After that, we will introduce the new module cryptographer in the Enterprise Library. This module plays an important role in most daily projects, for example: the website member password, ID card number, and website configuration can be encrypted to ensure the security of project data.
We will introduce the following points today:
1. Simple Analysis of the enterprise database cryptographer (encryption module.
2. Implement a custom encryption interface.
3. Apply the custom interface in the project.
First, simple analysis of the enterprise database cryptographer (encryption module)
In our daily development, encryption is always used to encrypt the data. We usually customize some encryption methods in the project, and the Enterprise Library is to simplify these development, provides a simple way to encrypt and decrypt data.
Like other modules, cryptographer (encryption module) can also encrypt and decrypt data through simple configuration. For more information about the configuration, see huangcong's description.ArticleI will not introduce it much:
Cryptography Application Block (Elementary)
Cryptography Application Block (advanced)
Cryptographer (encryption module) provides two encryption methods:
1,Hashcryptographer (discrete encryption ),This method is based on the specificAlgorithmData is encrypted and cannot be decrypted.
2,Symmetric riccryptographer (symmetric encryption ),This method also encrypts data based on specific algorithms, but the data can be decrypted after encryption.
You can better understand the figure and reference the document from enterprise database 5.0:
Encryption moduleStatic class cryptographerCore, convenientProgramThe data is encrypted and decrypted according to the configuration, which mainly includes the following members:
1. The createhash method reads the data according to the discrete configuration name configured in the configuration file and encrypts the data.
2. Method encryptsymmetric: encrypt the data according to the configuration name configured in the configuration file.
3. The method decryptsymmetric is used to decrypt the data according to the configuration name configured in the configuration file.
4. Use comparehash to compare whether the encrypted data is consistent with the encrypted data.
5. The private methods include gethashprovider and getjavasriccryptoprovider to obtain discrete and symmetric encryption instances based on the configuration file name.
In this encryption module,Static class cryptographerProvides encryption and decryption Based on the configuration name, and providesAbstract class cryptographymanagerTo implement a custom encryption and decryption Manager. The encryption module provides us with the implementation of cryptographymanager --Cryptographymanagerimpl.
Abstract class cryptographymanagerIt is essentially a non-static cryptography, which defines four Abstract METHODS:
1. createhash method.
2. Method encryptpolicric.
3. decryptpolicric.
4. comparehash method.
Implementation classCryptographymanagerimplThis mainly implementsAbstract class cryptographymanagerThe main information is as follows:
1. Field idictionary <string, ihashprovider> hashproviders, a set of discrete encryption key-value pairs, including multiple discrete encryption implementations.
2. Field idictionary <string, isyuncriccryptoprovider> encryption riccryptoproviders, a set of symmetric encryption key-value pairs, including multiple symmetric encryption implementations.
3. Field idefacrycryptographyinstrumentationprovider instrumentationprovider, which provides an error report for the encryption module
4. constructor. A total of three constructor functions are provided, including discrete encryption in the form of a generic list, symmetric encryption, and
5. the encryption and decryption methods are createhash, encryptsymmetric, and decryptsymmetric. These three methods receive three parameters: the configured encryption and decryption Instance name, the data to be encrypted, and the Error Report of the encryption module (idefaultcryptographyinstrumentationprovider ).
Internally, it searches for the corresponding encryption and decryption implementation in the hashproviders or your riccryptoproviders list based on the Instance name, and then calls the implementation for encryption and decryption.
In the actual project development process, we canStatic class cryptographerYou can simply encrypt and decrypt data.Abstract class cryptographymanagerIn general, the cryptographer module of the enterprise database has provided us with a good encryption and decryption encapsulation, at the same time, the extension interface can be further expanded on the basis of it, greatly facilitating our daily project development.
Second: implement a custom encryption Interface
In the first part, I briefly introduced the important information of the enterprise database cryptographer module. Now I will introduce the extended encryption/Decryption interface provided by the enterprise database cryptographer module.
