Happy flow for creating realms works

But needs more validating...

IdentityShroud.Core.Tests/Model/RealmTests.cs

@@ -0,0 +1,51 @@
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Model;
+
+namespace IdentityShroud.Core.Tests.Model;
+
+public class RealmTests
+{
+    [Fact]
+    public void SetNewKey()
+    {
+        byte[] privateKey = [5, 6, 7, 8];
+        byte[] encryptedPrivateKey = [1, 2, 3, 4];
+        
+        var encryptionService = Substitute.For<IEncryptionService>();
+        encryptionService
+            .Encrypt(Arg.Any<byte[]>())
+            .Returns(x => encryptedPrivateKey); 
+        
+        Realm realm = new();
+        realm.SetPrivateKey(encryptionService, privateKey);
+
+        // should be able to return original without calling decrypt
+        Assert.Equal(privateKey, realm.GetPrivateKey(encryptionService));
+        Assert.Equal(encryptedPrivateKey, realm.PrivateKeyEncrypted);
+
+        encryptionService.Received(1).Encrypt(privateKey);
+        encryptionService.DidNotReceive().Decrypt(Arg.Any<byte[]>());
+    }
+    
+    [Fact]
+    public void GetDecryptedKey()
+    {
+        byte[] privateKey = [5, 6, 7, 8];
+        byte[] encryptedPrivateKey = [1, 2, 3, 4];
+        
+        var encryptionService = Substitute.For<IEncryptionService>();
+        encryptionService
+            .Decrypt(encryptedPrivateKey)
+            .Returns(x => privateKey); 
+        
+        Realm realm = new();
+        realm.PrivateKeyEncrypted = encryptedPrivateKey;
+
+        // should be able to return original without calling decrypt
+        Assert.Equal(privateKey, realm.GetPrivateKey(encryptionService));
+        Assert.Equal(encryptedPrivateKey, realm.PrivateKeyEncrypted);
+
+        encryptionService.Received(1).Decrypt(encryptedPrivateKey);
+    }
+    
+}