Skip to content

Encryption Strategies

Introduction

Encryption Strategies define the way sensitive data is encrypted (so that it's securely stored) and decrypted (so that it's displayed as expected).

img

Adding an Encryption Strategy

To add a new Encryption Strategy, simple click on the Add New Model Item button, on the bottom of the list to the left.

Warning

Although you may define as many Encryption Strategies as you wish, your application will use the first one in the list.

Properties

Name

A unique name for the Encryption Strategy. It must be a valid Mamba identifier, meaning that it must not contain any spaces or other special characters.

Type

There are two Encryption Modes available.

Application

Application encryption means that Application Server handles the whole encryption / decryption process. Data is encrypted before being sent to the Database and is decrypted as soon as it is received from the Database.

Tip

This is the recommended encryption strategy for most applications!

Database

Database encryption means that data is sent from the Application Server to the Database without being encrypted and encryption is handled by the Database. This suggests that data is decrypted at the Database before being sent decrypted to the Application Server.

Warning

The default zAppDev Implementation Strategy does not support this type of encryption.

Algorithm

Defines the encryption algorithm used by this strategy.

AES

This is the only encryption algorithm supoorted for the moment. It is one of the most important cryptographic algorithms for encrypting and decrypting sensitive data and is applied by everyone, from the NSA to Microsoft and Apple.

You can read more here: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Get Key Function

This is a simple Mamba function that returns a string value which is used as the encryption key.

Example:

function string GetEncryptionKey() {
    string value = AppLib.Application.GetConfigurationKey("SecurityKey");
    Array[byte] input;

    if value == null {
        throw "Could not find key with name SecurityKey in settings! ";
    }

    if value.StartsWith("~") {
     input = FileIOLib.File.ReadAllBytesFrom(CommonLib.Utilities.GetServerPhysicalPath(value));
    }
    else {
      input = FileIOLib.File.ReadAllBytesFrom(value);
    }

    string keys = AppLib.Security.AESDecrypt(input,"xxxxxxxxxxxxxxxxxxxxxx", false, false);
    string applicationKey = keys.Split('|').Get(0);


    return applicationKey; 
}

The code above, reads an encrypted string from a file, decrypts it using another hardcoded key ("xxxxxxxxxxxxxxxxxxxxxx") and returns it, so that it is used as the application Encryption key.