This retargets all data protection libraries to ns2.0. This means .NET
Framework applications will need to upgrade to .NET Framework 4.6.1.
This upgrade makes available API to .NET Core that was previously only
available on .NET Framework, such as encrypting keys at rest with
certificates.
New API for .NET Core users:
- IDataProtectionBuilder.ProtectKeysWithCertificate(string thumbprint)
- CertificateXmlEncryptor
- ICertificateResolver
- DataProtectionProvider
- .Create(string applicationName, X509Certificate2 certificate)
- .Create(DirectoryInfo keyDirectory, X509Certificate2 certificate)
- .Create(DirectoryInfo keyDirectory, Action<IDataProtectionBuilder>
setupAction, X509Certificate2 certificate
Other minor changes in this commit:
- Fixed samples that were using obsolete logging API
- Remove calls to api-sets, instead using kernel32. .NET Core 2.0 no
longer requires using api-sets as Nano Server now forwards kernel32
calls
- Made minor improvements to the TypeForwardingActivator
- Remove dead code an unused api baselines
- Enable more tests on macOS/Linux that previously only ran on Windows
- Move IDataProtectionProvider, IDataProtector, and extension methods to their own package
- Simplify the APIs for registering and configuring the system
- Default implementation now auto-detects capabilities of OS
- Use EncryptedXml for X.509 certificate-based encryption
- Add ability to escrow secret material upon key creation
- Use centralized system policy for default algorithm selection
- Simplify System.Web compatibility layer
- Add unit tests, logging, and doc comments throughout solution
Nate McMaster
Ajay Bhargav Baaskaran
Pavel Krymets
N. Taylor Mullen
Troy Dai
Brennan
Levi B
David Fowler
Louis DeJardin