eelke/IdentityShroud
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek.

Browse source
This commit is contained in:
eelke 2026-02-26 16:53:02 +01:00
parent 644b005f2a
commit 650fe99990
36 changed files with 399 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

4
IdentityShroud.Core/Contracts/IEncryptionService.cs → IdentityShroud.Core/Contracts/IDataEncryptionService.cs
View file

@ -1,6 +1,8 @@
using IdentityShroud.Core.Security;
namespace IdentityShroud.Core.Contracts;
public interface IEncryptionService
public interface IDataEncryptionService
{
EncryptedValue Encrypt(ReadOnlyMemory<byte> plain);
byte[] Decrypt(EncryptedValue input);

11
IdentityShroud.Core/Contracts/IDekEncryptionService.cs Normal file
View file

@ -0,0 +1,11 @@
using IdentityShroud.Core.Security;
namespace IdentityShroud.Core.Contracts;
public interface IDekEncryptionService
{
EncryptedDek Encrypt(ReadOnlyMemory<byte> plain);
byte[] Decrypt(EncryptedDek input);
}

9
IdentityShroud.Core/Contracts/IRealmContext.cs Normal file
View file

@ -0,0 +1,9 @@
using IdentityShroud.Core.Model;
namespace IdentityShroud.Core.Contracts;
public interface IRealmContext
{
public Realm GetRealm();
Task<IList<RealmDek>> GetDeks(CancellationToken ct = default);
}

1
IdentityShroud.Core/Contracts/IRealmService.cs
View file

@ -11,4 +11,5 @@ public interface IRealmService
Task<Result<RealmCreateResponse>> Create(RealmCreateRequest request, CancellationToken ct = default);
Task LoadActiveKeys(Realm realm);
Task LoadDeks(Realm realm);
}

4
IdentityShroud.Core/Contracts/ISecretProvider.cs
View file

@ -1,3 +1,5 @@
using IdentityShroud.Core.Security;
namespace IdentityShroud.Core.Contracts;
public interface ISecretProvider
@ -8,5 +10,5 @@ public interface ISecretProvider
/// Should return one active key, might return inactive keys.
/// </summary>
/// <returns></returns>
EncryptionKey[] GetKeys(string name);
KeyEncryptionKey[] GetKeys(string name);
}