OGA.KeyMgmt 1.5.2

dotnet add package OGA.KeyMgmt --version 1.5.2                
NuGet\Install-Package OGA.KeyMgmt -Version 1.5.2                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="OGA.KeyMgmt" Version="1.5.2" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add OGA.KeyMgmt --version 1.5.2                
#r "nuget: OGA.KeyMgmt, 1.5.2"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install OGA.KeyMgmt as a Cake Addin
#addin nuget:?package=OGA.KeyMgmt&version=1.5.2

// Install OGA.KeyMgmt as a Cake Tool
#tool nuget:?package=OGA.KeyMgmt&version=1.5.2                

OGA.KeyMgmt

Simple Key Manager with persistence to Json or file

Description

This library contains an in-memory (and persistable) keystore for processes that need to use or share encryption keys. It can be used as a process-wide, in-memory keystore, that holds keys, retrieved from a central secret authority. Or, it can manage keys that are stored in JSON or a file (saved in JSON format).

Features

The following is a list of key object and keystore features:

  • A keystore instance supports the generation, verification, usage, and persistence of encryption keys of:
    • RSA
    • AES
    • ECDSA
  • It currently leverages base .NET encryption libraries. But, can be extended to manage keys made/used by LibSodium, BouncyCastle, or others.
  • Supports CRUD functionality of key objects.
  • Key objects can be retrieved from the store by name or by key properties, such as type, age, status, etc...
  • Key queries are implemented using a predicate filter (See comments at top of PredicateBuilder).
  • Both key object and keystore classes are versioned, so they can be correctly loaded by (and migrated to) newer versions.
  • A keystore updates a version counter each time its contents are changed, for easier reconciliation.
  • Persisted keystores are signed (via ECDSA) to ensure integrity and tampering. The signature is verified on load.
  • At-rest encryption is used for securely storing private keys.

Installation

OGA.KeyMgmt is available via NuGet:

  • NuGet Official Releases: NuGet

Dependencies

This library depends on:

Usage

Here are usage examples...

Create In-Memory Keystore with some keys

            // Create three keys...
            KeyStore_v2_Base.Create_New_AES_Key(Guid.NewGuid().ToString(), 256, out var k1);
            KeyStore_v2_Base.Create_New_ECDSA_KeyPair(Guid.NewGuid().ToString(), out var k2);
            KeyStore_v2_Base.Create_New_RSA_KeyPair(Guid.NewGuid().ToString(), 512, out var k3);

            // Add all three keys to a new in-memory keystore instance...
            var ks = new KeyStore_v2_Base();
            var res1 = ks.AddKey_toStore(k1);
            var res2 = ks.AddKey_toStore(k2);
            var res3 = ks.AddKey_toStore(k3);

Get Oldest Active Symmetric Key in Keystore

            // Create a keystore with a couple of symmetric keys...
            KeyStore_v2_Base.Create_New_AES_Key(Guid.NewGuid().ToString(), 256, out var k1);
            KeyStore_v2_Base.Create_New_AES_Key(Guid.NewGuid().ToString(), 256, out var k2);

            var ks = new KeyStore_v2_Base();
            var res1 = ks.AddKey_toStore(k1);
            var res2 = ks.AddKey_toStore(k2);

            // Retrieve the oldest AES key in the keystore...
            // To query the store, we need to build a predicate filter... for AES keys.
            var filter = OGA.DomainBase.QueryHelpers.PredicateBuilder.True<KeyObject_v2>(); // Filter for symmetric keys.
            filter = filter.And<KeyObject_v2>(t => t.Is_SymmetricKey()); // Filter for enabled keys.
            filter = filter.And<KeyObject_v2>(t => t.Status == eKeyStatus.Enabled); // Filter for private keys.
            // Pass the query filter to the keystore...
            var res = ks.GetOldestKey_fromStore_byFilter(filter, out var k4);
            if (res != 1)
            {
                // Failed to locate an AES key in keystore.
                return;
            }
            
            // Do something with the retrieved key...
            var keystring = k4.PrivateKey;

Save a Keystore to a File

            // Create a couple of keys...
            KeyStore_v2_Base.Create_New_AES_Key(Guid.NewGuid().ToString(), 256, out var k1);
            KeyStore_v2_Base.Create_New_AES_Key(Guid.NewGuid().ToString(), 256, out var k2);

            // Create a file-based keystore instance...
            // Pass in the filepath and storage password at construction...
            var ks = new KeyStore_v2_File(store_filepath, storagepassword);
            // Add the created keys...
            var res1 = ks.AddKey_toStore(k1);
            var res2 = ks.AddKey_toStore(k2);

            // Save the store to disk...
            var saveres = ks.Save();
            if (res != 1)
            {
                // Failed to save keystore.
                return;
            }

Building OGA.KeyMgmt

This library is built with the new SDK-style projects. It contains multiple projects, one for each of the following frameworks:

  • NET 5
  • NET 6
  • NET 7

And, the output nuget package includes runtimes targets for:

  • linux-any
  • win-any

Framework and Runtime Support

Currently, the nuget package of this library supports the framework versions and runtimes of applications that I maintain (see above). If someone needs others (older or newer), let me know, and I'll add them to the build script.

Visual Studio

It is currently built using Visual Studio 2019 17.1.

License

Please see the License.

Product Compatible and additional computed target framework versions.
.NET net5.0 is compatible.  net5.0-windows was computed.  net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.5.2 123 4/29/2024
1.5.1 211 3/29/2024
1.5.0 168 3/28/2024
1.4.5 159 3/18/2024
1.4.4 191 3/18/2024
1.4.3 169 3/18/2024
1.4.2 204 3/17/2024
1.4.1 205 3/17/2024
1.4.0 151 3/13/2024
1.3.8 255 4/9/2023
1.3.7 197 4/9/2023
1.3.6 206 3/27/2023
1.3.5 268 2/25/2023
1.3.4 291 2/20/2023
1.3.3 262 2/20/2023
1.3.2 229 2/19/2023

(Please write the package release notes in "OGA.KeyMgmt-RELEASE-NOTES.txt".)