Forms crypto engine
Beginning with version 4.6, the Episerver Forms add-on introduces an encryption feature that lets you secure a form's data. This topic provides an overview of the Form encryption feature and explains how to customize it.
Form encryption components are as follows.
- ICrypto. Interface representing the mechanism (for example, symmetric or asymmetric) used to encrypt plain-text or decrypt cipher-text.
- SymmetricCryptoBase. Base class for symmetric crypto that uses symmetric algorithms to encrypt a plain-text or decrypt a cipher-text. This class follows a standard, so (in most cases) third-parties need only to override how the key is initialized for the symmetric algorithm.
- AesCrypto. Specific symmetric crypto that uses AesManaged as the symmetric algorithm for data encryption and decryption. This is the default SymmetricCrypto used by Forms.
- RsaCrypto. Asymmetric crypto that uses RSA (asymmetric algorithm) to encrypt a plain-text or decrypt a cipher-text.
- IFormCryptoEngine. Interface that supports encrypting and decrypting of form submission data.
- FormCryptoEngineBase. Base class of the form crypto engine provided by Forms. The default implementation includes both RSA crypto (asymmetric) and AES crypto (symmetric), giving more options to secure the data. This class exposes the abstract function “Initialize” to initialize the engine's required parameters.
- CryptoEngineFactory. Factory to initialize a form crypto engine based on a setting in Forms.config.
Custom Form Crypto Engine
EPiServer.Forms exposes only the APIs necessary to support the encryption feature. The default implementation of form crypto engine is provided in a separate package, EPiServer.Forms.Crypto.AzureKeyVault.
AzureKeyVaultCryptoEngine uses a symmetric algorithm for data encryption and decryption. The encryption key is stored in AzureKeyVault, a service enables users to store and use cryptographic keys within the Microsoft Azure environment. For details about Azure KeyVault, see Encrypting forms.
DecryptedCSVDataExporter: Exporter supports decrypted form data for eligible users.