M# Tutorials

Learn to build .NET applications with M#. Our step-by-step tutorials will get you up-to-speed rapidly.
If you already know ASP.NET and C#, you can master M# in a week or two.

Data Encryption

Legitimate access to data is an important issue, which is usually accomplished by implementing authentication and authorization features, but sometimes we also need to encode the data itself to prevent it from being read by hackers or eavesdroppers, even if the authentication or authorization is somehow compromised. This adds another layer of security, the process required to encode data is called encryption. This tutorial explains M# encryption modal, which provides symmetric and asymmetric data encryption and decryption functionality.

M# framework contains a class “Encryption” under “System.Security” namespace, which encapsulates all the encryption / decryption related functionality. The screenshot below shows asymmetric algorithm RSA encryption and decryption methods

Asymmetric encryption algorithms use a public / private key pair to encrypt and decrypt data. Senders encrypt data using the public key available publicly and the receiver, being you, decrypt data using your private key. The method shown above “GenerateAsymmetricKeys” provides public / private keys, which are then used to perform encryption. Asymmetric encryption is more secure because you keep the private key to decrypt data, which does not require transfer with the encrypted data, but it is a slow process.

M# framework also supports symmetric encryption, using Rijndael Managed class provided in .NET framework. This type of algorithm is mostly used when encryption and decryption is done within in same system. Encryption and decryption is done using the same key, which is communicated with the cyphered text and is relatively less secure than the asymmetric cryptography. The method definitions shown below are also implemented in the “Encryption” class of M# framework.

The best place to encrypt data in M# is “OnSaving” event, which is raised just before saving an entity record. Let’s create a new entity type “BankDetail”, which will be used to manage employee bank account details and we want to encrypt those (Please read tutorial entity, page, module for more detail on creating an entity), as shown below:

The screenshot above shows static method “Encrypt()” of “Encryption” class. We are supplying the employee password as the salt value in order to encrypt each property, but you can create a more complex password key. We have used “OnSaving” method in business partial class to call the encryption process, which encrypts details just before saving the record (Please read tutorial Database.Save for more details on entity methods and Partial classes and Business logic for more information on entity and logic partial classes).

Now let’s create a form to insert some data so we can see the encryption in action.

The screenshot above shows the data entered is encrypted before saving to database. Now the question arises that how we utilize bank details data in our business logic, or when we want to display it on UI for the employee to view.

We can use another entity event “OnLoaded” which can be used to decrypt data, as shown below:

“OnLoaded” is raised just after the data is loaded and so we have the data available to decrypt. Asymmetric cryptography can also be implemented the same way, but you have to generate the asymmetric keys and need to use public key for encryption and private key for decryption.