Couchbase.Extensions.Encryption 1.0.0

Prefix Reserved
.NET Standard 1.5 This package targets .NET Standard 1.5. The package is compatible with this framework or higher. .NET Framework 4.5.2 This package targets .NET Framework 4.5.2. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Couchbase.Extensions.Encryption --version 1.0.0                

                    
                

            
NuGet\Install-Package Couchbase.Extensions.Encryption -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Couchbase.Extensions.Encryption" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add Couchbase.Extensions.Encryption --version 1.0.0                

                    
                

            
#r "nuget: Couchbase.Extensions.Encryption, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install Couchbase.Extensions.Encryption as a Cake Addin
#addin nuget:?package=Couchbase.Extensions.Encryption&version=1.0.0

// Install Couchbase.Extensions.Encryption as a Cake Tool
#tool nuget:?package=Couchbase.Extensions.Encryption&version=1.0.0

Couchbase Field Encryption for .NET SDK

Attribute based Field level encryption library for the .NET Couchbase SDK. Encrypted fields are protected in transit and at rest. Fields are transparently decrypted when they are retrieved from Couchbase within the application.

Getting Started

Package is available on Nuget and supports .NETFramework 4.5, .NETStandard 1.5 and .NETStandard 2.0. To install use the NuGet Package Manager or CIL:

Install-Package Couchbase.Extensions.Encryption -Version 1.0.0-beta2

After installing the dependency, create a configuration to connect to your Couchbase cluster and configure the Key Store and Algorithm provider to use:

//define the key store
var keyStore = new InsecureKeyStore(
    new KeyValuePair<string, string>("publickey", "!mysecretkey#9^5usdk39d&dlf)03sL"),
    new KeyValuePair<string, string>("mysigningkey", "myauthpassword"));

//define the algorithm to use
var cryptoProvider = new AesCryptoProvider(keyStore)
{
    PublicKeyName = "publickey",
    SigningKeyName = "mysigningkey"
};

//Add the configuration
var config = new ClientConfiguration();
config.EnableFieldEncryption("MyAesProvider", cryptoProvider);

//create the Cluster object to connect to a bucket
var cluster = new Cluster(config);
var bucket = cluster.OpenBucket();

Couchbase Field Level Encryption (FLE) uses .NET Attributes to specify which field on a JSON document that is mapped to a POCO (Plain Old C# Object) to encrypt. Here is an example of a JSON document representing a Person and the POCO it is mapped to:

First the JSON:

{
  "password": "ssloBeD12345",
  "firstName": "Ted",
  "lastName": "DeBloss",
  "userName": "DeblossTheBozz22",
  "age": 33,
  "type": "Person"
}

This JSON will be mapped to a POCO representing the JSON's structure with the Password property annotated with the EnryptedFieldAttribute to be encrypted:

private class Person
{
    //Annotate the field to be encrypted
    [EncryptedField(Provider = "MyAesProvider")]
    public string Password { get; set; }

    //The rest will be transported and stored unencrypted
    public string FirstName { get; set; }
    public string LastName { get; set; }
    public string UserName { get; set; }
    public int Age { get; set; }
}

The EncryptedFieldAttribute has a Provider property which maps to the crypto provider which was configured earlier. During the serialization process the attribute will be a signal for the crypto provider to perform encryption on the contents of the property; when the JSON document is read from the database, the field contents will be decrypted.

var person = new Person
{
    Age = 33,
    FirstName = "Ted",
    LastName = "DeBloss",
    UserName = "DeblossTheBozz22",
    Password = "ssloBeD12345"
};

//the Passwordf field will be sent and stored encrypted
var result = await bucket.InsertAsync("p1", person);

//The Password field will be returned encrypted but decrypted during deserialization
var result1 = await bucket.GetAsync("p1");

Above, a person instance is created from the Person POCO and sent to the database. Just before going over the wire, during the serialization process, the EncryptedFieldAttribute will be detected and the crypto provider will be engaged, taking the contents of the property and encrypting it. When GetAsync is called, the document will be fetched from the database and just after coming over the network, during the deserialization process, the contents of teh field will be decrypted transparently.

Supported Algorithms

Currently there is support for two different cryptographic algorithms:

Note that the API itself is extensible and additional cryptographic algorithms can be implemented.

Supported Key Stores

  • X509CertificateKeyStore: a keys store for using x509 certificates in the PKCS #12 (.pfx) format.
  • InsecureKeyStore: an in-memory key store suitable for testing and or secure environments.
  • FileSystemKeyStore: a key store which stores the keys encrypted on disk using the DAPI.

Errors and Exceptions

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp1.0 was computed.  netcoreapp1.1 was computed.  netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard1.5 is compatible.  netstandard1.6 was computed.  netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net452 is compatible.  net46 was computed.  net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen30 was computed.  tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.0 12,876 12/8/2023
2.0.0-rc.2 74 12/8/2023
2.0.0-rc.1 72 12/8/2023
2.0.0-dp.1 1,231 3/5/2021
1.0.0 11,613 8/28/2018
1.0.0-beta2 847 6/1/2018
1.0.0-beta 691 4/12/2018