Support rotation of master key.
The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet)
This commit is contained in:
eelke
parent
4201d0240d
commit
644b005f2a
19 changed files with 259 additions and 72 deletions
|
|
@ -1,5 +1,6 @@
|
|||
using System.ComponentModel.DataAnnotations;
|
||||
using System.ComponentModel.DataAnnotations.Schema;
|
||||
using IdentityShroud.Core.Contracts;
|
||||
|
||||
namespace IdentityShroud.Core.Model;
|
||||
|
||||
|
|
@ -11,5 +12,5 @@ public class ClientSecret
|
|||
public Guid ClientId { get; set; }
|
||||
public DateTime CreatedAt { get; set; }
|
||||
public DateTime? RevokedAt { get; set; }
|
||||
public required byte[] SecretEncrypted { get; set; }
|
||||
public required EncryptedValue Secret { get; set; }
|
||||
}
|
||||
|
|
@ -1,15 +1,19 @@
|
|||
using System.ComponentModel.DataAnnotations.Schema;
|
||||
using IdentityShroud.Core.Contracts;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace IdentityShroud.Core.Model;
|
||||
|
||||
|
||||
[Table("realm_key")]
|
||||
public record RealmKey(Guid Id, string KeyType, byte[] KeyDataEncrypted, DateTime CreatedAt)
|
||||
public record RealmKey
|
||||
{
|
||||
public Guid Id { get; private set; } = Id;
|
||||
public string KeyType { get; private set; } = KeyType;
|
||||
public byte[] KeyDataEncrypted { get; private set; } = KeyDataEncrypted;
|
||||
public DateTime CreatedAt { get; private set; } = CreatedAt;
|
||||
public required Guid Id { get; init; }
|
||||
public required string KeyType { get; init; }
|
||||
|
||||
|
||||
public required EncryptedValue Key { get; init; }
|
||||
public required DateTime CreatedAt { get; init; }
|
||||
public DateTime? RevokedAt { get; set; }
|
||||
|
||||
/// <summary>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue