Eastrall
commented
3 years ago Hi,
Are you generating a separate IV for each DB record row or field? This is a must. If so, where are you storing the IV and how are you handling this? Storing the IV with each row is how i would think this should be implemented, but then how are you grabbing/using that IV to to encrypt/decrypt? The example shows the key and IV being set in the DataContext class.
I am currently working on a fix to generate an IV per fields. The actual technique isn't safe enough since we store the key and the IV inside a configuration file and then load it in the DbContext.
Strategies for storing your key? Just curious on ideas to keep the key secure and not hard coded in the source code.
I usualy store the keys inside a configuration file along with the database connection string.
Hello all,
Anyone willing to supply some actual use case code examples? Here is what i am wrestling with when thinking of how to implement:
1) Are you generating a separate IV for each DB record row or field? This is a must. If so, where are you storing the IV and how are you handling this? Storing the IV with each row is how i would think this should be implemented, but then how are you grabbing/using that IV to to encrypt/decrypt? The example shows the key and IV being set in the DataContext class.
2) Strategies for storing your key? Just curious on ideas to keep the key secure and not hard coded in the source code.
Really appreciate any feedback and the time you spent on this extension.