eelke/IdentityShroud
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Support rotation of master key.

Browse source 
The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data.

(There are no intermeddiate keys yet)
This commit is contained in:
eelke 2026-02-24 06:32:58 +01:00
parent 4201d0240d
commit 644b005f2a
19 changed files with 259 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

4
IdentityShroud.Core/Contracts/IEncryptionService.cs
View file

@ -2,6 +2,6 @@ namespace IdentityShroud.Core.Contracts;
public interface IEncryptionService
{
byte[] Encrypt(ReadOnlyMemory<byte> plain);
byte[] Decrypt(ReadOnlyMemory<byte> cipher);
EncryptedValue Encrypt(ReadOnlyMemory<byte> plain);
byte[] Decrypt(EncryptedValue input);
}

6
IdentityShroud.Core/Contracts/ISecretProvider.cs
View file

@ -3,4 +3,10 @@ namespace IdentityShroud.Core.Contracts;
public interface ISecretProvider
{
string GetSecret(string name);
/// <summary>
/// Should return one active key, might return inactive keys.
/// </summary>
/// <returns></returns>
EncryptionKey[] GetKeys(string name);
}