i got my answer. if keys are not deleted from key ring there is no issue in decrypting the old data.
PII PHI data encyption using data protection api
I am using data protection api in asp.net core 3.1 . I have PII and PHI data in database. can I use data protection api to encrypt the data. what if my data is not accessed for more than 6 month how key rotation will effect that
Hi @Somnath Shukla , have you checked this doc to protect data using Data Protection APIs: https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/using-data-protection?view=aspnetcore-3.1 ?
Sort by: Most helpful
@Somnath Shukla , Thanks for the question! As you have added 'Azure' tag. Just wanted to confirm, are you leveraging Azure App Service or hosting the website on an Azure VM?
Hope the document provided by FeiHan-MSFT would help in your scenario/requirement.
Hi @Fei Han - MSFT I know how to use the Data protection api. My question is as i am using for PHI data is that correct design. is there any impact in long term on my data.
i am more worried let say 1 record is encrypted and not access for 6 month. in between my keys got rotated how this will work.
@Somnath Shukla , as you mentioned in your new post, as long as key(s) (even if it is retired) remain on the system, the app can decrypt any data protected with them. For detailed information about "Data Protection key management and lifetime in ASP.NET Core", please check this doc: https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings?view=aspnetcore-5.0
Sign in to comment