Encryption, Entity Framework and Projections

We just got another email asking how Crypteron's CipherDB encryption works with Entity Framework's projections. So I decided it's time to write a blog post about it.

For starters, Crypteron works very well with Entity Framework. And for the most past Entity Framework works with - well - Entities. But there are some cases where one may use projections that result in non-Entity classes.

What are projections?

In the simplest words, a projection is when the Entity class is 'projected' into another class or an anonymous class. This is typically done when your entity may have a very large number of properties (i.e. very wide row) but you need only a few properties. For example: Select(product => new { product.price }). This will project only the price of the entity into an anonymous object and that's the return type (not the entity). Note that in most cases Entity Framework will deliver Entities - so you're all good. This is for advanced use cases.


The issue is the return type is simple an anonymous object and is technically not an Entity. So Entity Framework doesn't trigger Crypteron's CipherDB agent and is therefore still in an encrypted state.


The solutions are simple. Either use entities and everything is back to normal. Or if you must use projection, use Crypteron CipherObject - our object encryption agent - to decrypt the object. This is because we've designed all Crypteron agent's to be cross-compatible with each other. So for example, data encrypted by a Java CipherObject agent - perhaps a large Apache Spark cluster - can be blindly copied into SQL storage use with the C# CipherDB agent. The only requirement is that these agent's use the same AppSecret so they are considered part of the same suite that pools or share their protected data. Crypteron's cross-compatibility enables many such powerful scenarios and projections here are just another example.

Show me the code

The solution is to use CipherObject.Protector.Unseal(projectedObject)on the projected object. A full code example will make this clear. We'll use the Crypteron sample apps on GitHub for a reference so you can try yourself. Install the Crypteron CipherObject NuGet package. Then put the code below in the Test() method within ProcessCustomer.cs. Run it and choose "t" at the menu.

// We define a concrete class for our projection and decorate it with
// the [Secure] attribute
public class ProjectedUser
    public string Name { get; set; }

    public string CreditCard { get; set; }

    public byte[] SSN { get; set; }

    public string OrderItem { get; set; }

public void Test()
    // Placeholder for anything you want ...
    using (var secDb = new SecDbContext())
        // This will work ...
        foreach (var o in secDb.Users.Take(5).Select(u => new ProjectedUser()
            Name = u.CustomerName,
            CreditCard = u.SecureSearch_CreditCardNumber,
            SSN = u.Secure_SocialSecurityNumber,
            OrderItem = u.OrderItem
            // ... because of CipherObject
            CipherObject.Protector.Unseal(o); // <===
            // do some work

        // This will NOT work, they're just anonymous objects
        // NOT entities
        foreach (var o in secDb.Users.Take(5).Select(u => new {
            // do some work


That's it! That's how you can get projections working with Entity Framework. In fact, with CipherObject, you have tremendous flexibility and power to architect a wide variety of solution. If you have any question or need some guidance, please feel free to drop us a line at support@crypteron.com. We look forward to hearing from you.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent blog posts

Migrating existing live data into Crypteron

You’re already live in production. And you have sensitive in the clear. Read this article to see how Crypteron can help.

Encryption, Entity Framework and Projections

Projections in Entity Framework live outside the entity lifecycle. Read more to learn how your can use Crypteron to secure such data.

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

Encryption, Entity Framework and Projections

by Sid Shetye time to read: 2 min