diff --git a/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs b/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs index 9e71c3a..0f85ab1 100644 --- a/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs +++ b/DigitalData.Core.Abstractions/Security/IAsymCryptService.cs @@ -4,7 +4,7 @@ { IEnumerable Decryptors { get; } - IRSADecryptor Default { get; } + IRSADecryptor Vault { get; } IRSADecryptor this[string key] { get; } diff --git a/DigitalData.Core.Security/AsymCryptService.cs b/DigitalData.Core.Security/AsymCryptService.cs index e5d24a4..3eafa0a 100644 --- a/DigitalData.Core.Security/AsymCryptService.cs +++ b/DigitalData.Core.Security/AsymCryptService.cs @@ -10,14 +10,12 @@ namespace DigitalData.Core.Security public class AsymCryptService : RSAFactory, IAsymCryptService, IRSAFactory, IEnumerable where TAsymCryptParams : AsymCryptParams { - public IEnumerable Decryptors => _params.Decryptors; - - public IRSADecryptor Default => Decryptors.FirstOrDefault() - ?? throw new InvalidOperationException( - "No default decryptor is available. Ensure that at least one decryptor is configured in the provided parameters. " + - "This issue typically arises if the configuration for decryptors is incomplete or missing. " + - "Check the 'Decryptors' collection in the configuration and verify that it contains valid entries." - ); + public IEnumerable Decryptors { get; } + + /// + /// It is a separate decryptor for permanently stored encrypted data. It is assigned to the first Default decryptor by default. + /// + public IRSADecryptor Vault { get; } public IRSADecryptor this[string key] { @@ -36,6 +34,17 @@ namespace DigitalData.Core.Security public AsymCryptService(IOptions options, ILogger>? logger = null) : base(options) { logger?.LogInformation("Core.Secrets version: {Version}, Created on: {CreationDate}.", Secrets.Version, Secrets.CreationDate.ToString("dd.MM.yyyy")); + + if (!_params.Decryptors.Any()) + throw new InvalidOperationException( + "Any decryptor is not found. Ensure that at least one decryptor is configured in the provided parameters. " + + "This issue typically arises if the configuration for decryptors is incomplete or missing. " + + "Check the 'Decryptors' collection in the configuration and verify that it contains valid entries." + ); + + Decryptors = _params.Decryptors; + + Vault = _params.Vault ?? Decryptors.First(); } public IEnumerator GetEnumerator() => Decryptors.GetEnumerator(); diff --git a/DigitalData.Core.Security/Config/AsymCryptParams.cs b/DigitalData.Core.Security/Config/AsymCryptParams.cs index c8befa1..fc4ce19 100644 --- a/DigitalData.Core.Security/Config/AsymCryptParams.cs +++ b/DigitalData.Core.Security/Config/AsymCryptParams.cs @@ -36,6 +36,8 @@ namespace DigitalData.Core.Security.Config public IEnumerable Decryptors { get; init; } = new List(); + public RSADecryptor? Vault { get; init; } + public override void OnDeserialized() { base.OnDeserialized(); diff --git a/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs b/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs index ac438f5..a32d484 100644 --- a/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs +++ b/DigitalData.Core.Security/Cryptographer/RSACryptographer.cs @@ -3,6 +3,7 @@ using System.Security.Cryptography; namespace DigitalData.Core.Security.Cryptographer { + //TODO: Abstract RSA for future updates (using ECC, El Gamal or Lattice-based Cryptography) public class RSACryptographer : IRSACryptographer { public virtual string Pem { get; init; }