public async Task <IKeyInfo> GenerateAsync(GenerateKeyRequest request) { Ensure.NotNull(request, nameof(request)); var aes = Aes.Create(); aes.KeySize = 256; aes.GenerateKey(); var masterKey = await protectorProvider.GetAsync(masterKeyId.ToString(), request.Aad); var ciphertext = await masterKey.EncryptAsync(aes.Key); Uid id = Guid.NewGuid(); var key = new KeyInfo( id: id, ownerId: request.OwnerId, name: request.Name ?? id.ToString(), kekId: masterKeyId, format: KeyDataFormat.AwsKmsEncryptedData, data: ciphertext, activated: DateTime.UtcNow.AddMinutes(-5), type: request.Type, aad: ToJson(request.Aad) ); await keyStore.CreateAsync(key); return(key); }