DotNetBrightener.CryptoEngine 2026.0.2

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
There is a newer prerelease version of this package available.
See the version list below for details. 
dotnet add package DotNetBrightener.CryptoEngine --version 2026.0.2
                    


                    

                
NuGet\Install-Package DotNetBrightener.CryptoEngine -Version 2026.0.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DotNetBrightener.CryptoEngine" Version="2026.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="DotNetBrightener.CryptoEngine" Version="2026.0.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="DotNetBrightener.CryptoEngine" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add DotNetBrightener.CryptoEngine --version 2026.0.2
                    


                    

                
#r "nuget: DotNetBrightener.CryptoEngine, 2026.0.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package DotNetBrightener.CryptoEngine@2026.0.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=DotNetBrightener.CryptoEngine&version=2026.0.2
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=DotNetBrightener.CryptoEngine&version=2026.0.2
                    


                            Install as a Cake Tool

DotNetBrightener.CryptoEngine

Copyright © 2017 - 2026 Vampire Coder (formerly DotnetBrightener)

A library providing APIs for asymmetric and symmetric encryption methods in .NET applications.

Installation

dotnet add package DotNetBrightener.CryptoEngine

Features

  • RSA Asymmetric Encryption - Encrypt/decrypt strings and files with public/private key pairs
  • AES Symmetric Encryption - Modern symmetric encryption (recommended)
  • TripleDES Symmetric Encryption - Legacy symmetric encryption (deprecated)
  • Password Utilities - Password salt generation and random string generation
  • Time-based Tokens - Generate and validate expiring tokens
  • Password Validation - Secure password hashing and validation with IPasswordValidationProvider

Quick Start

1. Register Services (Dependency Injection)

using DotNetBrightener.CryptoEngine;
using DotNetBrightener.CryptoEngine.Loaders;
using DotNetBrightener.CryptoEngine.Options;

// Configure crypto engine
builder.Services.Configure<CryptoEngineConfiguration>(options =>
{
    options.RsaKeyLoader = "FileLoader"; // or "EnvVarLoader"
    options.RsaEnvironmentVariableName = "RSAPrivateKey"; // for EnvVarLoader
});

// Register loaders
builder.Services.AddSingleton<FileRSAKeysLoader>();
builder.Services.AddSingleton<EnvironmentVarISAKeysLoader>();

// Register crypto services
builder.Services.AddSingleton<ICryptoEngine, DefaultCryptoEngine>();
builder.Services.AddSingleton<IPasswordValidationProvider, DefaultPasswordValidationProvider>();

2. Using ICryptoEngine

public class MyService
{
    private readonly ICryptoEngine _cryptoEngine;

    public MyService(ICryptoEngine cryptoEngine)
    {
        _cryptoEngine = cryptoEngine;
        _cryptoEngine.Initialize();
    }

    public void Example()
    {
        string plainText = "Sensitive data";

        // Encrypt with system key
        string encrypted = _cryptoEngine.EncryptText(plainText);

        // Decrypt with system key
        string decrypted = _cryptoEngine.DecryptText(encrypted);

        // Sign data
        string signature = _cryptoEngine.SignData(plainText);

        // Verify signature
        bool isValid = _cryptoEngine.VerifyData(plainText, signature);

        // Get public key for sharing
        string publicKey = _cryptoEngine.GetPublicKey();
    }
}

RSA Encryption (RsaCryptoEngine)

Static class providing RSA encryption operations.

Generate Key Pair

using DotNetBrightener.CryptoEngine;

// Generate new RSA key pair (2048-bit)
var (publicKey, privateKey) = RsaCryptoEngine.GenerateKeyPair();

// Generate without PEM headers (inline string)
var (publicKeyInline, privateKeyInline) = RsaCryptoEngine.GenerateKeyPair(inlineString: true);

Encrypt/Decrypt Strings

string plainText = "Hello, World!";
string publicKey = "..."; // PEM or XML format

// Encrypt with public key
string encrypted = RsaCryptoEngine.EncryptString(plainText, publicKey);

// Decrypt with private key
string privateKey = "...";
string decrypted = RsaCryptoEngine.DecryptString(encrypted, privateKey);

Encrypt/Decrypt Files

// Encrypt file
RsaCryptoEngine.EncryptFile(@"C:\plain.txt", publicKey, @"C:\encrypted.txt");

// Decrypt file
RsaCryptoEngine.DecryptFile(@"C:\encrypted.txt", privateKey, @"C:\decrypted.txt");

Sign and Verify Data

string message = "Data to sign";

// Sign with private key
string signature = RsaCryptoEngine.SignData(message, privateKey);

// Verify with public key
bool isValid = RsaCryptoEngine.VerifyData(message, signature, publicKey);

Validate Key Pair

bool isValid = RsaCryptoEngine.ValidateKeyPair(publicKey, privateKey);

