com.tmobile.oss.security.taap.jwe
1.0.12
dotnet add package com.tmobile.oss.security.taap.jwe --version 1.0.12
NuGet\Install-Package com.tmobile.oss.security.taap.jwe -Version 1.0.12
<PackageReference Include="com.tmobile.oss.security.taap.jwe" Version="1.0.12" />
paket add com.tmobile.oss.security.taap.jwe --version 1.0.12
#r "nuget: com.tmobile.oss.security.taap.jwe, 1.0.12"
// Install com.tmobile.oss.security.taap.jwe as a Cake Addin #addin nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12 // Install com.tmobile.oss.security.taap.jwe as a Cake Tool #tool nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12
Field Level Encryption (FLE) – C# version
Source Repository
Setup
Add “com.tmobile.oss.security.taap.jwe” component from NuGet.org to your .NET Core 3.1 (or greater) project https://www.nuget.org/packages/com.tmobile.oss.security.taap.jwe/
Get an EC or RSA public key from KeyVault JWKS. The OAuth2JwksService and KeyResolver classes do this for you based on your KeyPreference (see sample code below)
Encrypt PII data
Example C# Console Code
using com.tmobile.oss.security.taap.jwe;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using Moq;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;
...
// On client, encrypt PII data
var oauthClient = "<ClientID>";
var oauthKey = "<ClientKey>";
var oauthUrl = "https://api.somedomain.com/oauth2/v6/tokens";
var keyVaultJwksUrl = "https://api.somedomain.com/customer/v1/jwks/someservice";
var cacheDurationSeconds = 36000; // 1 hour
var httpClient = new HttpClient();
var jwksService = new OAuth2JwksService(oauthClient, oauthKey, oauthUrl, httpClient, keyVaultJwksUrl);
var keyResolver = new KeyResolver(new List<JsonWebKey>(), jwksService, cacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phoneCipher = await encryption.EncryptAsync("555-555-5555");
// On server, decrypt value
var privateJwksJson = File.ReadAllText(@"JwksPrivateKeys.json");
var privateJwks = JsonSerializer.Deserialize<Jwks>(privateJwksJson, new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true
});
var privateJsonWebKeyList = new List<JsonWebKey>();
privateJsonWebKeyList.AddRange(privateJwks.Keys);
keyResolver = new KeyResolver(privateJsonWebKeyList, jwksService, encryptionOptions.CacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phone = await encryption.DecryptAsync(phoneCipher );
For ASP.NET MVC application example, please see this code: https://github.com/tmobile/tmobile-api-security-lib/tree/master/encryption-lib/CS-Encryption-Lib/Example_Asp.Net_Mvc_WebApplication
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.1 is compatible. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.1
- com.tmobile.oss.security.taap.poptoken.builder (>= 1.0.10)
- jose-jwt (>= 3.2.0)
- Microsoft.Extensions.Logging.Abstractions (>= 5.0.0)
- Microsoft.IdentityModel.Tokens (>= 6.12.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.12 | 13,055 | 9/9/2021 |
Update all NuGet packages to latest versions.
Updated component to use .NET Standard 2.1
Add IOAuth2JwksService interface
Remove "poptoken" key word in example (not needed)
Use IJwksService in KeyResolver constructor
Update POPToken Reference
Use ApplicationJsonCharsetUtf8 const when creating pop token
Update POP Token reference
Only get EC keys that support "P-256" or RSA keys that support "RS256"
Correct spelling
Don't use "Crv" to restrict EC keys