Welcome to the Cryptographical Key Lifecycle Management API repository. This API, built with .NET Core 8.0, is designed to manage the lifecycle of cryptographic keys using RSA and AES algorithms. The API supports key creation, activation, deactivation, destruction, revocation, archiving, and recovery.
- Algorithms Supported:
- AES: 128, 192, 256 bits
- RSA: 1024, 2048, 3072, 4096 bits
- Key Lifecycle Actions:
- Create Key: Generates a new cryptographic key.
- Encrypt: Encrypts data using the specified cryptographic key.
- Decrypt: Decrypts data using the specified cryptographic key.
- Activate Key: Activates a cryptographic key for use.
- Deactivate Key: Deactivates a cryptographic key, making it unavailable.
- Destroy Key: Marks a cryptographic key for destruction.
- Revoke Key: Revokes a cryptographic key, typically used in case of compromise.
- Archive Key: Archives a cryptographic key, taking it out of operational use.
- Recover Key: Recovers an archived cryptographic key.
- Get Key Info: Retrieves information about a cryptographic key.
- Factory Design Pattern: Utilized for creating cryptographic key objects based on the specified algorithm and key size.
- Dependency Injection: Ensures loose coupling and easier testing of components.
- Singleton Pattern: Implements an online ephemeral store for cryptographic keys to ensure only one instance of the store exists during runtime.
This API includes integrated Swagger documentation to provide an interactive interface for exploring and testing the API endpoints. You can access the Swagger UI at /swagger.
-
Clone the Repository:
git clone https://github.com/hamza-eljaouhari/klms-net-core.git cd cryptographical-key-lifecycle-management -
Build the Project:
dotnet build
-
Run the Project:
dotnet run
-
Access the API: Open your browser and navigate to
http://localhost:YOUR_OWN_PORT/swaggerto access the Swagger UI.
Here is a brief overview of how to use the key lifecycle management functions:
[HttpPost("create")]
public IActionResult CreateKey([FromBody] CreateKeyRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
var keyId = provider.CreateKey(request.Algorithm, request.KeySize);
return Ok(keyId);
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("encrypt")]
public IActionResult Encrypt([FromBody] EncryptRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
var encryptedData = provider.Encrypt(request.Data, request.KeyId);
return Ok(encryptedData);
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("decrypt")]
public IActionResult Decrypt([FromBody] DecryptRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
var decryptedData = provider.Decrypt(request.Data, request.KeyId);
return Ok(decryptedData);
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("activate")]
public IActionResult ActivateKey([FromBody] KeyActionRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
provider.ActivateKey(request.KeyId);
return Ok($"Key {request.KeyId} activated.");
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("deactivate")]
public IActionResult DeactivateKey([FromBody] KeyActionRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
provider.DeactivateKey(request.KeyId);
return Ok($"Key {request.KeyId} deactivated.");
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("destroy")]
public IActionResult DestroyKey([FromBody] KeyActionRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
provider.DestroyKey(request.KeyId);
return Ok($"Key {request.KeyId} destroyed.");
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("revoke")]
public IActionResult RevokeKey([FromBody] KeyActionRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
provider.RevokeKey(request.KeyId);
return Ok($"Key {request.KeyId} revoked.");
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("archive")]
public IActionResult ArchiveKey([FromBody] KeyActionRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
provider.ArchiveKey(request.KeyId);
return Ok($"Key {request.KeyId} archived.");
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpPost("recover")]
public IActionResult RecoverKey([FromBody] KeyActionRequest request)
{
try
{
var provider = _factory.GetCryptographyProvider(request.Algorithm);
provider.RecoverKey(request.KeyId);
return Ok($"Key {request.KeyId} recovered.");
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}[HttpGet("info")]
public IActionResult GetKeyInfo(string algorithm, string keyId)
{
try
{
var provider = _factory.GetCryptographyProvider(algorithm);
var keyInfo = provider.GetKeyInfo(keyId);
return Ok(keyInfo);
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
}Please find a minimal React client on this URL [https://github.com/hamza-eljaouhari/kms-react-gui]
We welcome contributions to enhance the functionality and capabilities of this API. Please fork the repository and submit pull requests with your improvements.
This project is licensed under the MIT License. See the LICENSE file for details.
For any questions or support, please open an issue on the repository or contact the maintainer at [[email protected]].
Thank you for using the Cryptographical Key Lifecycle Management API. We hope it meets your security and cryptographic needs.