IQrypt SDK for C# can be embedded into your .NET, Windows Universal, Xamarin.iOS or Xamarin.Android and let's you encrypt data at the client side before being sent to a cloud database(like MongoDB, DocumentDB, CouchDB, etc).

This quick-start provides just enough information to get you started using IQrypt in C# within VisualStudio.

Downloading the C# libraries and add references

You will have to download .NET assemblies from here. IQrypt.dll is dependent on the following libraries:

  • net version is dependent on Newtonsoft.Json.dll
  • universal version is dependent on Newtonsoft.Json.dll
  • unity version does not have any dependencies

In VisualStudio add all assemblies as references (for required platform).

Add Required using Statements

As a minimum you will need the following using statements:

using IQrypt;

License Key

Before doing any operations, IQrypt requires a license key:

IQryptConfigurator.SetLicense("your license key");

*You can get a free trial license key from here.

Encryption settings

Before starting encrypt/decrypt data, IQrypt requires to set the encryption cipher and the encryption key. You can set it like this:

 IQryptConfigurator.SetEncryptionChiper(Cipher.AES256, "my_super_secret");

*On production apps get the encryption key from a safe location- see Vault (do not embed it into the code).

Cipher is an Enum type and has following values: Cipher.AES128, Cipher.AES256, Cipher.Camellia128 and Cipher.Camellia256.

With IQrypt you can encrypt database fields values/documents with different encryption schemes: OPE, DET, RND.

  • RND - randomized encryption (not searchable)
  • DET - deterministic encryption (allows EQUAL/NOT EQUAL queries, ex: WHERE field="encrypted_value")
  • OPE - order preserving encryption (allows Equality and Range queries, ex: WHERE field>"encrypted_value")

IQrypt may encrypt any Type that can be serialized to JSON but also primitive types like int, double, DateTime, string, etc. To start encrypt values you will need to get an IEncryptor reference. IEncryptor interface has the following definition:

public interface IEncryptor
    {
        string Encrypt(object obj);
        object Decrypt(string encryptedStr,Type t);
        object Decrypt(string toDecrypt, Type t, bool encodingHexa);
        string Encrypt(object obj, bool encodingHexa);
        byte[] EncryptBytes(byte[] bytes);
        byte[] DecryptBytes(byte[] bytes);
    }

So basically you can encrypt everything to a String or if you want to encrypt files, for instance, you can use EncryptBytes method.

RND encryption scheme

You can use RND encryption scheme to encrypt a full JSON document or a file, or just a document's field value. Example:

IEncryptor encryptor = EncryptorFactory.GetEncryptor(EncryptionType.RND);

string sensitiveInfo="This info is sensitive";

//encrypt the string with RND encryption scheme having as cipher AES256 and encryption key material "my_super_secret"
string encryptedValue = encryptor.Encrypt(sensitiveInfo);

You can also encrypt complex types, let's take an example:


public class Invoice
    {
        public string CustomerName { get; set; }
        public int InvoiceNumber { get; set; }
        public decimal Total { get; set; }
        public DateTime InvoiceDate { get; set; }

    }
........


Invoice invoice = new Invoice { CustomerName = "My Company", InvoiceDate = DateTime.Now, Total = 2390 };

IEncryptor encryptor = EncryptorFactory.GetEncryptor(EncryptionType.RND);

string encryptedValue = encryptor.Encrypt(invoice);

//and now let's decrypt back:
Invoice myDecryptedInvoice = encryptor.Decrypt(encryptedValue);


Using RND encryption scheme, making successive calls and encrypt same plain text with same encryption key, it will always return different encrypted string, example:

IEncryptor encryptor = EncryptorFactory.GetEncryptor(EncryptionType.RND);

string sensitiveInfo="This info is sensitive";

string encryptedValue = encryptor.Encrypt(sensitiveInfo);

string encryptedValue2 = encryptor.Encrypt(sensitiveInfo);

if(encryptedValue == encryptedValue2 )//this will never be true
{
    //will never reach this part
}


DET encryption scheme

DET encryption scheme is recommended to encrypt fields values by which you will need to make equality/non equality queries. If you encrypt a value with this scheme, the encrypted string will always be the same if it is used same Cipher and same encryption key example:

IEncryptor encryptor = EncryptorFactory.GetEncryptor(EncryptionType.DET);

string SSN="003-62-5913";

string encryptedValue = encryptor.Encrypt(SSN);

string encryptedValue2 = encryptor.Encrypt(SSN);

if(encryptedValue == encryptedValue2 )//both values are equal
{
    //will always reach this part
}

OPE encryption scheme

OPE encryption scheme is recommended to encrypt fields values by which you will need to make equality/non equality but also range queries. With this encryption scheme you will be able to encrypt only: Short,Int,Long, Float, Double and DateTime so far.

IEncryptor encryptor = EncryptorFactory.GetEncryptor(EncryptionType.OPE);

DateTime now = DateTime.Now;
DateTime tomorrow = DateTime.Now.AddDays(1);

string encryptedNow= encryptor.Encrypt(now);
string encryptedTomorrow = encryptor.Encrypt(tomorrow);

 bool nowIsLessThenTomorrow = string.Compare(encryptedNow, encryptedTomorrow ) < 0;

//nowIsLessThenTomorrow will be true.