Search code examples
c#asp.net-identityasp.net-core-webapiuser-data

Protect sensitive data using asp.net identity and IDataProtection

It's the first time writing here so if I make a mistake, I'm sorry. I have not yet fully acquainted with the rules.

I'm doing an homework using Asp.net Core 2.1 WebApi with Identity and EF Core.

I've been looking for a way to encrypt and decrypt user sensitive data using IDataProtection and Identity but I cannot encrypt data such as email because it validates whether or not it is the correct format of an email.

The initial idea of ​​the task is that all these data are encrypted with the tools mentioned above.

I have used the MSDN documentation and I don't know whether to encrypt certain things such as first and last name and ignore others such as email. And if you ignore certain fields, what reason could you tell the teacher why you didn't encrypt those fields?

If you have a suggestion of what I can do, I would appreciate it.

Have a nice day and thanks in advance.

Solution

  • Don't "encrypt all the things". There's a cost to encryption. By nature it's slow and processing-intensive because that's what actually buys you the security. You're essentially creating a math problem that would take a computer too long to reasonably solve. Encryption is, of course, necessary in many cases, but because it's a trade-off, you should only do it in those specific cases, namely highly sensitive data like a password, social security number, credit card number, etc.

    Things like email address, first name, last name, etc. are not such cases. The data itself is not sensitive and in many cases is already public anyways. For example, someone's first and last name are not "secret"; they openly tell this information to anyone they might meet.

    However, this mundane information can rise to the level of sensitive, if or when it becomes associated with other data that is private in conjunction with that information. For example, if you have a dataset that includes financial information, such as salary, debt-to-income ratio, etc., that data is not necessary private or sensitive on its own, but when you combine it with someone's first and last name, email address, etc., it becomes very much private and sensitive. That's where the concept of PII (personally identifiable information) comes into play and compliance with laws like GDPR in the EU.

    Even then, though, the individual datum do not need to be encrypted; you must simply handle the combined data in a sensitive way. In other words, you need to ensure restricted access to any databases, only transfer the data over secure channels, such as HTTPS, etc. As long as the data, in general, is protected, each individual datum doesn't need to be encrypted.