Understanding encrypted values

Data can be encrypted just before being stored, in encrypted form, to a database column. Authorized users of an application can view the data, decrypted as plain text.

About encrypted data

Encrypted values can be stored in columns in the database.

  • Encrypting data results in a string that is longer than the plain text.
  • We recommend that you use a column length that is 1.5 times the length of the longest possible text, with a minimum length of 24 characters.
  • You are responsible for defining the column or property length, with enough space for the encrypted value.
  • Data is encrypted immediately before it is stored in the column, and decrypted immediately after reading the data from the column.
  • For transactional replication that uses an encrypted column, both databases must use the same key.

About the encryption key

The encrypted data is protected by an encryption key generated from the Configuration Manager, using the Edit Encrypted Key dialog box.

  • The encryption key is maintained using the configuration editor within the Configuration Manager.
  • The Edit Encryption Key dialog box includes a button to generate a random key and display the key so that it can be copied to a secured location for backup.
  • Multiple configurations that reference the same database must use the same encryption key.
  • Encrypted data is unrecoverable if the encryption key is lost.

About the EncryptedString data type

When an EncryptedString property is bound to a column, the data is encrypted immediately prior to writing to the column. The data read from the column is decrypted immediately before returning it in the response.

  • All data stored in columns that are bound to the EncryptedString data type are automatically encrypted.
  • For configurations that do not have a key defined, any operation that involves an EncryptedString property fails with an exception and indicates the reason.
  • Custom load methods that return data in EncryptedString properties must return the encrypted value from the column. The framework is responsible for decrypting the data before returning it in the response.
  • The EncryptedString property is not supported in filters.
  • Encrypted values can only be used in form and DataView reports.
  • The EncryptedString data type is supported in these forms/fields:
    • The IDOs form: IDO Properties grid on Properties tab, Data Type column
    • The IDO Properties form: Data Type column and field
    • The Property Classes form: Data Type column and field
    • The IDO Property Wizard form: Data Type field