Data Protection and Encryption

User passwords in the G-Health Server database are hashed and salted as part of the ASP.NET Core Identity API and are not stored in any reversible form.

However some data needs to be protected in a way that can be reversed. For this the ASP NET Core Data Protection API is used.

In a default installation of G-Health where everything is on one server one does not need to concern themselves with this. The encryption keys are stored locally to disk and they are encrypted further themselves using the Data Protection API (DPAPI) that is built into windows. As such if the keys were copied off the server to another computer they cannot be used.

In enterprise scenarios where the data may need to be decrypted from multiple devices a different approach is required.

Custom Configuration

By editing the appsettings.json files (or editing Environment Variables on the server) it is possible to customise the configuration with respects to data protection.

We can specify our own custom key storage location and we can specify a certificate to encrypt/decrypt those keys rather than using Windows's DPAPI. As such the encryption keys could be stored on a NAS or just backed up manually and then the certificate can be used to decrypt those keys when used from another machine.

The certificate can be referenced by Thumbprint:

"KeyStorageLocation": "C:\\my-folder\\keys",
"Certificate":{
    "Thumbprint":"e59b61abc3f9efad30f9c078afa4049b98ccffdb"
}

or by specifying the location, store and subject:

"KeyStorageLocation": "C:\\my-folder\\keys",
"Certificate":{
    "Location": "LocalMachine",
    "Store": "My",
    "Subject": "MyEncryptionCertificate"
}

Where "Location" could be "LocalMachine" or "CurrentUser" and "My" refers to the Personal certificate store.

Roadmap

In future it is planned to expand the key storage options such that third party secure systems can be used for key storage.