com.tmobile.oss.security.taap.jwe 1.0.12

.NET Standard 2.1

dotnet add package com.tmobile.oss.security.taap.jwe --version 1.0.12

NuGet\Install-Package com.tmobile.oss.security.taap.jwe -Version 1.0.12

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="com.tmobile.oss.security.taap.jwe" Version="1.0.12" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add com.tmobile.oss.security.taap.jwe --version 1.0.12

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: com.tmobile.oss.security.taap.jwe, 1.0.12"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install com.tmobile.oss.security.taap.jwe as a Cake Addin
#addin nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12

// Install com.tmobile.oss.security.taap.jwe as a Cake Tool
#tool nuget:?package=com.tmobile.oss.security.taap.jwe&version=1.0.12

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Field Level Encryption (FLE) – C# version

Source Repository

https://github.com/tmobile/tmobile-api-security-lib

Setup

Add “com.tmobile.oss.security.taap.jwe” component from NuGet.org to your .NET Core 3.1 (or greater) project https://www.nuget.org/packages/com.tmobile.oss.security.taap.jwe/
Get an EC or RSA public key from KeyVault JWKS. The OAuth2JwksService and KeyResolver classes do this for you based on your KeyPreference (see sample code below)
Encrypt PII data

Example C# Console Code

using com.tmobile.oss.security.taap.jwe;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using Moq;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

...

// On client, encrypt PII data
var oauthClient = "<ClientID>";
var oauthKey = "<ClientKey>";
var oauthUrl = "https://api.somedomain.com/oauth2/v6/tokens";
var keyVaultJwksUrl = "https://api.somedomain.com/customer/v1/jwks/someservice";
var cacheDurationSeconds = 36000; // 1 hour
var httpClient = new HttpClient();
var jwksService = new OAuth2JwksService(oauthClient, oauthKey, oauthUrl, httpClient, keyVaultJwksUrl);
var keyResolver = new KeyResolver(new List<JsonWebKey>(), jwksService, cacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phoneCipher = await encryption.EncryptAsync("555-555-5555");


// On server, decrypt value
var privateJwksJson = File.ReadAllText(@"JwksPrivateKeys.json");
var privateJwks = JsonSerializer.Deserialize<Jwks>(privateJwksJson, new JsonSerializerOptions
{
    PropertyNameCaseInsensitive = true
});
var privateJsonWebKeyList = new List<JsonWebKey>();
privateJsonWebKeyList.AddRange(privateJwks.Keys);
keyResolver  = new KeyResolver(privateJsonWebKeyList, jwksService, encryptionOptions.CacheDurationSeconds, KeyPreference.EC);
var logger = new Mock<ILogger<Encryption>>(); // Use your ILogger instance
var encryption = new Encryption(keyResolver, logger.Object);
var phone = await encryption.DecryptAsync(phoneCipher );

For ASP.NET MVC application example, please see this code: https://github.com/tmobile/tmobile-api-security-lib/tree/master/encryption-lib/CS-Encryption-Lib/Example_Asp.Net_Mvc_WebApplication

Product	Compatible and additional computed target framework versions.
.NET	net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.
.NET Core	netcoreapp3.0 was computed. netcoreapp3.1 was computed.
.NET Standard	netstandard2.1 is compatible.
MonoAndroid	monoandroid was computed.
MonoMac	monomac was computed.
MonoTouch	monotouch was computed.
Tizen	tizen60 was computed.
Xamarin.iOS	xamarinios was computed.
Xamarin.Mac	xamarinmac was computed.
Xamarin.TVOS	xamarintvos was computed.
Xamarin.WatchOS	xamarinwatchos was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

.NETStandard 2.1
- com.tmobile.oss.security.taap.poptoken.builder (>= 1.0.10)
- jose-jwt (>= 3.2.0)
- Microsoft.Extensions.Logging.Abstractions (>= 5.0.0)
- Microsoft.IdentityModel.Tokens (>= 6.12.2)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
1.0.12	10,771	9/9/2021

Update all NuGet packages to latest versions.
Updated component to use .NET Standard 2.1
Add IOAuth2JwksService interface
Remove "poptoken" key word in example (not needed)
Use IJwksService in KeyResolver constructor
Update POPToken Reference
Use ApplicationJsonCharsetUtf8 const when creating pop token
Update POP Token reference
Only get EC keys that support "P-256" or RSA keys that support "RS256"
Correct spelling
Don't use "Crv" to restrict EC keys

com.tmobile.oss.security.taap.jwe 1.0.12

.NETStandard 2.1

NuGet packages

GitHub repositories