Key Rotation Downloads

• Support for rotating encryption keys
• EncryptionKeyLifetime added to specify the time a key is used for encryption
• EncryptionKeyRetirementTime added to specify the time a key is still valid for decryption.
• KeyRotationBuilder.DisableSigningKeyManagement added to disable signing key management
• KeyRotationBuilder.DisableEncryptionKeyManagement added to disable encryption key management
• KeyRotationBuilder.UseRsaForEncryption added for configuring encryption key management with RSA
• KeyRotationBuilder.UseAesForEncryption added for configuring encryption key management with AES

Breaking Changes:

Schema Changes:

We used this opportunity to correct some schema errors we made in V1 regarding table names and column names.

• SigingKeySets renamed to RskSecurityKeySets
• SigingKeys renamed to RskSecurityKeys
• SigingKeys.KetSetId renamed to RskSecurityKeys.KetSetId

If you have been using Key Rotation v1.0.0, you will need to generate and modify a migration to convert the schema to one compatible with v2.0.0. You must set the new migration to behave in a specific way, as simply generating one based on the DbContext from v2.0.0 will result in data loss. We have created an example migration that renames the tables instead of dropping and recreating them. It also modifies existing data that needs to be migrated. If you are not using migrations, SQL scripts are attched to this release that will migrate your schema.

Settings:

• KeyPublishTime renamed to SigningKeyPublishTime
• KeyLifetime renamed to SigningKeyLifetime
• KeyRetirementTime renamed to SigningKeyRetirementTime

Builder Methods:

• OpenIddictKeyRotationBuilder.AllowRsaKeys moved and renamed to KeyRotationBuilder.UseRsaForSigning
• OpenIddictKeyRotationBuilder.AllowEcdsaKeys moved and renamed to KeyRotationBuilder.UseEcdsaForSigning

• Fixed the issue causing migration generation using the 'dotnet ef' tool to fail

Initial Key Rotation for OpenIddict release