eelke/IdentityShroud
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek.

Browse source
This commit is contained in:
eelke 2026-02-26 16:53:02 +01:00
parent 644b005f2a
commit 650fe99990
36 changed files with 399 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

4
IdentityShroud.Api.Tests/Apis/RealmApisTests.cs
View file

@ -125,7 +125,7 @@ public class RealmApisTests : IClassFixture<ApplicationFactory>
public async Task GetJwks()
{
// setup
IEncryptionService encryptionService = _factory.Services.GetRequiredService<IEncryptionService>();
IDekEncryptionService dekEncryptionService = _factory.Services.GetRequiredService<IDekEncryptionService>();
using var rsa = RSA.Create(2048);
RSAParameters parameters = rsa.ExportParameters(includePrivateParameters: false);
@ -134,7 +134,7 @@ public class RealmApisTests : IClassFixture<ApplicationFactory>
{
Id = Guid.NewGuid(),
KeyType = "RSA",
Key = encryptionService.Encrypt(rsa.ExportPkcs8PrivateKey()),
Key = dekEncryptionService.Encrypt(rsa.ExportPkcs8PrivateKey()),
CreatedAt = DateTime.UtcNow,
};