As mentioned above, the enterprise database cryptographer module provides two encryption and decryption methods:
1,Hashcryptographer (discrete encryption ),This method encrypts data based on a specific algorithm, which cannot be decrypted.
2,Symmetric riccryptographer (symmetric encryption ),This method also encrypts data based on specific algorithms, but the data can be decrypted after encryption.
The two encryption and decryption Methods correspond to two interfaces: ihashprovider and isypolicriccryptoprovider.Code:
Ihashprovider interface:
Public interface ihashprovider {byte [] createhash (byte [] plaintext); bool comparehash (byte [] plaintext, byte [] hashedtext );}
This interface has only two methods:
1. The createhash method receives the incoming data to be encrypted (byte array) and returns the encrypted data (byte array) based on the specific implementation of discrete encryption ).
2. The comparehash method receives the data to be encrypted (byte array) and encrypted (byte array ), call the specific implementation of the discrete encryption method to encrypt the data to be encrypted and then compare it with the encrypted data to see if it is equal.
Isypolicriccryptoprovider interface:
Public interface isypolicriccryptoprovider {byte [] encrypt (byte [] plaintext); byte [] decrypt (byte [] ciphertext );}
This interface is also relatively simple, and there are only two methods:
1. The method encrypt receives the data to be encrypted (byte array), calls the implementation method for encryption, and returns the encrypted data (byte array ).
2. The decrypt method receives the encrypted data (byte array), calls the implementation method for decryption, and returns the decrypted data (byte array ).
If we need to expand the custom encryption and decryption methods, we need to start with the above two interfaces and determine whether discrete encryption or symmetric encryption is required to implement different interfaces.
The above is the information about the enterprise database cryptographer module. It mainly introduces common classes of the cryptographer module and the encryption and decryption manager. It also briefly introduces the extended encryption and decryption interfaces of the cryptographer module.
In the next article, I will continue to introduce how to implement custom discrete encryption and symmetric encryption methods, and how to use custom encryption and decryption methods in projects..
Index of a series of articles on the learning path of Microsoft enterprise database 5.0:
Step 1: getting started
Step 2: Use the vs2010 + data access module to create a multi-database project
Step 3: Add exception handling to the project (record to the database using custom extension)
Step 4: Use the cache to improve the website's performance (entlib caching)
Step 5: Introduce the entlib. validation module information, the implementation level of the validators, and the use of various built-in validators-Part 1
Step 5: Introduce the entlib. validation module information, the implementation level of the validators, and the use of various built-in validators-Part 1
Step 5: Introduce the entlib. validation module information, the implementation level of the validators, and the use of various built-in validators-Part 2
Step 6: Use the validation module for server-side data verification
Step 7: Simple Analysis of the cryptographer encryption module, custom encryption interfaces, and usage-Part 1
Step 7: Simple Analysis of the cryptographer encryption module, custom encryption interfaces, and usage-Part 2
Step 8. Use the configuration setting module and other methods to classify and manage enterprise database configuration information
Step 9: Use the policyinjection module for AOP-PART1-basic usage
Step 9: Use the policyinjection module for AOP-PART2-custom matching rule
Step 9: Use the policyinjection module for AOP-PART3 -- Introduction to built-in call Handler
Step 9: Use the policyinjection module for AOP-PART4 -- create a custom call handler to achieve user operation Logging
Step 10: Use unity to decouple your system-Part1-Why use unity?
Step 10: Use unity to decouple your system-Part2-learn how to use Unity (1)
Step 10. Use unity to decouple your system-Part2-learn how to use Unity (2)
Step 10: Use unity to decouple your system-Part2-learn how to use Unity (3)
Step 10: Use unity to decouple your system-Part3-dependency Injection
Step 10: Use unity to decouple your system-part4 -- unity & piab
Extended learning:
Extended learning and dependency injection in libraries (rebuilding Microsoft Enterprise Library) [go]