Wednesday, March 21, 2012

Playing around with the EPiServer.Util.SimpleEncryption class

The other day I was playing around with Reflector and I ran into the EPiServer.Util.SimpleEncryption class, which I haven’t really noticed before. The class includes the usual self-explaining cryptography methods like Encrypt and Decrypt, but it also contains some not so self-explaining methods like ClearText and EncryptedText.
So I had to play around with this a little bit, hoping I’d understand why EPiServer has included this class. I browsed for usages of the class and the only usages I could find was in the ExceptionManager and in the EPiServer.Cmo.Cms assembly. I found one comment from 2005 stating that EPiServer.Util originally wasn’t planned on being made public. If this it the case it might explain why there’s so little information about it.

The SimpleEncryption constructor
The SimpleEncryption constructor takes one parameter, an initializer used for generating the cryptography key:

SimpleEncryption simpleEncryption = new SimpleEncryption("myInitializer");

Encrypting text
There are two encryption methods you can use, Encrypt or EncryptedText. They will return the same encrypted string, but the string returned from EncryptedText will be prefixed with ENCRYPTED:

string original = "Testing encryption with SimpleEncryption";

string encrypt = simpleEncryption.Encrypt("myKey", original);
// encrypt == AvVayN0k1jSXjUVHzRmtq9rl9yCtmNLq+sBvz53vr0A6CIbzMaASE2LZ1LHR7hPT

string encryptedText = simpleEncryption.EncryptedText("myKey", original);
// encryptedText == ENCRYPTED:AvVayN0k1jSXjUVHzRmtq9rl9yCtmNLq+sBvz53vr0A6CIbzMaASE2LZ1LHR7hPT
It took me a while to understand why the EncryptedText method is included at all, I found it a bit pointless in the beginning.

Checking if a string is encrypted
Let’s assume you have a piece of text, and you don’t know whether this text is encrypted or not. If you’ve made a habit of using the EncryptedText method, you can use the IsEncrypted method to check if the text is encrypted:

bool isEncrypted = simpleEncryption.IsEncrypted("AvVayN0k1jSXjUVHzRmtq9rl9yCtmNLq+sBvz53vr0A6CIbzMaASE2LZ1LHR7hPT");
// isEncrypted == false

bool isEncryptedText = simpleEncryption.IsEncrypted("ENCRYPTED:AvVayN0k1jSXjUVHzRmtq9rl9yCtmNLq+sBvz53vr0A6CIbzMaASE2LZ1LHR7hPT");
// isEncrypted == true
Here I’m calling the IsEncrypted method with the two encrypted strings from the previous example. Both these texts are encrypted, so you’d assume that both isEncrypted and isEncryptedText would be true. That’s not the case, the IsEncrypted method only checks if the value specified is prefixed with “ENCRYPTED:”. This means that the following would return true even though the text is not encrypted:
bool isEncrypted = simpleEncryption.IsEncrypted("ENCRYPTED:This text is not encrypted");
// isEncrypted == true

Decrypting text
If you encrypted the text using the Encrypt method, you can decrypt the text by using the Decrypt method. If you encrypted the text using the EncryptedText method, you need to use the ClearText method in order to decrypt it.

This class is old, outdated and not safe. It will be phased out, so don't use it. See comments for more information. Conclusion: you've just wasted your time reading this blog post! Sorry...

Tuesday, March 13, 2012

Epinova.CRMFramework 2.0 Alpha version has been released

Finally, Epinova.CRMFramework now supports Microsoft Dynamics CRM 2011! The alpha version has just been released on CodePlex, check it out!

Due to a lot of changes in Microsoft Dynamics CRM 2011, the framework has been completely rewritten with a few consequences:

New requirements:
.NET Framework 4
Microsoft Dynamics CRM 2011

CrmControllerFactory.Instance returns an interface
In previous versions CrmControllerFactory.Instance returned an object of type CrmControllerFactory. This now returns an interface: ICrmControllerFactory.

Permanent removal of CrmQuery class
The CrmQuery system, while functioning in the previous version, was not well enough equipped for complex queries. I’ve removed the CrmQuery class with plans of replacing it with LINQ support in the Beta version.

Temporary removal of CrmEntityController<T>.Find()
As the CrmEntityController<T>.Find() method requires the CrmQuery class, this method has been removed. It will be reinserted in the Beta version of the framework.

Temporary removal of CrmManyToManyRelationshipController<T, V>
As the CrmManyToManyRelationshipController<T, V> class requires the CrmQuery class it has been removed. It will be reinserted in the Beta version of the framework.


Can I upgrade from v1.0 to v2.0-alpha?
If you are integrating with Microsoft Dynamics CRM 2011 and you are not affected by the removals listed above, then yes. I would recommend testing well though as I can not guarantee a bug free alpha version (surprise surprise). Replace the dll’s from v1.0 with the dll’s from v2.0-alpha and you’re good to go.

When will the beta version be released?
I can not give you an accurate answer to this question. The more feedback I get from the alpha version, the faster will the beta version be released!

Do you have any other questions? Feel free to contact me or post a comment :)