com.tmobile.oss.security.taap.jwe 1.0.12

Install-Package com.tmobile.oss.security.taap.jwe -Version 1.0.12
dotnet add package com.tmobile.oss.security.taap.jwe --version 1.0.12
<PackageReference Include="com.tmobile.oss.security.taap.jwe" Version="1.0.12" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add com.tmobile.oss.security.taap.jwe --version 1.0.12
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: com.tmobile.oss.security.taap.jwe, 1.0.12"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install com.tmobile.oss.security.taap.jwe as a Cake Addin
#addin nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12

// Install com.tmobile.oss.security.taap.jwe as a Cake Tool
#tool nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Field Level Encryption (FLE) – C# version

Source Repository

Setup

  • Add “com.tmobile.oss.security.taap.jwe” component from NuGet.org to your .NET Core 3.1 (or greater) project https://www.nuget.org/packages/com.tmobile.oss.security.taap.jwe/

  • Get an EC or RSA public key from KeyVault JWKS. The OAuth2JwksService and KeyResolver classes do this for you based on your KeyPreference (see sample code below)

  • Encrypt PII data

Example C# Console Code

using com.tmobile.oss.security.taap.jwe;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using Moq;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

...

// On client, encrypt PII data
var oauthClient = "<ClientID>";
var oauthKey = "<ClientKey>";
var oauthUrl = "https://api.somedomain.com/oauth2/v6/tokens";
var keyVaultJwksUrl = "https://api.somedomain.com/customer/v1/jwks/someservice";
var cacheDurationSeconds = 36000; // 1 hour
var httpClient = new HttpClient();
var jwksService = new OAuth2JwksService(oauthClient, oauthKey, oauthUrl, httpClient, keyVaultJwksUrl);
var keyResolver = new KeyResolver(new List<JsonWebKey>(), jwksService, cacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phoneCipher = await encryption.EncryptAsync("555-555-5555");


// On server, decrypt value
var privateJwksJson = File.ReadAllText(@"JwksPrivateKeys.json");
var privateJwks = JsonSerializer.Deserialize<Jwks>(privateJwksJson, new JsonSerializerOptions
{
    PropertyNameCaseInsensitive = true
});
var privateJsonWebKeyList = new List<JsonWebKey>();
privateJsonWebKeyList.AddRange(privateJwks.Keys);
keyResolver  = new KeyResolver(privateJsonWebKeyList, jwksService, encryptionOptions.CacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phone = await encryption.DecryptAsync(phoneCipher );

For ASP.NET MVC application example, please see this code: https://github.com/tmobile/tmobile-api-security-lib/tree/master/encryption-lib/CS-Encryption-Lib/Example_Asp.Net_Mvc_WebApplication

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.12 1,441 9/9/2021

Update all NuGet packages to latest versions.
Updated component to use .NET Standard 2.1
Add IOAuth2JwksService interface
Remove "poptoken" key word in example (not needed)
Use IJwksService in KeyResolver constructor
Update POPToken Reference
Use ApplicationJsonCharsetUtf8 const when creating pop token
Update POP Token reference
Only get EC keys that support "P-256" or RSA keys that support "RS256"
Correct spelling
Don't use "Crv" to restrict EC keys