
    if (args.Value != null)
    {              
        MD5CryptoServiceExample objMD5Encrypt = new MD5CryptoServiceExample();
        args.Value = objMD5Encrypt.Decrypt(args.Value.ToString()); //objMD5Encrypt.Decrypt(args.Value.ToString());
        args.ProceedGetValue();
    }
}

} }

Problem is
1. Successive Encryption and Decryption happens which is difficult to handle.

Kindly suggest

  1. Support Staff 1 Posted by PostSharp Techn... on 08 Jan, 2014 10:34 AM

    PostSharp Technologies's Avatar

    Note, that calling base.OnSetValue(args) is the same as calling args.ProceedSetValue(), and calling base.OnGetValue(args) is the same as calling args.ProceedGetValue(). This means that you're calling the proceed methods twice in each of your handlers.

    What you need to do is to call args.ProceedGetValue() at the start of the OnGetValue to read the encrypted value, and call args.ProceedSetValue() at the end of the OnSetValue to save the encrypted value.

    public override void OnGetValue(LocationInterceptionArgs args)
    {
        args.ProceedGetValue();
        if (args.Value != null)
        {
            args.Value = // decrypt
        }
    }
    
    public override void OnSetValue(LocationInterceptionArgs args)
    {
        if (args.Value != null)
        {
            args.Value = // encrypt
        }
        args.ProceedSetValue();
    }
    

    Also, you don't need to apply the [MulticastPointcut] attribute. It's used when developing composite aspects as described in Developing Composite Aspects.

    -alex

  2. 2 Posted by Joe Kuemerle on 08 Jan, 2014 10:56 AM

    Joe Kuemerle's Avatar

    If you would like I have already developed a significant amount of code to provide strong transparent encryption for fields and properties using PostSharp. The code itself is open source and available at: https://github.com/jkuemerle/EncryptedType . There is both a base, platform neutral implementation as well as a RavenDB specific implementation. Azure tables is going to be the next platform I do a specific implementation for.

    I started documenting the code in blog posts, that are available at: http://www.kuemerle.com/transparent-encryption-of-properties-in-net... and http://www.kuemerle.com/transparent-encryption-of-properties-in-net... .

    The aspects are also packaged and distributed via NuGet so they can be easily added to your project to test out, see: http://www.nuget.org/packages/EncryptedType/ and http://www.nuget.org/packages/EncryptedType.RavenDB/ .

    I would be happy to collaborate further with you if you are interested in details that I have not yet documented in great detail such as a specific key server implementation.

    This is an active and ongoing project of mine and I also welcome feature suggestions, ideas or contributions. You can reach me via email at [email blocked].

    Joe Kuemerle

  3. 3 Posted by Prashanth on 08 Jan, 2014 12:01 PM

    Prashanth's Avatar

    Thanks for the explanation in http://support.sharpcrafters.com/discussions/suggestions/149-field-...

    As you might be aware I am trying to implement the Encryption by Field Interception.
    I would prefer to avoid Postsharp in Azure.

    Only reason is I am not sure about the performance.
    Ideally I prefer DRY by definining
    something like this

    public class Employee
    { [Encryption(Type = Encrypt.RSA)] public string Message{get;set;}

    }

    Similarly we can implement the same at Getter and Setter, (Not DRY)
    like

    public class Employee{
    private string message; [Encryption] public string Message { get{ return message;} set { message= EncryptClass.encrypt(value); } } public string GuestName { get; set; } public string PhotoUrl { get; set; } public string ThumbnailUrl { get; set; }

    }
    
    public static class EncryptClass
        {
            public static string encrypt(string input)
            {   
                 return input +"-encrypted";
             }
    
        public static string Decrypt(string input)
            {   
             input = input.Split(new string[] {"-encrypted"}, StringSplitOptions.None)[0].ToString();
             return input;
            }
    
        }
    

    Kindly Share your Expert Thought.

  4. System closed this discussion on 13 Apr, 2016 10:33 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac