Reputation: 780
ASP.NET Core - Storing encryption key to Redis
I'm not very experienced with data protection mechanism, especially in .net core/Redis so I can't understand from the official doc what and how encryption key is taken to be stored in Redis:
var conn = $"{host}:{port}";
var redis = ConnectionMultiplexer.Connect(conn);
services.AddStackExchangeRedisCache(options =>
{
options.Configuration = conn;
});
//here
services.AddDataProtection()
.PersistKeysToRedis(Redis, "DataProtection-Keys"); //where is the VALUE for the KEY? Should it be saved to Redis manually before call this?
So I'm wondering what kind of key I can use(I don't have any, how to create one?), where to store it and how to specify in the configs where to take it from.
When I run the app the record with key "DataProtection-Keys" added to Redis, but I don't know what the value is and if it's working at all.
So another question is - how to verify if the encryption works?
Please help me understand the basics, any examples are very appreciated.
Upvotes: 3
Views: 3128
Answers (1)
Reputation: 27793
The data protection system would help create and manage keys, and you need not to create/save it to Redis manually by yourself.
Besides, the "DataProtection-Keys" here in .PersistKeysToRedis(Redis, "DataProtection-Keys") method is a RedisKey that is the unique name of a piece of data, and the key that encryption requires would be stored as value (RedisValue).
how to verify if the encryption works?
You can refer to the following code snippet to inject the IDataProtectionProvider and use it to create an instance of an IDataProtector, then encrypt and decrypt data.
IDataProtector _protector;
public HomeController(IDataProtectionProvider provider)
{
_protector = provider.CreateProtector(" WebDataProtection.Controllers.HomeController.v1");
}
public IActionResult Index()
{
var input = "hello world";
// protect the payload
string protectedPayload = _protector.Protect(input);
ViewBag.ProtectedPayload = $"Protect returned: {protectedPayload}";
// unprotect the payload
string unprotectedPayload = _protector.Unprotect(protectedPayload);
ViewBag.UnprotectedPayload = $"Unprotect returned: {unprotectedPayload}";
return View();
}
Test Result
Upvotes: 4
Related Questions
- C# Asp.Net Core Use Redis for IDistributedMemoryCache and DataProtection
- ASP.NET Core DPAPI PersistKeyToFileSystem encrypting the key
- Put a key in Redis via C#
- Encrypt the keys and values in external key-value cache store
- Asp.net Core Data Protection decrypt Azure KeyVault keys
- ASP.NET Core DataProtection + Redis + Multiple Keys per Machine
- Encrypting and decrypting values in Azure redis cache
- Key encryption in ASP.NET Core
- Storing sensitive data that is encrypted using Data Protection API with PersistKeysToFileSystem
- .NET Core Distributed Redis Cache with Password