Key Import/Export

// Import from PEM format
var csp = RsaCryptoEngine.ImportPemPublicKey(publicKeyPem);
var csp = RsaCryptoEngine.ImportPemPrivateKey(privateKeyPem);

// Import from XML format
var csp = RsaCryptoEngine.ImportFromXml(xmlContent);

// Export to PEM format
string publicKeyPem = csp.ExportPublicKeyToPem();
string privateKeyPem = csp.ExportPrivateKeyToPem();

// Export as inline string (no PEM headers)
string publicKeyInline = csp.ExportPublicKeyToPem(inlineString: true);

AES Encryption (AesCryptoEngine)

Recommended symmetric encryption using AES algorithm. Supports key sizes of 128, 192, or 256 bits.

Basic Usage

using DotNetBrightener.CryptoEngine;

string plainText = "Secret message";
string key = "MyEncryptionKey123"; // Max 32 characters

// Encrypt
string encrypted = AesCryptoEngine.Encrypt(plainText, key);

// Decrypt
string decrypted = AesCryptoEngine.Decrypt(encrypted, key);

// Safe decrypt (returns false on failure)
if (AesCryptoEngine.TryDecrypt(encrypted, out string result, key))
{
    Console.WriteLine($"Decrypted: {result}");
}

Key Size Behavior

The encryption key length determines the AES key size:

Key Length AES Key Size
⇐ 16 chars 128-bit
17-24 chars 192-bit
25-32 chars 256-bit

Note: Maximum key length is 32 characters.

TripleDES Encryption (TripleDesCryptoEngine)

Warning: TripleDES is deprecated. Use AesCryptoEngine for new implementations.

using DotNetBrightener.CryptoEngine;

string plainText = "Secret message";
string key = "EncryptionKey";

// Encrypt
string encrypted = TripleDesCryptoEngine.Encrypt(plainText, key);

// Decrypt
string decrypted = TripleDesCryptoEngine.Decrypt(encrypted, key);

// Safe decrypt
bool success = TripleDesCryptoEngine.TryDecrypt(encrypted, out string result, key);

Password Utilities

Generate Password Salt

using DotNetBrightener.CryptoEngine;

// Generate with random size
string salt = PasswordUtilities.CreatePasswordSalt();

// Generate with specific size
string salt = PasswordUtilities.CreatePasswordSalt(saltSize: 32);

Generate Random Strings

// Alphanumeric string
string random = PasswordUtilities.GenerateRandomString(length: 16);

// Include symbols
string withSymbols = PasswordUtilities.GenerateRandomString(length: 16, includeSymbols: true);

// Numeric only
string numeric = PasswordUtilities.GenerateRandomNumericString(length: 6); // OTP codes

JavaScript Base64 Compatibility

// Equivalent to JavaScript btoa()
string encoded = PasswordUtilities.JsBtoAString("input string");

// Equivalent to JavaScript atob()
string decoded = PasswordUtilities.JsAtoBString(encoded);

Crypto Utilities

Random Token Generation

using DotNetBrightener.CryptoEngine;

// Generate random token
string token = CryptoUtilities.CreateRandomToken(64);

// Let system choose random size
string token = CryptoUtilities.CreateRandomToken(0);

Time-based Tokens

string originalToken = null;

// Generate token that expires in 5 minutes (default)
string timeToken = CryptoUtilities.GenerateTimeBasedToken(ref originalToken);

// Generate token with custom expiration
string timeToken = CryptoUtilities.GenerateTimeBasedToken(ref originalToken, TimeSpan.FromHours(1));

// Validate token
if (CryptoUtilities.ValidateTimeBasedToken(timeToken, out string tokenData))
{
    Console.WriteLine($"Valid! Token data: {tokenData}");
}
else
{
    Console.WriteLine("Token expired or invalid");
}

Password Validation Provider

Interface

public interface IPasswordValidationProvider
{
    /// <summary>
    /// Generates an encrypted password and its associated key
    /// </summary>
    Tuple<string, string> GenerateEncryptedPassword(string plainTextPassword);

    /// <summary>
    /// Validates the plain text password
    /// </summary>
    bool ValidatePassword(string plainTextPassword, string passwordEncryptionKey, string hashedPassword);
}

Usage

public class UserService
{
    private readonly IPasswordValidationProvider _passwordProvider;

    public UserService(IPasswordValidationProvider passwordProvider)
    {
        _passwordProvider = passwordProvider;
    }

    public void RegisterUser(string email, string password)
    {
        var (encryptedKey, hashedPassword) = _passwordProvider.GenerateEncryptedPassword(password);

