Skip to content
Merged
4 changes: 2 additions & 2 deletions docs/compatibility-promise.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ way that breaks stored data or removes/alters public surface.
- Core value types: `KeyId`, `TenantId`, `LogicalName`, `EncryptedDataScope`, `EncryptionContext`,
`KeyDescriptor`, `CiphertextEnvelope`, `CiphertextEnvelopeHeader`, and the envelope id types
(`EnvelopeVersion`, `CryptoSuiteId`, `AadSchemeId`).
- `IKeyMaterialProvider` and `KeyResolutionException` live in the dependency-free
`Proteos.Encryption.Abstractions` package (the provider seam is public via `UseKeyProvider`).
- Entity Framework Core integration: the attributes (`[Encrypted]`, `[EncryptedSearchable]`,
`[EncryptedEmail]`, `[Plaintext]`, `[EncryptedEntity]`), the fluent configuration API, the query
helpers (`WhereEncryptedEquals`, `WhereEncryptedIn`, `WhereEncryptedEmail`), the registration entry
Expand Down Expand Up @@ -93,8 +95,6 @@ Areas that may evolve after `1.0` without violating the promise:
While still on `0.x`, the following changes are considered acceptable and may land before `1.0`. They are
listed so the intent is on record; none is guaranteed to happen.

- Moving `IKeyMaterialProvider` from `Proteos.Encryption.Core` to `Proteos.Encryption.Abstractions` for
cleaner layering. (Currently expected to be left as-is, but allowed.)
- Adjusting the re-encryption (preview) API surface.
- Refining registration ergonomics and adding startup-time configuration validation.
- Analyzer message wording and rule scope.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
using Proteos.Encryption.Abstractions;
using Proteos.Encryption.Core;

namespace Proteos.FeatureShowcase.Infrastructure;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
using Proteos.Encryption.Abstractions;

namespace Proteos.Encryption.Core;
namespace Proteos.Encryption.Abstractions;

/// <summary>
/// Resolves the symmetric key material the encryption layer uses for a tenant and a specific
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
using Proteos.Encryption.Abstractions;

namespace Proteos.Encryption.Core;
namespace Proteos.Encryption.Abstractions;

