top of page

Cryptography support in Business Central

In AL there is a codeunit called Cryptography Management (Codeunit 1266) which provides helper functions for encryption and hashing. Cryptography is used to keep the data safe by encrypting and depcrypting the data so that others canot misuse the data.

This post covers only basic usege of Cryptography Management codeunit. The following are the topics convered in this post.

  • Encryption Key

  • Importing / Exporting Encryption Key

  • Encrypt / Decrypt data

Encryption Key

Encryption Key is a unique string used by Cryptography Management for data encryption. This is maintained at the tenent level. This key is generated by using .NET Framework Data Protection API interally by enabling Encryption Key.

The following code enables Encryption programatically:

local procedure EnableEncryptionKey()
	CryptographyManagement: Codeunit "Cryptography Management";

Encryption can be enabled using "Data Encryption Management" page, by clicking Enable Encryption action button.

In Business Central online this is by default Enabled, and it can not be disabled.

After clicking Enable Encryption action button, it ask you to download a copy of encryption key so that you can keep it in a safe location.

Importing / Exporting Encryption Key

In this page there are few more options like Export Encryption Key, Import Encryption Key and Change Encryption Key.

  • Export Encryption Key - To backup exiting encryption key.

  • Import Encryption Key - Existing encrytion key can be restored / imported using this option.

  • Change Encryption Key - When encryption is already enabled, you can use this option to change encryption key.

Encrypt / Decrypt data

You can encrypt secret data using Encrypt method, and when it is need you can decrypt the data using Decrypt method.

The following code encrypts the text 'Hello':

local procedure TryEncrypt()
	CryptographyManagement: Codeunit "Cryptography Management";
	EncryptedText: Text;
	EncryptedText := CryptographyManagement.Encrypt('Hello');
	// pIuF3czIJLvv/KRQUKoGyXa2h2TEBonmxtlHu5lNJo4irzb5srQQl5isHuw182aL+op2FuehEq5/o0/8Nr3N1B34E8pbXdXRcC77sL+EfrXxZ2szebHNaQ47W6bTfLdLE4qYIQgcXx5s0VtFc6yLwvVe7bKHG02o8bYh6kiKrDIWdgwZyN5lOpbOrwMhl+ISAZo3iFrhR1OSnWF2uhCn4yyvGjhgA0Yp+9akLZqi8KycECRyIxhiGtSlg99be2aklDMWhGnNNTkL/BCxcEGPqp8ccXjMr/k5tRyw4VZsHSwYKIjnSUiVawh+1GqryG18vHV7JVpXyb1JFRDIkQ3uCQ==

The following code decrypts the encryped text to 'Hello':

local procedure TryDecrypt()
	CryptographyManagement: Codeunit "Cryptography Management";
	EncryptedText: Text;
	Data: Text;
	EncryptedText := 'pIuF3czIJLvv/KRQUKoGyXa2h2TEBonmxtlHu5lNJo4irzb5srQQl5isHuw182aL+op2FuehEq5/o0/8Nr3N1B34E8pbXdXRcC77sL+EfrXxZ2szebHNaQ47W6bTfLdLE4qYIQgcXx5s0VtFc6yLwvVe7bKHG02o8bYh6kiKrDIWdgwZyN5lOpbOrwMhl+ISAZo3iFrhR1OSnWF2uhCn4yyvGjhgA0Yp+9akLZqi8KycECRyIxhiGtSlg99be2aklDMWhGnNNTkL/BCxcEGPqp8ccXjMr/k5tRyw4VZsHSwYKIjnSUiVawh+1GqryG18vHV7JVpXyb1JFRDIkQ3uCQ==';
	Data := CryptographyManagement.Decrypt(EncryptedText);


In the early versions on Business Central / NAV, to achieve this functionality we had to use .Net variables. Now its part of System. There are many other methods in "Cryptography Management" codeunit you must try.

Happy Coding!!!

#MsDyn365 #MsDyn365BC #BusinessCentral #DynamicsNAV

1,151 views0 comments
bottom of page