Enigma.Cryptography
4.1.0
.NET 8.0
This package targets .NET 8.0. The package is compatible with this framework or higher.
.NET Standard 2.0
This package targets .NET Standard 2.0. The package is compatible with this framework or higher.
dotnet add package Enigma.Cryptography --version 4.1.0
NuGet\Install-Package Enigma.Cryptography -Version 4.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Enigma.Cryptography" Version="4.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Enigma.Cryptography" Version="4.1.0" />
<PackageReference Include="Enigma.Cryptography" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Enigma.Cryptography --version 4.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Enigma.Cryptography, 4.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Enigma.Cryptography@4.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Enigma.Cryptography&version=4.1.0
#tool nuget:?package=Enigma.Cryptography&version=4.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Enigma.Cryptography
A comprehensive .NET cryptography library built on top of BouncyCastle.Cryptography, providing a clean and easy-to-use API for common cryptographic operations.
Features
- Block Ciphers — AES, DES, 3DES, Blowfish, Twofish, Serpent, Camellia, and more (CBC, ECB, GCM, SIC/CTR modes)
- Stream Ciphers — ChaCha20, ChaCha20-RFC7539, Salsa20
- Public-Key Cryptography — RSA encryption, signing, and PEM key management
- Post-Quantum Cryptography — ML-DSA (CRYSTALS-Dilithium) and ML-KEM (CRYSTALS-Kyber)
- Hashing — MD5, SHA-1, SHA-256, SHA-512, SHA-3
- Key Derivation — PBKDF2 and Argon2
- Padding — PKCS7, ISO 7816-4, X9.23
- Data Encoding — Base64 and hexadecimal encoding/decoding
Installation
dotnet add package Enigma.Cryptography
Block ciphers
Supported algorithms
| Cipher Name | Block Size (bits) | Supported Key Size(s) (bits) | Notes |
|---|---|---|---|
| AES | 128 | 128, 192, 256 | Current global standard. Recommended for new applications. |
| DES | 64 | 56 (effective) | Insecure. Broken due to small key size. Do not use. |
| 3DES (TripleDES) | 64 | 112, 168 (effective) | Slow, small block size. Largely superseded by AES. Use with caution. |
| Blowfish | 64 | 32 - 448 (variable) | Older cipher, 64-bit block size can be problematic (Sweet32). |
| Twofish | 128 | 128, 192, 256 | AES finalist. Strong, but less widely adopted than AES. |
| Serpent | 128 | 128, 192, 256 | AES finalist. Known for conservative security margin, slower in software. |
| Camellia | 128 | 128, 192, 256 | ISO/NESSIE/CRYPTREC standard. Similar performance/security to AES. |
| CAST-128 (CAST5) | 64 | 40 - 128 (variable) | Used in older PGP/GPG. 64-bit block size limitation. |
| IDEA | 64 | 128 | Used in older PGP. Patented until ~2012. 64-bit block size limit. |
| SEED | 128 | 128 | South Korean standard. |
| ARIA | 128 | 128, 192, 256 | South Korean standard, successor to SEED. |
| SM4 | 128 | 128 | Chinese national standard. |
Classes
BlockCipherService— Service for encryption/decryption with block ciphersBlockCipherServiceFactory—IBlockCipherServicefactoryBlockCipherEngineFactory—IBlockCipherfactoryBlockCipherPaddingFactory—IBlockCipherPaddingfactoryBlockCipherParametersFactory—ICipherParametersfactory
Usage
Create a block cipher service with an algorithm string:
var service = new BlockCipherService("AES/CBC/PKCS7Padding");
// or without padding:
var service = new BlockCipherService("AES/CBC/NoPadding");
Create a block cipher service with factories:
