wan24-Crypto-BC
1.18.0
See the version list below for details.
dotnet add package wan24-Crypto-BC --version 1.18.0
NuGet\Install-Package wan24-Crypto-BC -Version 1.18.0
<PackageReference Include="wan24-Crypto-BC" Version="1.18.0" />
paket add wan24-Crypto-BC --version 1.18.0
#r "nuget: wan24-Crypto-BC, 1.18.0"
// Install wan24-Crypto-BC as a Cake Addin #addin nuget:?package=wan24-Crypto-BC&version=1.18.0 // Install wan24-Crypto-BC as a Cake Tool #tool nuget:?package=wan24-Crypto-BC&version=1.18.0
wan24-Crypto-BC
This library adopts
The Bouncy Castle Cryptography Library For .NET
to wan24-Crypto and extends
the wan24-Crypto
library with these algorithms:
Algorithm | ID | Name |
---|---|---|
Asymmetric | ||
CRYSTALS-Kyber | 2 | CRYSTALSKYBER |
CRYSTALS-Dilithium | 3 | CRYSTALSDILITHIUM |
FALCON | 4 | FALCON |
SPHINCS+ | 5 | SPHINCSPLUS |
FrodoKEM* | 6 | FRODOKEM |
NTRUEncrypt* | 7 | NTRUENCRYPT |
Symmetric | ||
ChaCha20 | 1 | CHACHA20 |
XSalsa20 | 2 | XSALSA20 |
AES-256-GCM AEAD (128 bit MAC) | 3 | AES256GCM |
Serpent 256 CBC (ISO10126 padding) | 5 | SERPENT256CBC |
Serpent 256 GCM AEAD (128 bit MAC) | 6 | SERPENT256GCM |
Twofish 256 CBC (ISO10126 padding) | 7 | TWOFISH256CBC |
Twofish 256 GCM AEAD (128 bit MAC) | 8 | TWOFISH256GCM |
Hashing | ||
SHA3-256 | 5 | SHA3-256 |
SHA3-384 | 6 | SHA3-384 |
SHA3-512 | 7 | SHA3-512 |
MAC | ||
HMAC-SHA3-256 | 4 | HMAC-SHA3-256 |
HMAC-SHA3-384 | 5 | HMAC-SHA3-384 |
HMAC-SHA3-512 | 6 | HMAC-SHA3-512 |
NOTE: FrodoKEM and NTRUEncrypt are currently disabled, 'cause there seems to be a bug (missing code) in the Bouncy Castle library for exporting/importing private keys (at last).
NTRUSign is currently not implemented, 'cause it'd require the using code to be GPL licensed. This algorithm may be included in a separate package which is licensed using the GPL license (to avoid misunderstandings) in the future.
How to get it
This library is available as NuGet package.
Usage
In case you don't use the wan24-Core
bootstrapper logic, you need to
initialize the Bouncy Castle extension first, before you can use it:
wan24.Crypto.BC.Bootstrapper.Boot();
This will register the algorithms to the wan24-Crypto
library.
To set Bouncy Castle defaults as wan24-Crypto
defaults:
BouncyCastle.SetDefaults();
Per default the current wan24-Crypto
default will be set as counter
algorithms to HybridAlgorithmHelper
.
Some algorithms of the wan24-Crypto
library are not available on some
platforms, that's why they need to be replaced in order to be used:
wan24-Crypto |
wan24-Crypto-BC |
---|---|
EncryptionAes256CbcAlgorithm |
EncryptionBcAes256CbcAlgorithm |
To replace all of them:
BouncyCastle.ReplaceNetAlgorithms();
Post quantum safety
These algorithms are designed for post quantum cryptography:
- CRYSTALS-Kyber (key exchange)
- CRYSTALS-Dilithium (signature)
- FALCON (signature)
- SPHINCS+ (signature)
- FrodoKEM (key exchange)
Normally you want to use them in hybrid mode and use classical algorithms of
the wan24-Crypto
package as counter algorithm. To do this per default:
// Enable the post quantum algorithms as (counter-)defaults
CryptoHelper.ForcePostQuantumSafety();
This will use these algorithms as (counter) algorithms for asymmetric cryptography, in case you didn't define other post quantum algorithms already:
- CRYSTALS-Kyber (key exchange)
- CRYSTALS-Dilithium (signature)
For using other algorithms instead:
// FALCON
HybridAlgorithmHelper.SignatureAlgorithm =
AsymmetricHelper.GetAlgorithm(AsymmetricFalconAlgorithm.ALGORITHM_NAME);
// SPHINCS+
HybridAlgorithmHelper.SignatureAlgorithm =
AsymmetricHelper.GetAlgorithm(AsymmetricSphincsPlusAlgorithm.ALGORITHM_NAME);
// FrodoKEM
HybridAlgorithmHelper.KeyExchangeAlgorithm =
AsymmetricHelper.GetAlgorithm(AsymmetricFrodoKemAlgorithm.ALGORITHM_NAME);
The counter algorithm will come in effect, if you use asymmetric keys for encryption:
// Create options having a counter private key
CryptoOptions options = EncryptionHelper.GetDefaultOptions();
options.SetCounterPrivateKey(yourKyberPrivateKey);
// Encrypt using the options and your normal private key
byte[] cipherData = rawData.Encrypt(yourNormalPrivateKey, options);
rawData = cipherData.Decrypt(yourNormalPrivateKey, options);
And for signature:
// Create options having a counter private key
CryptoOptions options = AsymmetricHelper.GetDefaultSignatureOptions();
options.SetCounterPrivateKey(yourDilithiumPrivateKey);
// Sign using the options and your normal private key
SignatureContainer signature = dataToSign.Sign(yourNormalPrivateKey, options: options);
Algorithm parameters used
For CRYSTALS-Kyber and CRYSTALS-Dilithium the AES parameters are being used. When using SPHINCS+, the Haraka F hashing parameters will be used. For FrodoKEM the AES parameters will be used.
