|
Well, this seems to work, but it's a big hairy hack.
Use 2 properties:
- one property, for encryption, is mapped with a custom usertype: SQLTypes() returns a BinarySqlType, and NullSafeSet() embeds the EncryptByKey() function in the SQLCommand - change the SQLParameter.DbType to a string to fool System.Data.SqlClient into accepting your input, and watch out for caching which might make the embedding recursive;
- the other property, for decryption, is mapped with a formula attribute containing the DecryptByKey() function - this will further need to be converted to say nvarchar, so extend MsSql2005Dialect to register nvarchar (as a function, since RegisterKeyword() is internal to NHibernate)
This will result in a single encypted column on the db. We "wrapped" the 2 properties in a 3rd property with a nice name to make the object less ugly to read and write to, and used the name attribute in the mapping file so the db column matches.
We weren't too careful about key management, but note that the OPEN ... KEY statement needs to be called inline before queries, as it doesn't seem to accept variable syntax, and that you need to be careful about transaction scope.
As ever, if anyone has warnings or improvements to suggest, go ahead!
... gimme TDE any day
|
Login
FAQ
Search