com.tmobile.oss.security.taap.jwe 1.0.12

dotnet add package com.tmobile.oss.security.taap.jwe --version 1.0.12                
NuGet\Install-Package com.tmobile.oss.security.taap.jwe -Version 1.0.12                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="com.tmobile.oss.security.taap.jwe" Version="1.0.12" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add com.tmobile.oss.security.taap.jwe --version 1.0.12                
#r "nuget: com.tmobile.oss.security.taap.jwe, 1.0.12"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install com.tmobile.oss.security.taap.jwe as a Cake Addin
#addin nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12

// Install com.tmobile.oss.security.taap.jwe as a Cake Tool
#tool nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12                

Field Level Encryption (FLE) – C# version

Source Repository

Setup

  • Add “com.tmobile.oss.security.taap.jwe” component from NuGet.org to your .NET Core 3.1 (or greater) project https://www.nuget.org/packages/com.tmobile.oss.security.taap.jwe/

  • Get an EC or RSA public key from KeyVault JWKS. The OAuth2JwksService and KeyResolver classes do this for you based on your KeyPreference (see sample code below)

  • Encrypt PII data

Example C# Console Code

using com.tmobile.oss.security.taap.jwe;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using Moq;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

...

// On client, encrypt PII data
var oauthClient = "<ClientID>";
var oauthKey = "<ClientKey>";
var oauthUrl = "https://api.somedomain.com/oauth2/v6/tokens";
var keyVaultJwksUrl = "https://api.somedomain.com/customer/v1/jwks/someservice";
var cacheDurationSeconds = 36000; // 1 hour
var httpClient = new HttpClient();
var jwksService = new OAuth2JwksService(oauthClient, oauthKey, oauthUrl, httpClient, keyVaultJwksUrl);
var keyResolver = new KeyResolver(new List<JsonWebKey>(), jwksService, cacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phoneCipher = await encryption.EncryptAsync("555-555-5555");


// On server, decrypt value
var privateJwksJson = File.ReadAllText(@"JwksPrivateKeys.json");
var privateJwks = JsonSerializer.Deserialize<Jwks>(privateJwksJson, new JsonSerializerOptions
{
    PropertyNameCaseInsensitive = true
});
var privateJsonWebKeyList = new List<JsonWebKey>();
privateJsonWebKeyList.AddRange(privateJwks.Keys);
keyResolver  = new KeyResolver(privateJsonWebKeyList, jwksService, encryptionOptions.CacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phone = await encryption.DecryptAsync(phoneCipher );

For ASP.NET MVC application example, please see this code: https://github.com/tmobile/tmobile-api-security-lib/tree/master/encryption-lib/CS-Encryption-Lib/Example_Asp.Net_Mvc_WebApplication

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.1 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.12 13,055 9/9/2021

Update all NuGet packages to latest versions.
Updated component to use .NET Standard 2.1
Add IOAuth2JwksService interface
Remove "poptoken" key word in example (not needed)
Use IJwksService in KeyResolver constructor
Update POPToken Reference
Use ApplicationJsonCharsetUtf8 const when creating pop token
Update POP Token reference
Only get EC keys that support "P-256" or RSA keys that support "RS256"
Correct spelling
Don't use "Crv" to restrict EC keys