Random data provider
The RandomDataProvider
is a RandomDataGenerator
which provides added seed
data to OnSeed(Async)
attached event handlers. It uses the ChaCha20Rng
in
combination with RND
of wan24-Crypto
to produce cryptographic secure
random data (CSRNG). An instance may be set as RND.Generator
singleton
random data generator for all consumers (like key generators etc.).
RandomDataProvider
can be customized by extending the type. Pregnant methods
are virtual and can be overridden. Since the type is a HostedServiceBase
, it
can be used in modern .NET app environments. And since it implements the
IRandomGenerator
interface of Bouncy Castle, it can be used as secure random
data source for all Bouncy Castle algorithms (like key generators) also.
By calling the CreateFork(Async)
method, you can create an attached
instance, which will be initialized with a random seed generated by the parent
instance and consumes the provided seeds from the parent automatically.
NOTE: Don't forget to dispose an unused RandomDataProvider
instance!
CAUTION: There is a patent (US10402172B1) which comes into play, if you plan to create a Random or Entropy as a Service (R/EaaS) application, especially when using QRNG entropy. Read that document carefully to avoid disappointments.
Stream cipher RNG
The StreamCipherRng
uses any stream cipher to encrypt the generated random
bytes of an underlaying PRNG using a random key. The result is a CSRNG. These
stream ciphers are available with wan24-Crypto-BC
, but you could use any
other stream cipher (but not AEAD implementations!) also:
- ChaCha20 -
ChaCha20Rng
- XSalsa20 -
XSalsa20Rng
If you didn't specify an underlaying PRNG, Bouncy Castle's
VmpcRandomGenerator
will be used and seeded using 256 bytes from RND
.
The final CSRNG implements IRandomGenerator
for use with Bouncy Castle, and
also ISeedableRng
for use with RND
(as seed consumer, for example).
NOTE: A StreamCipherRng
needs to be disposed after use!
You can use the resulting CSRNG as default RNG for RND
:
ChaCha20Rng csrng = new();
// Enable automatic seeding
RND.SeedConsumer = csrng;
// Use as default CSRNG
RND.FillBytes = csrng.GetBytes;
RND.FillBytesAsync = csrng.GetBytesAsync;
NOTE: When setting the RND.FillBytes(Async)
callbacks, they may not be
used, if /dev/urandom
was preferred. To disable /dev/urandom
, set
RND.UseDevUrandom
and RND.RequireDevUrandom
to false
also.
NOTE: Currently only stream ciphers are supported, because the cipher RNG implementation doesn't buffer pre-generated random data.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- BouncyCastle.Cryptography (>= 2.2.1)
- wan24-Core (>= 1.38.1)
- wan24-Crypto (>= 1.23.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated | |
---|---|---|---|
3.14.0 | 83 | 10/27/2024 | |
3.13.0 | 85 | 9/21/2024 | |
3.12.0 | 81 | 9/9/2024 | |
3.11.0 | 112 | 8/16/2024 | |
3.10.1 | 96 | 7/13/2024 | |
3.10.0 | 116 | 7/6/2024 | |
3.9.0 | 100 | 6/29/2024 | |
3.8.0 | 108 | 6/22/2024 | |
3.7.0 | 90 | 6/16/2024 | |
3.6.0 | 99 | 5/26/2024 | |
3.5.1 | 130 | 4/13/2024 | |
3.5.0 | 116 | 4/13/2024 | |
3.4.0 | 133 | 3/9/2024 | |
3.3.0 | 134 | 3/2/2024 | |
3.2.0 | 116 | 2/24/2024 | |
3.1.0 | 99 | 2/17/2024 | |
3.0.0 | 121 | 2/11/2024 | |
2.0.0 | 106 | 1/21/2024 | |
1.19.3 | 169 | 11/11/2023 | |
1.19.2 | 104 | 11/1/2023 | |
1.19.1 | 135 | 10/29/2023 | |
1.19.0 | 155 | 10/21/2023 | |
1.18.0 | 153 | 10/15/2023 | |
1.17.0 | 128 | 10/8/2023 | |
1.16.0 | 145 | 10/1/2023 | |
1.15.0 | 141 | 9/19/2023 | |
1.14.0 | 112 | 9/16/2023 | |
1.13.0 | 164 | 9/10/2023 | |
1.12.0 | 160 | 9/3/2023 | |
1.11.1 | 165 | 7/30/2023 | |
1.11.0 | 148 | 7/30/2023 | |
1.10.0 | 157 | 7/22/2023 | |
1.9.0 | 153 | 6/8/2023 | |
1.8.0 | 147 | 6/3/2023 | |
1.7.0 | 138 | 5/29/2023 | |
1.6.0 | 150 | 5/27/2023 | |
1.5.0 | 161 | 5/20/2023 | |
1.4.1 | 151 | 5/13/2023 | |
1.4.0 | 175 | 5/11/2023 | |
1.3.0 | 185 | 5/7/2023 | |
1.2.0 | 189 | 5/1/2023 | |
1.1.0 | 187 | 4/30/2023 | |
1.0.1 | 187 | 4/28/2023 | |
1.0.0 | 207 | 4/28/2023 |