diff --git a/aspnetcore/security/data-protection/implementation/authenticated-encryption-details.md b/aspnetcore/security/data-protection/implementation/authenticated-encryption-details.md index c13db0e6c234..c483e849ee6a 100644 --- a/aspnetcore/security/data-protection/implementation/authenticated-encryption-details.md +++ b/aspnetcore/security/data-protection/implementation/authenticated-encryption-details.md @@ -49,4 +49,4 @@ The next 128 bits, or 16 bytes is the key identifier (80 9C 81 0C 19 66 19 40 95 The remainder contains the payload and is specific to the format used. > [!WARNING] -> All payloads protected to a given key will begin with the same 20-byte (magic value, key id) header. Administrators can use this fact for diagnostic purposes to approximate when a payload was generated. For example, the payload above corresponds to key {0c819c80-6619-4019-9536-53f8aaffee57}. If after checking the key repository you find that this specific key's activation date was 2015-01-01 and its expiration date was 2015-03-01, then it's reasonable to assume that the payload (if not tampered with) was generated within that window, give or take a small fudge factor on either side. +> All payloads protected to a given key will begin with the same 20-byte (magic value, key id) header. Administrators can use this fact for diagnostic purposes to approximate when a payload was generated. For example, the payload above corresponds to key {aaaaaaaa-0b0b-1c1c-2d2d-333333333333}. If after checking the key repository you find that this specific key's activation date was 2015-01-01 and its expiration date was 2015-03-01, then it's reasonable to assume that the payload (if not tampered with) was generated within that window, give or take a small fudge factor on either side. diff --git a/aspnetcore/security/data-protection/implementation/key-storage-format.md b/aspnetcore/security/data-protection/implementation/key-storage-format.md index a44e1050ab42..ebaeb8159ab5 100644 --- a/aspnetcore/security/data-protection/implementation/key-storage-format.md +++ b/aspnetcore/security/data-protection/implementation/key-storage-format.md @@ -21,7 +21,7 @@ Keys exist as top-level objects in the key repository. By convention keys have t ```xml - + 2015-03-19T23:32:02.3949887Z 2015-03-19T23:32:02.3839429Z 2015-06-17T23:32:02.3839429Z @@ -50,7 +50,7 @@ The \ element contains the following attributes and child elements: * A \ element, which contains information on the authenticated encryption implementation contained within this key. -In the above example, the key's id is {80732141-ec8f-4b80-af9c-c4d2d1ff8901}, it was created and activated on March 19, 2015, and it has a lifetime of 90 days. (Occasionally the activation date might be slightly before the creation date as in this example. This is due to a nit in how the APIs work and is harmless in practice.) +In the above example, the key's id is {aaaaaaaa-0b0b-1c1c-2d2d-333333333333}, it was created and activated on March 19, 2015, and it has a lifetime of 90 days. (Occasionally the activation date might be slightly before the creation date as in this example. This is due to a nit in how the APIs work and is harmless in practice.) ## The \ element @@ -74,7 +74,7 @@ For revocations of individual keys, the file contents will be as below. 2015-03-20T22:45:30.2616742Z - + human-readable reason ``` diff --git a/aspnetcore/security/key-vault-configuration.md b/aspnetcore/security/key-vault-configuration.md index b2f9d7620f50..5917f5921f2e 100644 --- a/aspnetcore/security/key-vault-configuration.md +++ b/aspnetcore/security/key-vault-configuration.md @@ -143,7 +143,7 @@ The X.509 certificate is managed by the OS. The app calls