/// <summary>
/// Thrown when a key cannot be resolved for the requested tenant and descriptor — for example
Expand Down
7 changes: 7 additions & 0 deletions src/Proteos.Encryption.Abstractions/PublicAPI.Shipped.txt
Original file line number Diff line number Diff line change
Expand Up @@ -216,3 +216,10 @@ static readonly Proteos.Encryption.Abstractions.CryptoSuiteId.Aes256GcmSiv -> Pr
static readonly Proteos.Encryption.Abstractions.CryptoSuiteId.Aes256SivDeterministic -> Proteos.Encryption.Abstractions.CryptoSuiteId
static readonly Proteos.Encryption.Abstractions.CryptoSuiteId.XChaCha20Poly1305 -> Proteos.Encryption.Abstractions.CryptoSuiteId
static readonly Proteos.Encryption.Abstractions.EnvelopeVersion.V1 -> Proteos.Encryption.Abstractions.EnvelopeVersion
Proteos.Encryption.Abstractions.IKeyMaterialProvider
Proteos.Encryption.Abstractions.IKeyMaterialProvider.DeriveKey(Proteos.Encryption.Abstractions.TenantId! tenant, Proteos.Encryption.Abstractions.KeyDescriptor! descriptor) -> byte[]!
Proteos.Encryption.Abstractions.IKeyMaterialProvider.GetCurrentKeyId(Proteos.Encryption.Abstractions.TenantId! tenant) -> Proteos.Encryption.Abstractions.KeyId!
Proteos.Encryption.Abstractions.IKeyMaterialProvider.GetKnownKeyIds(Proteos.Encryption.Abstractions.TenantId! tenant) -> System.Collections.Generic.IReadOnlyCollection<Proteos.Encryption.Abstractions.KeyId!>!
Proteos.Encryption.Abstractions.IKeyMaterialProvider.ProviderId.get -> string!
Proteos.Encryption.Abstractions.KeyResolutionException
Proteos.Encryption.Abstractions.KeyResolutionException.KeyResolutionException(string! message) -> void
11 changes: 2 additions & 9 deletions src/Proteos.Encryption.Core/PublicAPI.Shipped.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
const Proteos.Encryption.Core.LocalDevelopmentKeyProvider.DerivedKeyLength = 32 -> int
const Proteos.Encryption.Core.LocalDevelopmentKeyProvider.RootKeyMinLength = 32 -> int
Proteos.Encryption.Core.AesGcmValueEncryptionService
Proteos.Encryption.Core.AesGcmValueEncryptionService.AesGcmValueEncryptionService(Proteos.Encryption.Core.IKeyMaterialProvider! keyProvider, Proteos.Encryption.Core.ICiphertextEnvelopeCodec! codec) -> void
Proteos.Encryption.Core.AesGcmValueEncryptionService.AesGcmValueEncryptionService(Proteos.Encryption.Abstractions.IKeyMaterialProvider! keyProvider, Proteos.Encryption.Core.ICiphertextEnvelopeCodec! codec) -> void
Proteos.Encryption.Core.AesGcmValueEncryptionService.Decrypt(Proteos.Encryption.Abstractions.CiphertextEnvelope! envelope, Proteos.Encryption.Abstractions.EncryptionContext! context) -> byte[]!
Proteos.Encryption.Core.AesGcmValueEncryptionService.DecryptFromBytes(System.ReadOnlySpan<byte> envelopeBytes, Proteos.Encryption.Abstractions.EncryptionContext! context) -> byte[]!
Proteos.Encryption.Core.AesGcmValueEncryptionService.Encrypt(System.ReadOnlySpan<byte> plaintext, Proteos.Encryption.Abstractions.EncryptionContext! context) -> Proteos.Encryption.Abstractions.CiphertextEnvelope!
Expand Down Expand Up @@ -50,24 +50,17 @@ Proteos.Encryption.Core.HmacBlindIndexProvider.Compute(System.ReadOnlySpan<byte>
Proteos.Encryption.Core.HmacBlindIndexProvider.ComputeForAllKnownKeys(System.ReadOnlySpan<byte> value, Proteos.Encryption.Abstractions.BlindIndexDescriptor! descriptor, Proteos.Encryption.Abstractions.EncryptionContext! context) -> System.Collections.Generic.IReadOnlyCollection<Proteos.Encryption.Abstractions.BlindIndexValue!>!
Proteos.Encryption.Core.HmacBlindIndexProvider.CreateIndex(string! value, Proteos.Encryption.Abstractions.EncryptionContext! context, Proteos.Encryption.Abstractions.BlindIndexPurpose purpose) -> Proteos.Encryption.Abstractions.BlindIndexValue!
Proteos.Encryption.Core.HmacBlindIndexProvider.CreateIndex(string! value, Proteos.Encryption.Abstractions.EncryptionContext! context, Proteos.Encryption.Abstractions.BlindIndexPurpose purpose, Proteos.Encryption.Core.IBlindIndexNormalizer! normalizer) -> Proteos.Encryption.Abstractions.BlindIndexValue!
