The default implementation of EncryptedXml doesn't support using the RSA
key from X509Certificate to decrypt xml unless that cert is in the X509
CurrentUser\My or Localmachine\My store. This adds support for
decrypting with the X509Certificate directly. This is useful for Linux
(often Docker) scenarios, where the user already has a .pfx file, but
may not have added it to X509Store.
This retargets all data protection libraries to ns2.0. This means .NET
Framework applications will need to upgrade to .NET Framework 4.6.1.
This upgrade makes available API to .NET Core that was previously only
available on .NET Framework, such as encrypting keys at rest with
certificates.
New API for .NET Core users:
- IDataProtectionBuilder.ProtectKeysWithCertificate(string thumbprint)
- CertificateXmlEncryptor
- ICertificateResolver
- DataProtectionProvider
- .Create(string applicationName, X509Certificate2 certificate)
- .Create(DirectoryInfo keyDirectory, X509Certificate2 certificate)
- .Create(DirectoryInfo keyDirectory, Action<IDataProtectionBuilder>
setupAction, X509Certificate2 certificate
Other minor changes in this commit:
- Fixed samples that were using obsolete logging API
- Remove calls to api-sets, instead using kernel32. .NET Core 2.0 no
longer requires using api-sets as Nano Server now forwards kernel32
calls
- Made minor improvements to the TypeForwardingActivator
- Remove dead code an unused api baselines
- Enable more tests on macOS/Linux that previously only ran on Windows
Nate McMaster
Pranav K
Kiran Challa
Ajay Bhargav Baaskaran
Doug Bunting