使用NHibernate加密和解密数据 [英] Encrypting and decrypting data using NHibernate
问题描述
我正在编写一个可公开访问的Web应用程序,其中将包含个人用户数据,例如姓名和出生日期,并且我需要以一种可能会访问原始数据的人很难的形式对这些数据进行加密.数据解密.我正在使用 Fluent NHibernate ,mySQL和C#3.5.
I'm writing a publicly accessible web application which will contain personal user data, such as names and birth dates, and I'm required to encrypt this data in a form that will be difficult for a human who might access the raw data to decrypt. I'm using Fluent NHibernate, mySQL, and C# 3.5.
-
我应该使用哪种方法对用户信息进行行业标准的加密和解密?加密方法不应依赖于数据库.
What method should I use for industry standard encryption and decryption of user information? The method of encryption should not be database dependent.
如何告诉nHibernate对具有简单属性(例如StorageType = StorageType.Encrypted
)的某些映射类进行透明加密/解密.我不介意结果数据库表是否只有一或两列,或者每个加密字段只有一列.根据发现的内容,我应该从IUserDataType
创建自己的数据类型,并在构造函数中对数据进行加密.这是正确的吗?
How do I tell nHibernate to do transparent encryption/decryption on certain mapped classes with a simple property, like StorageType = StorageType.Encrypted
. I don't mind if the resulting database table has just one or two columns, or one for each encrypted field. From what I've found, I should create my own data type from IUserDataType
and encrypt the data in the constructor. Is this correct?
推荐答案
以真正的Blue Peter方式,这是我之前创建的一种方法.它依靠提供者模式来获取加密算法,但是您可以用任何您想要的替换它.
In true Blue Peter fashion, here's one I created earlier to do just this. It relies on a provider pattern to get the encryption algorithm but you could replace this with whatever you want.
这会在您的域对象中公开一个字符串属性,但会将其保留为表示加密形式的二进制(字节数组).在我的提供程序模式代码中,Encrypt接收一个字符串并返回一个字节数组,而Decrypt则相反.
This exposes a string property in your domain object, but persists it as a binary (array of bytes) representing the encrypted form. In my provider pattern code, Encrypt takes a string and returns a byte array, and Decrypt does the opposite.
[Serializable]
public class EncryptedStringType : PrimitiveType
{
public EncryptedStringType() : this(new BinarySqlType()) {}
public EncryptedStringType(SqlType sqlType) : base(sqlType) {}
public override string Name
{
get { return "String"; }
}
public override Type ReturnedClass
{
get { return typeof (string); }
}
public override Type PrimitiveClass
{
get { return typeof (string); }
}
public override object DefaultValue
{
get { return null; }
}
public override void Set(IDbCommand cmd, object value, int index)
{
if (cmd == null) throw new ArgumentNullException("cmd");
if (value == null)
{
((IDataParameter)cmd.Parameters[index]).Value = null;
}
else
{
((IDataParameter)cmd.Parameters[index]).Value = EncryptionManager.Provider.Encrypt((string)value);
}
}
public override object Get(IDataReader rs, int index)
{
if (rs == null) throw new ArgumentNullException("rs");
var encrypted = rs[index] as byte[];
if (encrypted == null) return null;
return EncryptionManager.Provider.Decrypt(encrypted);
}
public override object Get(IDataReader rs, string name)
{
return Get(rs, rs.GetOrdinal(name));
}
public override object FromStringValue(string xml)
{
if (xml == null)
{
return null;
}
if (xml.Length % 2 != 0)
{
throw new ArgumentException(
"The string is not a valid xml representation of a binary content.",
"xml");
}
var bytes = new byte[xml.Length / 2];
for (int i = 0; i < bytes.Length; i++)
{
string hexStr = xml.Substring(i * 2, (i + 1) * 2);
bytes[i] = (byte)(byte.MinValue
+ byte.Parse(hexStr, NumberStyles.HexNumber, CultureInfo.InvariantCulture));
}
return EncryptionManager.Provider.Decrypt(bytes);
}
public override string ObjectToSQLString(object value, Dialect dialect)
{
var bytes = value as byte[];
if (bytes == null)
{
return "NULL";
}
var builder = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
string hexStr = (bytes[i] - byte.MinValue).ToString("x", CultureInfo.InvariantCulture);
if (hexStr.Length == 1)
{
builder.Append('0');
}
builder.Append(hexStr);
}
return builder.ToString();
}
}
这篇关于使用NHibernate加密和解密数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!