
Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
Microsoft.Data.Encryption.Cryptography
Advanced tools
The Microsoft Data Encryption SDK provides encryption support to applications. It allows developers to implement column- or field-level encryption for data stored in various data stores, including Azure data services. Commonly Used Types: Microsoft.Data.Encryption.Cryptography.DataProtector Microsoft.Data.Encryption.Cryptography.DataEncryptionKey Microsoft.Data.Encryption.Cryptography.KeyEncryptionKey Microsoft.Data.Encryption.Cryptography.EncryptionSettings Microsoft.Data.Encryption.Cryptography.EncryptionKeyStoreProvider Microsoft.Data.Encryption.Cryptography.MicrosoftDataEncryptionException Microsoft.Data.Encryption.Cryptography.PlaintextDataEncryptionKey Microsoft.Data.Encryption.Cryptography.ProtectedDataEncryptionKey When using NuGet 3.x this package requires at least version 3.4.
Microsoft.Data.Encryption.Cryptography
provides encryption support to applications. It allows developers to implement column- or field-level encryption for data stored in various data stores, including Azure data services.
The library provides APIs for objects like encryption keys, serializers, key store provider interfaces, and associated caches.
The module implements cryptographic operations using a two-level key hierarchy composed of:
The Cryptography module uses cryptographic algorithms that are fully compatible with Always Encrypted in Azure SQL. The data encryption algorithm is AEAD_AES_256_CBC_HMAC_SHA_256 that is derived from the IETF specification draft at https://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05. The key encryption algorithm is RSA with OEAP padding. For more information, see Always Encrypted cryptography.
The SDK helps ensure:
The SDK currently supports the following platforms:
To install the latest version of Microsoft.Data.Encryption.Cryptography
via NuGet, use the following command:
dotnet add package Microsoft.Data.Encryption.Cryptography --version 2.0.0
MicrosoftDataEncryptionException is now abstract. It's handling is fully backward compatible. New exceptions were introduced for better handling of each individual exception case with specific properties to avoid need to parse exception message. All new exceptions are within Microsoft.Data.Encryption.Cryptography.Exceptions
namespace.
Type | Properties | Thrown when |
---|---|---|
ArgumentEmptyException | ArgumentName | Collection in the argument is empty |
ArgumentNotHexStringException | ArgumentName | Argument is not valid hexadecimal string |
ArgumentNotPositiveException | ArgumentName | Argument is <=0 |
ArgumentNullException | ArgumentName | Argument is null |
ArgumentNullOrWhiteSpaceException | ArgumentName | String argument is either null, empty or white space |
ArgumentOutOfRangeException | ArgumentName, ArgumentValue | Argument value is out of valid range |
ArgumentSizeIncorrectException | ArgumentName, ExpectedSize | Collection size is different than expected |
ArgumentTooSmallException | ArgumentName, ExpectedSize | Collection is smaller than necessary |
DefaultAESerializerNotFoundException | SerializerType, SerializerName | SqlSerializer for given type could not be found |
DefaultStandardSerializerNotFoundException | SerializerType, SerializerName | StandardSerializer for given type could not be found |
InvalidAlgorithmVersionException | CipherTextStart, EncryptionKeyEnd, SpecifiedVersion, SupportedVersion | Cipher text specifies unsupported algorithm version |
InvalidAuthenticationTagException | CipherTextStart, EncryptionKeyEnd | Cipher text contains invalid authentication tag, data could have been tampered |
InvalidCipherTextSizeException | CipherTextStart, EncryptionKeyEnd, ActualLength, ExpectedLength | Cipher text length is not of expected length |
InvalidDataEncryptionKeySizeException | KeySize | Size of Encryption key is different than expected |
PlaintextEncryptionSettingsException | ArgumentName | Encryption setting was set to plain text |
All serializers are now immutable, it is no longer possible to change serialization properties like size, codepage, precision
or scale
on already created serializers. New methods were added to allow for allocation-less serialization and deserialization.
All ISerializer<T>
serializers now have following methods
Method | Parameters | Return value | Behavior |
---|---|---|---|
Identifier | - | string | Property returning string identifier of the serializer |
Serialize | T value | byte[] | Serialize to byte[] |
Serialize | T value, Span outputBuffer | int | Serialize to provided Span, return number of bytes written |
Serialize | T value, IBufferWriter outputBuffer | int | Serialize to provided IBufferWriter, return number of bytes written |
Deserialize | byte[] bytes | T | Deserialize byte[] to T |
Deserialize | ReadOnlySpan bytes | T | Deserialize Span to T |
All IFixedSizeSerializer<T>
serializers have additional methods
Method | Parameters | Return value | Behavior |
---|---|---|---|
GetSerializedMaxByteCount | - | int | Returns required size of output buffer |
All IVariableSizeSerializer<TSuper,TBase>
ie. <string, char>
or <byte[], byte>
have these additional methods
Method | Parameters | Return value | Behavior |
---|---|---|---|
GetSerializedMaxByteCount | int inputLength | int | Returns required size of serialization buffer for input of given size - this is upper bound |
GetDeserializedMaxLength | int serializedLength | int | Returns required length of deserialization buffer for input of given size - this is upper bound |
Deserialize | ReadOnlySpan bytes, Span output | int | Deserialize input bytes to provided output buffer, return number of TBase written in output buffer |
Edge cases
null
to Span/IBufferWriter returns size -1
with no writes in the buffernull
null
to Span/IBufferWriter returns size -1
with no writes in the buffer0
with no writes in the bufferAeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(DataEncryptionKey dataEncryptionKey, EncryptionType encryptionType)
was removed, please use overload with explicit algorithm version (1
)AeadAes256CbcHmac256EncryptionAlgorithm(DataEncryptionKey encryptionKey, EncryptionType encryptionType)
was removed, please use overload with explicit algorithm version (1
)Microsoft.Data.Encryption.Cryptography.DataProtector
Decrypt(byte[] input, int inputOffset, int inputLength, byte[] output, int outputOffset) -> int
Encrypt(byte[] input, int inputOffset, int inputLength, byte[] output, int outputOffset) -> int
GetDecryptByteCount(int inputSize) -> int
GetEncryptByteCount(int inputSize) -> int
AeadAes256CbcHmac256EncryptionAlgorithm
is now sealed.CryptographyExtensions.FromHexString
implementation is 2-3x faster while allocating 90-97% less memory (applicable only to .NET6.0+)FAQs
The Microsoft Data Encryption SDK provides encryption support to applications. It allows developers to implement column- or field-level encryption for data stored in various data stores, including Azure data services. Commonly Used Types: Microsoft.Data.Encryption.Cryptography.DataProtector Microsoft.Data.Encryption.Cryptography.DataEncryptionKey Microsoft.Data.Encryption.Cryptography.KeyEncryptionKey Microsoft.Data.Encryption.Cryptography.EncryptionSettings Microsoft.Data.Encryption.Cryptography.EncryptionKeyStoreProvider Microsoft.Data.Encryption.Cryptography.MicrosoftDataEncryptionException Microsoft.Data.Encryption.Cryptography.PlaintextDataEncryptionKey Microsoft.Data.Encryption.Cryptography.ProtectedDataEncryptionKey When using NuGet 3.x this package requires at least version 3.4.
We found that microsoft.data.encryption.cryptography demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
Research
Security News
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
Security News
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.