var engineFactory = new BlockCipherEngineFactory();
var paddingFactory = new BlockCipherPaddingFactory();
// With padding
var service = new BlockCipherServiceFactory().CreateCbcService(engineFactory.CreateAesEngine, paddingFactory.CreatePkcs7Padding);
// Without padding
var service = new BlockCipherServiceFactory().CreateCbcService(engineFactory.CreateAesEngine);
AES-256 GCM example
var service = new BlockCipherService("AES/GCM");
var key = RandomUtils.GenerateRandomBytes(32);
var nonce = RandomUtils.GenerateRandomBytes(12);
var parameters = new BlockCipherParametersFactory().CreateGcmParameters(key, nonce, "associated data".GetUtf8Bytes());
var data = "This is a secret message !".GetUtf8Bytes();
// Encrypt
using var inputEnc = new MemoryStream(data);
using var outputEnc = new MemoryStream();
await service.EncryptAsync(inputEnc, outputEnc, parameters);
var encrypted = outputEnc.ToArray();
// Decrypt
using var inputDec = new MemoryStream(encrypted);
using var outputDec = new MemoryStream();
await service.DecryptAsync(inputDec, outputDec, parameters);
var decrypted = outputDec.ToArray();
AES-256 CBC example
var service = new BlockCipherService("AES/CBC/PKCS7Padding");
var key = RandomUtils.GenerateRandomBytes(32);
var iv = RandomUtils.GenerateRandomBytes(16);
var parameters = new BlockCipherParametersFactory().CreateCbcParameters(key, iv);
var data = "This is a secret message !".GetUtf8Bytes();
// Encrypt
using var inputEnc = new MemoryStream(data);
using var outputEnc = new MemoryStream();
await service.EncryptAsync(inputEnc, outputEnc, parameters);
var encrypted = outputEnc.ToArray();
// Decrypt
using var inputDec = new MemoryStream(encrypted);
using var outputDec = new MemoryStream();
await service.DecryptAsync(inputDec, outputDec, parameters);
var decrypted = outputDec.ToArray();
Stream ciphers
Supported algorithms
| Cipher Name | Key Size (bits) | Nonce Size (bits) | Notes |
|---|---|---|---|
| ChaCha20 | 256 | 64 | High-performance software cipher. |
| ChaCha20-RFC7539 | 256 | 96 | IETF variant of ChaCha20 (RFC 7539 / RFC 8439). |
| Salsa20 | 128, 256 | 64 | Predecessor to ChaCha20. |
Classes
StreamCipherService— Service for encryption/decryption with stream ciphersStreamCipherServiceFactory—IStreamCipherServicefactory
ChaCha20-RFC7539 example
var service = new StreamCipherServiceFactory().CreateChaCha7539Service();
var key = RandomUtils.GenerateRandomBytes(32);
var nonce = RandomUtils.GenerateRandomBytes(12);
var data = "This is a secret message !".GetUtf8Bytes();
// Encrypt
using var inputEnc = new MemoryStream(data);
using var outputEnc = new MemoryStream();
await service.EncryptAsync(inputEnc, outputEnc, key, nonce);
var encrypted = outputEnc.ToArray();
// Decrypt
using var inputDec = new MemoryStream(encrypted);
using var outputDec = new MemoryStream();
await service.DecryptAsync(inputDec, outputDec, key, nonce);
var decrypted = outputDec.ToArray();
Public-key cryptography
Classes
PublicKeyService— Service for public-key encryption/decryption and signing/verifyingPublicKeyServiceFactory—IPublicKeyServicefactory
RSA example
var service = new PublicKeyServiceFactory().CreateRsaService();
// Generate a 4096-bit key pair
var keyPair = service.GenerateKeyPair(4096);
var data = "This is a secret message".GetUtf8Bytes();
// Encrypt/decrypt
var enc = service.Encrypt(data, keyPair.Public);
var dec = service.Decrypt(enc, keyPair.Private);
// Sign/verify
var signature = service.Sign(data, keyPair.Private);
var verified = service.Verify(data, signature, keyPair.Public);
