using System;

using Microsoft.AspNetCore.DataProtection;

using Microsoft.Extensions.DependencyInjection;

public class Program

{

    public static void Main()

    {

        var services = new ServiceCollection();

        services.AddDataProtection()

            // We could Persist Keys on AzureBlobStorage and protect them with KeyVault:

            //.PersistKeysToAzureBlobStorage(new Uri("<blobUriWithSasToken>"))

            //.ProtectKeysWithAzureKeyVault("<keyIdentifier>", "<clientId>", "<clientSecret>")

            .SetApplicationName("MyEncryptionTestApp");

        var serviceProvider = services.BuildServiceProvider();

        var protectionProvider = serviceProvider.GetRequiredService<IDataProtectionProvider>();

        var protector = protectionProvider.CreateProtector("MyProtector");

        const string message = "my dark secret";

        var encryptedMessage = protector.Protect(message);

        Console.WriteLine("Encrypted Message: " + encryptedMessage);

        var decryptedMessage = protector.Unprotect(encryptedMessage);

        Console.WriteLine("Decrypted Message: " + decryptedMessage);

    }

}