Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek.

IdentityShroud.Core/Security/Encryption.cs

@@ -0,0 +1,70 @@
+using System.Security.Cryptography;
+
+namespace IdentityShroud.Core.Security;
+
+public static class Encryption
+{
+    private record struct AlgVersion(int Version, int NonceSize, int TagSize);
+
+    private static AlgVersion[] _versions = 
+    [
+        new(0, 0, 0), // version 0 does not realy exist
+        new(1, 12, 16), // version 1
+    ];
+    
+    public static byte[] Encrypt(ReadOnlyMemory<byte> plaintext, ReadOnlySpan<byte> key)
+    {
+        const int versionNumber = 1; 
+        AlgVersion versionParams = _versions[versionNumber];
+
+        int resultSize = 1 + versionParams.NonceSize + versionParams.TagSize + plaintext.Length;
+        // allocate buffer for complete response 
+        var result = new byte[resultSize];
+        
+        result[0] = (byte)versionParams.Version;
+
+        // make the spans that point to the parts of the result where their data is located
+        var nonce = result.AsSpan(1, versionParams.NonceSize); 
+        var tag = result.AsSpan(1 + versionParams.NonceSize, versionParams.TagSize);
+        var cipher = result.AsSpan(1 + versionParams.NonceSize + versionParams.TagSize);
+
+        // use the spans to place the data directly in its place
+        RandomNumberGenerator.Fill(nonce);
+        using var aes = new AesGcm(key, versionParams.TagSize);
+        aes.Encrypt(nonce, plaintext.Span, cipher, tag);
+        return result;
+    }
+    
+    public static byte[] Decrypt(ReadOnlyMemory<byte> input, ReadOnlySpan<byte> key)
+    {
+        var payload = input.Span;
+        int versionNumber = (int)payload[0];
+        if (versionNumber != 1)
+            throw new ArgumentException("Invalid payload");
+        
+        AlgVersion versionParams = _versions[versionNumber];
+        
+        
+        if (payload.Length < 1 + versionParams.NonceSize + versionParams.TagSize)
+            throw new ArgumentException("Payload is too short to contain nonce, ciphertext, and tag.", nameof(payload));
+
+        ReadOnlySpan<byte> nonce = payload.Slice(1, versionParams.NonceSize);
+        ReadOnlySpan<byte> tag = payload.Slice(1 + versionParams.NonceSize, versionParams.TagSize);
+        ReadOnlySpan<byte> cipher = payload.Slice(1 + versionParams.NonceSize + versionParams.TagSize);
+
+        byte[] plaintext = new byte[cipher.Length];
+
+        using var aes = new AesGcm(key, versionParams.TagSize);
+        try
+        {
+            aes.Decrypt(nonce, cipher, tag, plaintext);
+        }
+        catch (CryptographicException ex)
+        {
+            // Tag verification failed → tampering or wrong key/nonce.
+            throw new InvalidOperationException("Decryption failed – authentication tag mismatch.", ex);
+        }
+
+        return plaintext;
+    }
+}