GDPR, NAV Data Encryption, Part II

GDPR, NAV Data Encryption, Part II

Hi people, The GDPR deadline is approaching… only few days to Deadline !

Encryption: it may be useful to have useful functions encrypt data (for sensitive data, password, biometric data etc. ad example).

I show this simple solution to Encrypt data in NAV using standard NAV features.

Before to start, it might be useful to have a look at the Data Encryption Design Pattern related to the topic.

 

Design Patterns: Data Encryption

https://community.dynamics.com/nav/w/designpatterns/276.2-data-encryption

Solution: Encrypt sensitive data. Dynamics NAV offers a simple mechanism for data encryption, to be used by NAV developers.

When sensitive data is stored inside the Dynamics NAV database, if negligently handled, it can become vulnerable. Particularly, the location, access and the state of the data are critical.

Use the following patterns to enhance security on your NAV system.

  1. Sensitive Data Encapsulation
  2. Data Encryption
  3. Single Point of Access
  4. Masked Text
  5. SSL in NAV

List of ALL Encryption Functionalities

 

NAV Encryption tools in Action

Encryption in NAV is live since NAV 2015. Core of Encryption functions are available in: “Codeunit 1266 – Encryption Management”; with this codeunit you can Encrypt Data calling encryption\decryption functions.

NAV Usages: Standard Encryption examples can be found in NAV in the following places: Page 1260 Bank Data Conv. Service Setup, Page 1270 OCR Service Setup, Page 5330 CRM Connection Setup, Table 1275 Doc. Exch. Service Setup

Steps

#1 – Enable Encryption

To use encryption you must enable Encryption with Data Encryption Management Page.

#2 – Define Encryption Password

#3 – Export Encryption Key file

And after Save the Encryption KEY

#4 – Encryption is now enables

Check if Encryption is enabled.

“Encryption is enabled” (in this case).

 

“How to” Encrypt\Decrypt

To use Encryption\Decryption now you can use customs Functions based on Encryption Management codeunit (OnDemand Encryption)

OBJECTS

  • New Codeunit with two separate functions (Encrypt\Decrypt)

Codeunit: 50000 CryptAndDecrypt

TEST

Before Encryption

After Encryption

 Before Decryption

 

Functions

NAV Crypt

NAVCrypt(parEncryptObject : Text[250])

IF cduEncryptionManagement.IsEncryptionEnabled THEN BEGIN

//Start Encrypt

MESSAGE(‘Before Encryption: ‘ + parEncryptObject);

parEncryptObject :=   COPYSTR(cduEncryptionManagement.Encrypt(parEncryptObject),1,249); //DO Enrypt

MESSAGE(‘After Encryption: ‘ + parEncryptObject);

END;

NAV Decrypt

NAVDeCrypt(parDecryptObject : Text[250])

IF cduEncryptionManagement.IsEncryptionEnabled THEN BEGIN

//Start Encrypt

MESSAGE(‘Before Decryption: ‘ + parDecryptObject);

parDecryptObject :=  cduEncryptionManagement.Decrypt(parDecryptObject); //DO Decrypt

MESSAGE(‘After Decryption: ‘ + parDecryptObject);

END;

 Based on Standard NAV Script Codeunit 1266 Encryption Management

This is only a little sample.

 

OTHER SOLUTIONS TO USE DATA ENCRYPTION

#1 – Using SQL Server Transparent Data Encryption (TDE) with Dynamics NAV

Transparent Data Encryption (TDE) is available in Enterprise Edition of SQL Server as well as Azure SQL Database.

“With TDE, you can encrypt sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. TDE performs real-time I/O encryption and decryption of the data and log files to protect data at rest. TDE can assist in the ability to comply with many laws, regulations, and guidelines established in various industries.”

https://robertostefanettinavblog.com/2018/04/26/using-sql-server-transparent-data-encryption-tde-with-dynamics-nav/

 

#2 – Encrypt with SQL Server

This topic describes how to encrypt a column of data by using symmetric encryption in SQL Server 2017 using Transact-SQL. This is sometimes known as column-level encryption, or cell-level encryption.

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data?view=sql-server-2017

How to encrypt\decrypt string in Sql Server, many solutions here

How do I encrypt and decrypt any string using sql?

https://www.codeproject.com/Questions/376609/How-to-encrypt-decrypt-string-in-sql-server

 

#3 – Encrypt with C# Features

You cans use DES Class (Data Encryption Standard) System.Security.Cryptography in mscorlib.dll

https://msdn.microsoft.com/it-it/library/system.security.cryptography.des(v=vs.110).aspx

 

Great Post by Stefano Demiliani here:

https://community.dynamics.com/nav/b/stefanodemiliani/archive/2018/01/30/microsoft-dynamics-nav-and-data-encryption

One thought on “GDPR, NAV Data Encryption, Part II

  • 27 July 2018 at 12:07 PM
    Permalink

    Hello Roberto! Thank you very much for this post. I have noticed that whenever I have been planning to write a new blog post, either you or Stefano Demiliani have already covered the issue very well. This time I was about to blog about SQL server encryption options.
    I would like to emphasize though, that whenever you enforce encryption with NAV, and you have Load Balancing set or multiple NAV Services, you will have to make sure encryption is on with all NAV servers, and with same encryption key.
    Link to Stefano’s blog about encryption:
    https://community.dynamics.com/nav/b/stefanodemiliani/archive/2018/01/30/microsoft-dynamics-nav-and-data-encryption

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve − 1 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enjoy this blog? Please spread the word :)

%d bloggers like this: