As we turn code into components in the System Application layer, we’re putting considerable effort into standardizing how we handle sensitive data. Together with changes in Secret Management, the Cryptography Management module will provide support for safely storing sensitive data.
NOTE. To get more insight about Secret Management in the new release, check out the article – Changes in Secret Management in Dynamics 365 Business Central.
WHAT HAS BEEN DONE
In 2019 release wave 2, the existing encryption and hashing functions have been moved to a separate module called Cryptography Management. We’re making the module available on GitHub so that our development community can provide additional methods to help build robust solutions when working with encryption. Due to security requirements in the cloud environment, some of the capabilities that were available in the on-premises version are not available in the online version Business Central. For example, while encryption was optional for on-premises versions, meaning you can turn it on or off, encryption is always turned on in the online version.
WHAT THE MODULE PROVIDES
The new interface provides the following capabilities for Business Central version:
– Encrypt and decrypt data
– Generate a hash from a string or stream based on the provided hash algorithm
– Generate a base64 encoded hash from a string based on the provided hash algorithm
– Generate a key base64 encoded hash from a string based on the provided hash algorithm and key.
For on-premises versions of Business Central, the module also provides support for:
– Enabling and disabling encryption with supporting events
– Exporting encryption keys
– Retrieving the status of encryption
– Getting the recommended question to activate encryption
WHAT TO CHANGE IN YOUR EXISTING EXTENSION
We know you’re thinking, “This is going to break my extension.” That’s true, but we hope the break won’t be too difficult to mitigate. Getting your extension ready to use the new Cryptography Management module is just a matter of updating all references to codeunit 1266 Encryption Management to point to codeunit 1266 Cryptography Management instead.