In May 2018, the General Data Protection Regulation (GDPR) came into effect.
It has wide-reaching implications for how business handle customers information.
In this blog, I will show you how you can protect user data by encrypting the data you hold on your customers.
Encrypting data allows you to store information in a database. If the data is compromised, the attacker will not be able to see the information stored in a readable format.
So, in this example, if a visitor visits your site and completes a form entering their details, you need to ensure its security.
The code below shows how to capture the saving event in Umbraco.
We can now encrypt the data submitted before storing it in Umbraco as shown below.
EncryptWithNoPassPhrase Class
public static string EncryptWithNoPassPhrase(string plainText)
{
if (!string.IsNullOrEmpty(plainText))
{
byte[] data = Encoding.Unicode.GetBytes(plainText);
CspParameters cspParameters = new CspParameters { KeyContainerName = Iv };
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, cspParameters))
{
byte[] reBytes = rsa.Encrypt(data, false);
return Convert.ToBase64String(reBytes);
}
}
return "No Data Supplied";
}
Now when we are in the back office we need to decrypt the data so that we can read it as shown below.