Adding additional layers of encryption and protection in SharePoint beyond the built-in AES 128-bit encryption at rest can improve security, especially for sensitive data. Encrypting and decrypting data through web parts can prevent the viewing of sensitive information contained in files stored in SharePoint Libraries.
Encryption Web Part
This web part will encrypt a file being uploaded to a SharePoint library using the Web Crypto API.
Web Crypto API Overview
The Web Crypto API is a built-in JavaScript API that provides cryptographic functions for secure data handling. It allows web applications to perform encryption, decryption, hashing, and key generation using modern cryptographic algorithms.
Key Features:
- Encryption & Decryption: Supports AES-GCM, AES-CBC, and RSA-OAEP.
- Key Generation & Management: Generates secure cryptographic keys.
- Hashing: Supports SHA-256, SHA-384, and SHA-512.
- Digital Signatures: Uses RSA-PSS and ECDSA for authentication.
- Secure Random Numbers: Uses
crypto.getRandomValues()for generating strong randomness.
The API is asynchronous, ensuring performance optimization, and is designed to work within secure contexts (HTTPS only).
Example
In this example, a file will be uploaded to the Documents folder but not before the file is encrypted:
The text file, secretfile.txt, contains the following:
The file is now uploaded to the Documents folder:
This is what the user sees when they try to view or download the file:
When downloaded, the file, which now ends in .enc, is unreadable:
Decryption Web Part
This web part will decrypt a file stored in a SharePoint library.
Now let’s decrypt the file:
The downloaded file is now readable once again:
These web parts are only meant to be used as a template for a customized solution but if you’d like to test them, give me a ping.