Solutions    |    Downloads    |    License    |    Documentation    |    Training    |    Support    |    Customers    |    About Us

Encryption Sample

Last Updated: Dec 18, 2012 07:03PM IST

In order to see how to encrypt message data, open up the Encryption sample.

First of all run the solution - you should see two console applications start up. Find the client application by looking for the one with "Client" in its path and press 'Enter' a couple of times in the window. Notice that the server application outputs "I know your secret - it's 'betcha can't guess my secret'."

Your screen should look something like this:

Encryption sample running

Now let's go look at the code:

Encryption sample

Code Walk-Through

Let's start by looking at the Messages project - open the MessageWithSecretData.cs file. You should see the following code:

public class MessageWithSecretData : IMessage
{
    public WireEncryptedString Secret { get; set; }
}

Here we have a class that implements the NServiceBus IMessage interface, indicating that it is a message, which contains a single property of the type WireEncryptedString. This is an NServiceBus type that specifies that the contents of that property will be encrypted on the wire when transmitted by NServiceBus.

The next thing to look at is how the encryption will happen - for this, open the Client.cs file in the Client project. Let's look at this one piece at a time.

First there's the configuration of the endpoint as a client as seen below:

public class EndpointConfig : IConfigureThisEndpoint, AsA_Client {}

For more information on the above, see here.

Then comes the part that indicates how encryption will be configured:

public class SecurityConfig : IWantCustomInitialization
{
    public void Init()
    {
        NServiceBus.Configure.Instance.RijndaelEncryptionService();
    }
}

In the above you can see a class implementing the NServiceBus interface IWantCustomInitialization. This interface allows implementors to hook into the NServiceBus initialization pipeline and specify additional configuration before the endpoint starts. In this case, we're accessing the current instance of the NServiceBus configuration via "NServiceBus.Configure.Instance" and then specifying that the RijndaelEncryptionService is to be used. For more background information on the Rijndael algorithm click here (opens in a new window).

The rest of the file shows that we can set the contents of the encrypted property just like any other property, and then using the bus to send the message. If you need more information about sending messages - see the FAQ here and here.

Now let's take a look at the app.config file in the Client project. Notice that there's an additional configuration section for the Rijndael encryption service:

<section name="RijndaelEncryptionServiceConfig" 
type="NServiceBus.Config.RijndaelEncryptionServiceConfig, NServiceBus.Core"/>

Now scroll down a bit until you get to the configuration itself:

<RijndaelEncryptionServiceConfig Key="gdDbqRpqdRbTs3mhdZh9qCaDaxJXl+e6"/>

The key specified here is used to encrypt all data that is in properties of the type WireEncryptedString.

IMPORTANT: The key specified must be the same in the configuration of all processes that are communicating encrypted information - both on the sending and on the receiving side. Open the app.config file of the Server project and see that the key is the same.

Now stop the server process and press 'Enter' one more time in the client process.

Go to the server's queue (called "MyServerInputQueue") and look at the message in it. For information on how to do this, see the FAQ here. Your message should look like this:

<?xml version="1.0" ?>
<Messages xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
          xmlns="http://tempuri.net/Messages">
  <MessageWithSecretData>
    <Secret>
      <EncryptedValue>
         <EncryptedBase64Value>+eeBont5Lzlre4cxDi8QT/M6EbAGxTerniqywbpLBVA=</EncryptedBase64Value>
         <Base64Iv>u8n8ds0Ssf/AdJCxpOG7AQ==</Base64Iv>
      </EncryptedValue>
    </Secret>
  </MessageWithSecretData>
</Messages>

As you can see the data in the property is encrypted, but the rest of the message is clear text. This keeps the performance impact of encryption as low as possible.

Finally, keep in mind that the security is only as strong as the keys - if the key is exposed, then an attacker can unencrypt the information. As such, you may not want to have your encryption keys stored on the client (if deployed remotely) or even on a web server in the DMZ. Also, you'll likely want to be able to change the keys used by all processes at the same time. This is done by overriding the source of configuration for the RijndaelEncryptionService as shown here.

RSS Linkedin Twitter stayInTouch
About NServiceBus    |    Contact Us    |    Privacy    |    Follow us on:   
Copyright 2010-2013 NServiceBus. All rights reserved
support@nservicebus.com
http://assets1.desk.com/raca8b478c9bd89640c451013350d59caa6b66ee1/javascripts/
nservicebus
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
true
Invalid characters found
/customer/en/portal/articles/autocomplete
There was an error contacting Get Satisfaction
View All
0
discussions
replies
Questions
Ideas
Problems
Praise