eelke
ccc00d8e80
Pass Span instead of Memory
2026-02-26 20:41:59 +01:00
eelke
650fe99990
Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek.
2026-02-26 19:46:14 +01:00
eelke
644b005f2a
Support rotation of master key.
...
The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data.
(There are no intermeddiate keys yet)
2026-02-24 06:32:58 +01:00
eelke
4201d0240d
Improve the binary storage format of encrypted secrets. Move the related code from AesGcmHelper into the EncryptionService.
2026-02-22 19:11:17 +01:00
eelke
e0f6f3f8a9
Cleanup
2026-02-22 09:28:05 +01:00
eelke
0c6f227049
Reworked code around signing keys have key details much more isolated from the other parts of the program.
2026-02-21 20:15:46 +01:00
eelke
3e5ce9d81d
EncryptionService should be using ISecretProvider
...
Remove Async from method that was not Async
2026-02-15 19:18:02 +01:00
eelke
ccb06b260c
Implement jwks endpoint and add test for it.
...
This also let to some improvements/cleanups of the other tests and fixtures.
2026-02-15 19:06:09 +01:00
eelke
e07d6e3ea5
Add test for JwtSignatureGenerator
2026-02-14 14:38:30 +01:00
eelke
92b34bd0b5
Happy flow for creating realms works
...
But needs more validating...
2026-02-08 11:57:57 +01:00
eelke
f99c97f392
Miscelanious trials
2026-02-06 19:58:01 +01:00
