LightweightEncryption 1.0.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package LightweightEncryption --version 1.0.0                

                    
                

            
NuGet\Install-Package LightweightEncryption -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="LightweightEncryption" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add LightweightEncryption --version 1.0.0                

                    
                

            
#r "nuget: LightweightEncryption, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install LightweightEncryption as a Cake Addin
#addin nuget:?package=LightweightEncryption&version=1.0.0

// Install LightweightEncryption as a Cake Tool
#tool nuget:?package=LightweightEncryption&version=1.0.0

LightweightEncryption

Lightweight encryption library provides a fast, simple and strong encryption for your data. It is based on AES-GCM encryption algorithm and provides support for auto-rotation of encryption keys.

A use case for this library is to encrypt <b>P</b>ersonally <b>I</b>dentifiable <b>I</b>nformation (PII) HTTP request/response in a web server to a LogStore or a Database.

This library uses a pseudo master key to derive encryption keys dynamically at run time for each encryption operation, as a result the encryption keys are never stored in memory or persisted.

There is a master key version that keeps track of the master key to allow for auto-rotation of encryption keys.

Prerequisites

Before you begin, ensure you have met the following requirements:

  • You have installed .NET 8 SDK.
  • You are using Visual Studio 2022 or later.
  • You have an Azure subscription and keyvault to store the pseudo master key and master key version.

Using LightweightEncryption

There are two parts to using LightweightEncryption:

  1. Generating pseudo master key and master key version.
  2. Using the pseudo master key and master key version to encrypt and decrypt data.

Generating pseudo master key and master key version

You can use the generate_encryptionkeys_azure.py script located in the Scripts folder. This script will create and store the keys in your Azure Key Vault. This script will generate a 32 byte pseudo master key and the version of the pseudo master key is stored in the master key version name.

Steps:

  1. Set up your Azure subscription and keyvault:

    • Create a resource group in your Azure subscription.
    • Create a key vault in your resource group.
    • Create a service principal with access to the key vault. This service principal could either be your identity or a managed identity.
    • Assign the service principal the necessary permissions to the key vault.
    • In particular Get, List, Set permissions on secrets are required.

  2. Install the required Python packages:

    pip install scripts\requirements.txt

  3. Run the script: Execute the generate_encryptionkeys_azure.py script to generate and store the keys:

    • Provide the necessary parameters to the script:
      • --subscription-id: Azure subscription id, this parameter is required.
      • --resource-group: Azure resource group in which the keyvault resides, this parameter is required.
      • --location: Azure region, this parameter is required.
      • --vault-name: Azure keyvault, this parameter is required.
      • --key-name: Optional parameter to save the pseudo master key, if not specified 'secret--encryption--symmetricKey' will be used.
      • --key-version-name: Optional parameter to track the pseudo master key version, if not specified, 'secret--encryption--symmetricKeyVersion' will be used.
      • --expiration: Optional parameter to set the expiration time for the pseudo master key in ISO 8601 format, 'YYYY-MM-DD', if not specified, the key will expire in 3 months from the date of creation.
      • --tags: Optional parameter to set tags for the pseudo master key, if not specified, the current login user name will be used.
      • --dry-run: Optional parameter to run the script in dry run mode, no changes will be applied.

  4. python generate_encryptionkeys_azure.py --subscription-id <subscription-id> --resource-group <resource-group> --location <location> --vault-name <vault-name> --key-name <key-name> --key-version-name <key-version-name> --expiration <expiration> --tags <tags> --dry-run

  5. Verify the keys:

    • Go to the Azure portal and navigate to the key vault.
    • Verify that the pseudo master key and master key version are created.

  6. Encrypt/Decrypt

  7. Add the LightweightEncryption NuGet package to your project.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.1 93 10/3/2024
1.0.0 115 9/17/2024