// Save public key in PEM format
using var publicOutput = new MemoryStream();
PemUtils.SaveKey(keyPair.Public, publicOutput);
// Save and encrypt private key in PEM format
using var privateOutput = new MemoryStream();
PemUtils.SavePrivateKey(keyPair.Private, privateOutput, "yourpassword", algorithm: "AES-256-CBC");
// Load public key from PEM
using var publicInput = new MemoryStream(publicOutput.ToArray());
var publicKey = PemUtils.LoadKey(publicInput);
// Load and decrypt private key from PEM
using var privateInput = new MemoryStream(privateOutput.ToArray());
var privateKey = PemUtils.LoadPrivateKey(privateInput, "yourpassword");
Post-Quantum Cryptography (PQC)
Classes
MLDsaService— Module-Lattice-Based digital signature algorithm (ML-DSA / CRYSTALS-Dilithium)MLDsaServiceFactory—IMLDsaServicefactoryMLKemService— Module-Lattice-Based key-encapsulation mechanism (ML-KEM / CRYSTALS-Kyber)MLKemServiceFactory—IMLKemServicefactory
ML-DSA example
var service = new MLDsaServiceFactory().CreateDsa65Service();
var keyPair = service.GenerateKeyPair();
var data = "Data to sign".GetUtf8Bytes();
// Sign/verify
var signature = service.Sign(data, keyPair.Private);
var verified = service.Verify(data, signature, keyPair.Public);
// Save public key in PEM format
using var publicOutput = new MemoryStream();
PemUtils.SaveKey(keyPair.Public, publicOutput);
// Save and encrypt private key in PEM format
using var privateOutput = new MemoryStream();
PemUtils.SavePrivateKey(keyPair.Private, privateOutput, "yourpassword", algorithm: "AES-256-CBC");
// Load public key from PEM
using var publicInput = new MemoryStream(publicOutput.ToArray());
var publicKey = PemUtils.LoadKey(publicInput);
// Load and decrypt private key from PEM
using var privateInput = new MemoryStream(privateOutput.ToArray());
var privateKey = PemUtils.LoadPrivateKey(privateInput, "yourpassword");
ML-KEM example
var service = new MLKemServiceFactory().CreateKem1024();
var keyPair = service.GenerateKeyPair();
// Encapsulate a shared secret
var (encapsulation, secret) = service.Encapsulate(keyPair.Public);
// Decapsulate the shared secret
var secretDec = service.Decapsulate(encapsulation, keyPair.Private);
// Save public key in PEM format
using var publicOutput = new MemoryStream();
PemUtils.SaveKey(keyPair.Public, publicOutput);
// Save and encrypt private key in PEM format
using var privateOutput = new MemoryStream();
PemUtils.SavePrivateKey(keyPair.Private, privateOutput, "yourpassword", algorithm: "AES-256-CBC");
// Load public key from PEM
using var publicInput = new MemoryStream(publicOutput.ToArray());
var publicKey = PemUtils.LoadKey(publicInput);
// Load and decrypt private key from PEM
using var privateInput = new MemoryStream(privateOutput.ToArray());
var privateKey = PemUtils.LoadPrivateKey(privateInput, "yourpassword");
Hashing
Supported algorithms
| Algorithm | Output Size (bits) | Notes |
|---|---|---|
| MD5 | 128 | Broken. For checksums only, not security use. |
| SHA-1 | 160 | Deprecated for security use. |
| SHA-256 | 256 | Widely used. Recommended for most use cases. |
| SHA-512 | 512 | Stronger variant of SHA-2. |
| SHA-3 | 224, 256, 384, 512 | Latest NIST standard. Keccak-based. |
Classes
HashService— Hash serviceHashServiceFactory—IHashServicefactory
Usage
var data = "Data to hash".GetUtf8Bytes();
var service = new HashServiceFactory().CreateSha3Service();
using var input = new MemoryStream(data);
var hash = await service.HashAsync(input);
