public void RotateEncryptionKey() { var dateTimeNow = DateTime.UtcNow; _keyManager.RevokeAllKeys(dateTimeNow, "manual rotating"); _keyManager.CreateNewKey(dateTimeNow, dateTimeNow .AddDays(30)); }
public IActionResult CreateNewKey() { //Create a new key that will be valid for 30 days _keyManager.CreateNewKey( activationDate: DateTimeOffset.Now, expirationDate: DateTimeOffset.Now.AddSeconds(30)); return(RedirectToAction("Index")); }
public void PersistPassword(string key, string toEncrypt) { var securityKey = _keyManager.GetAllKeys().FirstOrDefault() ?? _keyManager.CreateNewKey(DateTimeOffset.UtcNow, DateTimeOffset.MaxValue); var bytes = Encoding.UTF8.GetBytes(toEncrypt); var result = securityKey.CreateEncryptor().Encrypt(new ArraySegment <byte>(bytes), new ArraySegment <byte>(new byte[] {})); _passwordStorage.Save(key, result); }
private CacheableKeyRing CreateCacheableKeyRingCore(DateTimeOffset now, IKey?keyJustAdded) { // Refresh the list of all keys var cacheExpirationToken = _keyManager.GetCacheExpirationToken(); var allKeys = _keyManager.GetAllKeys(); // Fetch the current default key from the list of all keys var defaultKeyPolicy = _defaultKeyResolver.ResolveDefaultKeyPolicy(now, allKeys); if (!defaultKeyPolicy.ShouldGenerateNewKey) { CryptoUtil.Assert(defaultKeyPolicy.DefaultKey != null, "Expected to see a default key."); return(CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, defaultKeyPolicy.DefaultKey, allKeys)); } _logger.PolicyResolutionStatesThatANewKeyShouldBeAddedToTheKeyRing(); // We shouldn't call CreateKey more than once, else we risk stack diving. This code path shouldn't // get hit unless there was an ineligible key with an activation date slightly later than the one we // just added. If this does happen, then we'll just use whatever key we can instead of creating // new keys endlessly, eventually falling back to the one we just added if all else fails. if (keyJustAdded != null) { var keyToUse = defaultKeyPolicy.DefaultKey ?? defaultKeyPolicy.FallbackKey ?? keyJustAdded; return(CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys)); } // At this point, we know we need to generate a new key. // We have been asked to generate a new key, but auto-generation of keys has been disabled. // We need to use the fallback key or fail. if (!_keyManagementOptions.AutoGenerateKeys) { var keyToUse = defaultKeyPolicy.DefaultKey ?? defaultKeyPolicy.FallbackKey; if (keyToUse == null) { _logger.KeyRingDoesNotContainValidDefaultKey(); throw new InvalidOperationException(Resources.KeyRingProvider_NoDefaultKey_AutoGenerateDisabled); } else { _logger.UsingFallbackKeyWithExpirationAsDefaultKey(keyToUse.KeyId, keyToUse.ExpirationDate); return(CreateCacheableKeyRingCoreStep2(now, cacheExpirationToken, keyToUse, allKeys)); } } if (defaultKeyPolicy.DefaultKey == null) { // The case where there's no default key is the easiest scenario, since it // means that we need to create a new key with immediate activation. var newKey = _keyManager.CreateNewKey(activationDate: now, expirationDate: now + _keyManagementOptions.NewKeyLifetime); return(CreateCacheableKeyRingCore(now, keyJustAdded: newKey)); // recursively call } else { // If there is a default key, then the new key we generate should become active upon // expiration of the default key. The new key lifetime is measured from the creation // date (now), not the activation date. var newKey = _keyManager.CreateNewKey(activationDate: defaultKeyPolicy.DefaultKey.ExpirationDate, expirationDate: now + _keyManagementOptions.NewKeyLifetime); return(CreateCacheableKeyRingCore(now, keyJustAdded: newKey)); // recursively call } }