        // Store encryptedKey and hashedPassword in database
        // encryptedKey = password salt (encrypted with RSA)
        // hashedPassword = AES encrypted password with the salt
    }

    public bool VerifyPassword(string email, string inputPassword, string storedKey, string storedHash)
    {
        return _passwordProvider.ValidatePassword(inputPassword, storedKey, storedHash);
    }
}

RSA Key Loaders

FileRSAKeysLoader

Loads or generates RSA keys from files in enc_keys/ folder.

builder.Services.AddSingleton<FileRSAKeysLoader>(sp =>
    new FileRSAKeysLoader("/path/to/app/root"));

Keys are stored as:

  • enc_keys/public.key - Public key (PEM format)
  • enc_keys/private.key - Private key (PEM format)

EnvironmentVarISAKeysLoader

Loads RSA keys from environment variables.

builder.Services.Configure<CryptoEngineConfiguration>(options =>
{
    options.RsaKeyLoader = "EnvVarLoader";
    options.RsaEnvironmentVariableName = "MY_RSA_PRIVATE_KEY";
});

Set the environment variable:

# Linux/macOS
export MY_RSA_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----..."

# Windows PowerShell
$env:MY_RSA_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----..."

# Azure App Service
# Add Application Setting: MY_RSA_PRIVATE_KEY

Configuration

public class CryptoEngineConfiguration
{
    /// <summary>
    /// Name of the RSA key loader to use: "FileLoader" or "EnvVarLoader"
    /// </summary>
    public string RsaKeyLoader { get; set; }

    /// <summary>
    /// Environment variable name for RSA private key (default: "RSAPrivateKey")
    /// </summary>
    public string RsaEnvironmentVariableName { get; set; } = "RSAPrivateKey";
}

appsettings.json

{
  "CryptoEngineConfiguration": {
    "RsaKeyLoader": "EnvVarLoader",
    "RsaEnvironmentVariableName": "RSA_PRIVATE_KEY"
  }
}

Dependencies

  • Microsoft.Extensions.Configuration
  • Microsoft.Extensions.Logging.Abstractions
  • Microsoft.Extensions.Options
  • Portable.BouncyCastle - For PEM key handling
  • System.Security.Cryptography.Xml

Security Considerations

  1. Key Storage: Store private keys securely. Use environment variables or secure key vaults in production.

  2. AES Key Length: Use 32-character keys for AES-256 encryption.

  3. Deprecated Algorithms: Avoid TripleDesCryptoEngine and SymmetricCryptoEngine for new implementations.

  4. Password Storage: Always use IPasswordValidationProvider for password hashing - it combines RSA and AES encryption.

  5. Key Rotation: Implement key rotation policies for long-running applications.

API Reference

Class Description
ICryptoEngine Main interface for encryption operations
DefaultCryptoEngine Default implementation using RSA encryption
RsaCryptoEngine Static RSA encryption utilities
AesCryptoEngine Static AES encryption utilities
TripleDesCryptoEngine Static TripleDES encryption (deprecated)
CryptoUtilities Token generation utilities
PasswordUtilities Password-related utilities
IPasswordValidationProvider Password hashing interface
IRSAKeysLoader RSA key loading interface
FileRSAKeysLoader File-based key loader
EnvironmentVarISAKeysLoader Environment variable key loader
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (5)

Showing the top 5 NuGet packages that depend on DotNetBrightener.CryptoEngine:

Package Downloads
DotNetBrightener.Infrastructure.Security

A library that provides the abilities to authorize the users with given permissions
DotNetBrightener.CryptoEngine.DependencyInjection

A library that helps configuring DotNetBrightener.CryptoEngine in ASP.Net Core applications with minimal efforts
DotNetBrightener.Infrastructure.JwtAuthentication

Package Description
DotNetBrightener.Infrastructure.ApiKeyAuthentication

Package Description
DotNetBrightener.WebApp.CommonShared

Package Description

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2026.0.3-preview-772 33 4/3/2026
2026.0.3-preview-770 42 4/2/2026
2026.0.3-preview-769 36 4/2/2026
2026.0.2 57 4/2/2026
2026.0.2-preview-v2026-0-1-755 150 3/27/2026
2026.0.2-preview-759 79 4/1/2026
2026.0.2-preview-758 136 3/29/2026
2026.0.2-preview-757 140 3/29/2026
2026.0.2-preview-756 133 3/27/2026
2026.0.2-preview-754 124 3/27/2026
2026.0.1 163 3/27/2026
2026.0.1-preview-752 126 3/26/2026
2026.0.1-preview-750 135 3/26/2026
2026.0.1-preview-749 134 3/25/2026
2026.0.1-preview-748 130 3/23/2026
2026.0.1-preview-746 104 3/22/2026
2026.0.1-preview-745 113 3/22/2026
2025.0.11-preview-771 46 4/2/2026
2025.0.11-preview-768 48 4/2/2026
2025.0.11-preview-762 54 4/2/2026
Loading failed