Happy flow for creating realms works

But needs more validating...

IdentityShroud.Core/Services/MasterEncryptionService.cs

@@ -0,0 +1,23 @@
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Security;
+
+namespace IdentityShroud.Core.Services;
+
+/// <summary>
+/// 
+/// </summary>
+/// <param name="encryptionKey">Encryption key as base64, must be 32 bytes</param>
+public class EncryptionService(string keyBase64) : IEncryptionService
+{
+    private readonly byte[] encryptionKey = Convert.FromBase64String(keyBase64);
+
+    public byte[] Encrypt(byte[] plain)
+    {
+        return AesGcmHelper.EncryptAesGcm(plain, encryptionKey);
+    }
+
+    public byte[] Decrypt(byte[] cipher)
+    {
+        return AesGcmHelper.DecryptAesGcm(cipher, encryptionKey);
+    }
+}

IdentityShroud.Core/Services/RealmService.cs

@@ -0,0 +1,31 @@
+using System.Security.Cryptography;
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Messages.Realm;
+using IdentityShroud.Core.Model;
+
+namespace IdentityShroud.Core.Services;
+
+public record RealmCreateResponse(Realm Realm);
+
+public class RealmService(
+    Db db,
+    IEncryptionService encryptionService)
+{
+    public async Task<Result<RealmCreateResponse>> Create(RealmCreateRequest request, CancellationToken ct = default)
+    {
+        Realm realm = new()
+        {
+            Id = request.Id ?? Guid.CreateVersion7(),
+            Slug = request.Slug,
+            Name = request.Description,
+        };
+        
+        using RSA rsa = RSA.Create(2048);
+        realm.SetPrivateKey(encryptionService, rsa.ExportPkcs8PrivateKey());
+
+        db.Add(realm);
+        await db.SaveChangesAsync(ct);
+        
+        return new RealmCreateResponse(realm);
+    }
+}