Login/Register
ASP.NET Core Data Protection - how to manage expired key?
Asked Answered
asp.net-coreasp.net-core-2.0asp.net-core-2.1data-protection
P

0

6

According to ASP.NET Key Management,

Deleting a key is truly destructive behavior, and consequently the data protection system exposes no first-class API for performing this operation.

Is the expired key still being used to unprotect data previously protected by that key even that key is expired?

Are the expired key kept forever even it might not have any more data protected by it?

If the key is short life and it will never be deleted, does the hashed table used in the ASP.NET Core to find the matching key keep growing forever?

I can't find any document or guideline how the expired data protection key should be handled. I would like to know the best practice of handling it.

Thanks in advance.

Parisi answered 16/10, 2018 at 18:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.