In a moment where topics like GDPR and privacy are so hot, encrypting sensitive informations in your NAV database is becoming always more a must to do (and one of the features that customers are asking nowadays).
In these weeks I’ve see on forums many custom data encryption implementations on NAV, but starting from the 2015 version NAV as a built-in data encryption feature that can be used instead of “reinventing” all every time.
In order to use the standard NAV data encryption feature, you need first to go to Departments/Administration/IT Administration/General menu and click on Data Encryption Management.
In the Data Encryption Management page, click on Enable Encryption:
Now NAV asks you a confirmation message:
and then asks you to generate a password-protected encryption key:
Enter your password and save the generated encryption key in a safe location (don’t loose it!!):
When the .key file is generated, the Encryption Enabled and Encryption Key Exists flag are now set as true and in the ribbon some functions for managing this key are now activated:
Now you can start using the native NAV encryption features directly on your C/AL code in a very easy manner, just by calling the methods exposed in the codeunit 1266 – Encryption Management. Here’ s a small sample on how to encrypt and decrypt a sensible data from C/AL:
Some important things to remember if you’ve enabled data encryption in NAV:
- If you’ve multiple service tiers, you’ve to enable encryption from service tier 1, then export the encryption key and import that on the other service tiers (via the Import Encryption Key button on the Data Encryption Management page). If the encryption key is password-protected, NAV will ask you for the password when importing that key.
- If you export NAV encrypted data for importing that on a new NAV instance, you’ve also to export the encryption key and import it on the other NAV instance (or you can’t read that data).
I’ve used custom implementation to Encrypt data, with custom key, and on the other side (Azure function), I decrypt data with the same key.
Now in version 15, I’m not able to use dotnet’s any more, so I thought to use Cryptography Management module for encryption, and system’s encrypt function.
Am I able to import same key (key that I used in azure function) into the system, and use it, so every tenant will use same encryption key, or I need to export key per tenant and have azure functions as much as we have tenants?
Yes you can use same key for different tenant. However (if you’re talking about on.premise, obviously) why you are not able to use DotNet? You can do that also in V15 like before (obviously, only on-premise).