Proteos.Encryption.Core.HmacBlindIndexProvider.HmacBlindIndexProvider(Proteos.Encryption.Core.IKeyMaterialProvider! keyProvider) -> void
Proteos.Encryption.Core.HmacBlindIndexProvider.HmacBlindIndexProvider(Proteos.Encryption.Abstractions.IKeyMaterialProvider! keyProvider) -> void
Proteos.Encryption.Core.IBlindIndexNormalizer
Proteos.Encryption.Core.IBlindIndexNormalizer.Normalize(string! value) -> string!
Proteos.Encryption.Core.ICiphertextEnvelopeCodec
Proteos.Encryption.Core.ICiphertextEnvelopeCodec.CreateAad(Proteos.Encryption.Abstractions.CiphertextEnvelopeHeader! header) -> byte[]!
Proteos.Encryption.Core.ICiphertextEnvelopeCodec.Parse(System.ReadOnlySpan<byte> data) -> Proteos.Encryption.Abstractions.CiphertextEnvelope!
Proteos.Encryption.Core.ICiphertextEnvelopeCodec.Serialize(Proteos.Encryption.Abstractions.CiphertextEnvelope! envelope) -> byte[]!
Proteos.Encryption.Core.ICiphertextEnvelopeCodec.TryParse(System.ReadOnlySpan<byte> data, out Proteos.Encryption.Abstractions.CiphertextEnvelope? envelope, out Proteos.Encryption.Core.EnvelopeParseError? error) -> bool
Proteos.Encryption.Core.IKeyMaterialProvider
Proteos.Encryption.Core.IKeyMaterialProvider.DeriveKey(Proteos.Encryption.Abstractions.TenantId! tenant, Proteos.Encryption.Abstractions.KeyDescriptor! descriptor) -> byte[]!
Proteos.Encryption.Core.IKeyMaterialProvider.GetCurrentKeyId(Proteos.Encryption.Abstractions.TenantId! tenant) -> Proteos.Encryption.Abstractions.KeyId!
Proteos.Encryption.Core.IKeyMaterialProvider.GetKnownKeyIds(Proteos.Encryption.Abstractions.TenantId! tenant) -> System.Collections.Generic.IReadOnlyCollection<Proteos.Encryption.Abstractions.KeyId!>!
Proteos.Encryption.Core.IKeyMaterialProvider.ProviderId.get -> string!
Proteos.Encryption.Core.InMemoryTenantKeyRegistry
Proteos.Encryption.Core.InMemoryTenantKeyRegistry.GetRecord(Proteos.Encryption.Abstractions.TenantId! tenant) -> Proteos.Encryption.Abstractions.TenantKeyRecord!
Proteos.Encryption.Core.InMemoryTenantKeyRegistry.InMemoryTenantKeyRegistry(System.Collections.Generic.IEnumerable<Proteos.Encryption.Abstractions.TenantKeyRecord!>! records) -> void
Proteos.Encryption.Core.KeyResolutionException
Proteos.Encryption.Core.KeyResolutionException.KeyResolutionException(string! message) -> void
Proteos.Encryption.Core.LocalDevelopmentKeyProvider
Proteos.Encryption.Core.LocalDevelopmentKeyProvider.CurrentVersion.get -> ushort
Proteos.Encryption.Core.LocalDevelopmentKeyProvider.DeriveKey(Proteos.Encryption.Abstractions.TenantId! tenant, Proteos.Encryption.Abstractions.KeyDescriptor! descriptor) -> byte[]!
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ Proteos.Encryption.EntityFrameworkCore.PlaintextAttribute.PlaintextAttribute() -
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.EnableStrictMode() -> Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions!
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.ProteosEncryptionOptions() -> void
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.UseKeyProvider(System.Func<System.IServiceProvider!, Proteos.Encryption.Core.IKeyMaterialProvider!>! factory) -> Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions!
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.UseKeyProvider(System.Func<System.IServiceProvider!, Proteos.Encryption.Abstractions.IKeyMaterialProvider!>! factory) -> Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions!
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.UseLocalDevelopmentKeyProvider(byte[]? rootKey = null) -> Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions!
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.UseSingleTenant(string! tenantId) -> Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions!
Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions.UseTenant(System.Func<System.IServiceProvider!, Proteos.Encryption.Abstractions.TenantId?>! tenantResolver) -> Proteos.Encryption.EntityFrameworkCore.ProteosEncryptionOptions!
Expand Down
Loading