GDPR, NAV Data Encryption, Part II
Hi people, The GDPR deadline is approaching… only few days to Deadline !
Encryption: it may be useful to have useful functions encrypt data (for sensitive data, password, biometric data etc. ad example).
I show this simple solution to Encrypt data in NAV using standard NAV features.
Before to start, it might be useful to have a look at the Data Encryption Design Pattern related to the topic.
Design Patterns: Data Encryption
https://community.dynamics.com/nav/w/designpatterns/276.2-data-encryption
Solution: Encrypt sensitive data. Dynamics NAV offers a simple mechanism for data encryption, to be used by NAV developers.
When sensitive data is stored inside the Dynamics NAV database, if negligently handled, it can become vulnerable. Particularly, the location, access and the state of the data are critical.
Use the following patterns to enhance security on your NAV system.
List of ALL Encryption Functionalities
NAV Encryption tools in Action
Encryption in NAV is live since NAV 2015. Core of Encryption functions are available in: “Codeunit 1266 – Encryption Management”; with this codeunit you can Encrypt Data calling encryption\decryption functions.
NAV Usages: Standard Encryption examples can be found in NAV in the following places: Page 1260 Bank Data Conv. Service Setup, Page 1270 OCR Service Setup, Page 5330 CRM Connection Setup, Table 1275 Doc. Exch. Service Setup
Steps
#1 – Enable Encryption
To use encryption you must enable Encryption with Data Encryption Management Page.
#2 – Define Encryption Password
#3 – Export Encryption Key file
And after Save the Encryption KEY
#4 – Encryption is now enables
Check if Encryption is enabled.
“Encryption is enabled” (in this case).
“How to” Encrypt\Decrypt
To use Encryption\Decryption now you can use customs Functions based on “Encryption Management” codeunit (OnDemand Encryption)
OBJECTS
- New Codeunit with two separate functions (Encrypt\Decrypt)
Codeunit: 50000 CryptAndDecrypt
TEST
Before Encryption
After Encryption
Before Decryption
Functions
NAV Crypt
NAVCrypt(parEncryptObject : Text[250])
IF cduEncryptionManagement.IsEncryptionEnabled THEN BEGIN
//Start Encrypt
MESSAGE(‘Before Encryption: ‘ + parEncryptObject);
parEncryptObject := COPYSTR(cduEncryptionManagement.Encrypt(parEncryptObject),1,249); //DO Enrypt
MESSAGE(‘After Encryption: ‘ + parEncryptObject);
END;
NAV Decrypt
NAVDeCrypt(parDecryptObject : Text[250])
IF cduEncryptionManagement.IsEncryptionEnabled THEN BEGIN
//Start Encrypt
MESSAGE(‘Before Decryption: ‘ + parDecryptObject);
parDecryptObject := cduEncryptionManagement.Decrypt(parDecryptObject); //DO Decrypt
MESSAGE(‘After Decryption: ‘ + parDecryptObject);
END;
Based on Standard NAV Script Codeunit 1266 Encryption Management
This is only a little sample.
OTHER SOLUTIONS TO USE DATA ENCRYPTION
#1 – Using SQL Server Transparent Data Encryption (TDE) with Dynamics NAV
Transparent Data Encryption (TDE) is available in Enterprise Edition of SQL Server as well as Azure SQL Database.
“With TDE, you can encrypt sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. TDE performs real-time I/O encryption and decryption of the data and log files to protect data at rest. TDE can assist in the ability to comply with many laws, regulations, and guidelines established in various industries.”
#2 – Encrypt with SQL Server
This topic describes how to encrypt a column of data by using symmetric encryption in SQL Server 2017 using Transact-SQL. This is sometimes known as column-level encryption, or cell-level encryption.
How to encrypt\decrypt string in Sql Server, many solutions here
How do I encrypt and decrypt any string using sql?
https://www.codeproject.com/Questions/376609/How-to-encrypt-decrypt-string-in-sql-server
#3 – Encrypt with C# Features
You cans use DES Class (Data Encryption Standard) System.Security.Cryptography in mscorlib.dll
https://msdn.microsoft.com/it-it/library/system.security.cryptography.des(v=vs.110).aspx
Great Post by Stefano Demiliani here:
Hello Roberto! Thank you very much for this post. I have noticed that whenever I have been planning to write a new blog post, either you or Stefano Demiliani have already covered the issue very well. This time I was about to blog about SQL server encryption options.
I would like to emphasize though, that whenever you enforce encryption with NAV, and you have Load Balancing set or multiple NAV Services, you will have to make sure encryption is on with all NAV servers, and with same encryption key.
Link to Stefano’s blog about encryption:
https://community.dynamics.com/nav/b/stefanodemiliani/archive/2018/01/30/microsoft-dynamics-nav-and-data-encryption