Key Derivation (KDF)
Classes
Pbkdf2Service— PBKDF2 key derivation serviceArgon2Service— Argon2 password-based key derivation service
PBKDF2 example
var service = new Pbkdf2Service();
var salt = "5775ada0513d7d7d7316de8d72d1f4d2".FromHexString();
// Derive a 32-byte key from a password and salt
var key = service.GenerateKey(size: 32, password: "yourpassword", salt, iterations: 10_000);
Argon2 example
var service = new Argon2Service();
var passwordData = "yourpassword".GetUtf8Bytes();
var salt = RandomUtils.GenerateRandomBytes(16);
// Derive a 32-byte key from a password and salt
var key = service.GenerateKey(32, passwordData, salt);
Padding
Supported schemes
| Scheme | Standard | Notes |
|---|---|---|
| PKCS7 | RFC 5652 | Most widely used padding scheme. |
| ISO 7816-4 | ISO/IEC 7816-4 | Used in smart card applications. |
| X9.23 | ANSI X9.23 | Also known as PKCS#5 zero-byte padding. |
Classes
NoPaddingService— No-op padding servicePaddingService— Padding servicePaddingServiceFactory—IPaddingServicefactory
Usage
var data = "Data to pad".GetUtf8Bytes();
var service = new PaddingServiceFactory().CreatePkcs7Service();
// Pad/unpad with a 16-byte block size
var padded = service.Pad(data, blockSize: 16);
var unpadded = service.Unpad(padded, blockSize: 16);
Data encoding
Classes
Base64Service— Base64 encoding/decoding serviceHexService— Hexadecimal encoding/decoding service
Usage
var data = "This is some data".GetUtf8Bytes();
// Hex encoding
var hex = new HexService();
var hexEncoded = hex.Encode(data);
var hexDecoded = hex.Decode(hexEncoded);
// Base64 encoding
var base64 = new Base64Service();
var base64Encoded = base64.Encode(data);
var base64Decoded = base64.Decode(base64Encoded);
With extension methods:
var data = "This is some data".GetUtf8Bytes();
var hexEncoded = data.ToHexString();
var hexDecoded = hexEncoded.FromHexString();
var base64Encoded = data.ToBase64String();
var base64Decoded = base64Encoded.FromBase64String();
Copyright (c) 2026 Josué Clément
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
.NETStandard 2.0
- BouncyCastle.Cryptography (>= 2.6.2)
- System.Buffers (>= 4.6.1)
-
net8.0
- BouncyCastle.Cryptography (>= 2.6.2)
NuGet packages (3)
Showing the top 3 NuGet packages that depend on Enigma.Cryptography:
| Package | Downloads |
|---|---|
|
Enigma.Cryptography.DataEncryption
Stream-based encryption and decryption services for .NET, built on Enigma.Cryptography. Supports password-based (PBKDF2, Argon2id), RSA hybrid, and post-quantum ML-KEM-1024 key exchange, combined with AES-256, Twofish-256, Serpent-256, and Camellia-256 in GCM mode. |
|
|
Enigma.LicenseManager
.NET license management library |
|
|
Carbon.Avalonia.Desktop
A comprehensive Avalonia UI control library for .NET desktop applications. Includes navigation, docking, ribbon, editors, calendar/scheduling, and 2D display controls, along with a CollectionView data subsystem and dialog/overlay services. Built on Avalonia 11.3 with Fluent theme (Dark & Light variants), full MVVM support, and dependency injection integration. |
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 4.1.0 | 44 | 3/9/2026 |
| 4.0.3 | 251 | 11/28/2025 |
| 4.0.2 | 210 | 10/30/2025 |
| 4.0.1 | 404 | 8/5/2025 |
| 4.0.0 | 194 | 7/4/2025 |
| 3.5.3 | 216 | 6/30/2025 |
| 3.5.2 | 274 | 4/25/2025 |
| 3.5.1 | 273 | 4/21/2025 |
| 3.5.0 | 244 | 4/20/2025 |
| 3.4.0 | 263 | 4/16/2025 |
| 3.3.0 | 166 | 4/11/2025 |
| 3.2.0 | 226 | 4/3/2025 |
| 3.1.1 | 213 | 3/30/2025 |
| 3.1.0 | 216 | 3/30/2025 |