eelke
07393f57fc
Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: #6
30 lines
No EOL
887 B
C#
30 lines
No EOL
887 B
C#
using IdentityShroud.Core.Security;
|
|
using IdentityShroud.Core.Services;
|
|
|
|
namespace IdentityShroud.Core.Tests.Services;
|
|
|
|
public class EncryptionTests
|
|
{
|
|
[Fact]
|
|
public void DecodeV1_Success()
|
|
{
|
|
// When introducing a new version we need version specific tests to
|
|
// make sure decoding of legacy data still works.
|
|
|
|
// setup
|
|
byte[] cipher =
|
|
[
|
|
1, 198, 55, 58, 56, 110, 238, 59, 158, 214, 85, 241, 26, 44, 140, 229, 128, 111, 167, 154, 160, 177, 152,
|
|
193, 74, 4, 235, 82, 207, 87, 32, 10, 239, 4, 246, 25, 21, 249, 25, 59, 160, 101
|
|
];
|
|
byte[] keyValue = Convert.FromBase64String("IGd9yUMusjNW0ezv8ink3QWlAHKFH45d21LyrbJTokw=");
|
|
|
|
// act
|
|
byte[] result = Encryption.Decrypt(cipher, keyValue);
|
|
|
|
// verify
|
|
Assert.Equal("Hello, World!"u8, result);
|
|
}
|
|
|
|
|
|
} |