GJJ.Keystone.Toolkit 4.2.2

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package GJJ.Keystone.Toolkit --version 4.2.2
                    


                    

                
NuGet\Install-Package GJJ.Keystone.Toolkit -Version 4.2.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="GJJ.Keystone.Toolkit" Version="4.2.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="GJJ.Keystone.Toolkit" Version="4.2.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="GJJ.Keystone.Toolkit" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add GJJ.Keystone.Toolkit --version 4.2.2
                    


                    

                
#r "nuget: GJJ.Keystone.Toolkit, 4.2.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package GJJ.Keystone.Toolkit@4.2.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=GJJ.Keystone.Toolkit&version=4.2.2
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=GJJ.Keystone.Toolkit&version=4.2.2
                    


                            Install as a Cake Tool

GJJ.Keystone.Toolkit

GJJ Keystone 体系的运行时通用工具库:国密加密、JWT 颁发与验证、AES 传输加密、Excel 导入导出、跨平台验证码、网络辅助等。不依赖 ASP.NET Core,可在 Worker / Console / Desktop 等任意宿主复用。

为什么独立成包

  • GJJ.Keystone.Abstractions 只放契约,不能携带 BouncyCastle、NPOI 这类运行时依赖。
  • GJJ.Keystone.AspNetCore 强依赖 HTTP 管道,但加解密 / Token 颁发 / Excel 处理本身与 Web 无关。
  • 把这些工具沉淀到独立包,让定时任务、消息消费者、命令行工具等非 Web 宿主也能直接复用,且不会被迫引入 Microsoft.AspNetCore.App

内容概览

国密 SM2/SM3/SM4(Security/SM/

类型 用途
GuomiCryptoHelper 静态工具类:SM3 摘要、SM4-CBC / SM4-GCM 加解密、SM2 加解密 / 签名验签、PEM 读写、Hex / Base64 / 随机字节
SmTransportCrypto v1-only 传输加解密器,仅支持 SM4-GCM;提供 (cipher, tag) 分离格式与 Base64URL 工具,配合 v1 信封使用
SMTransportOptions SM4 传输配置(Mode / KeyHex / Kid / KeyRing / GcmTagBits / AllowUnencryptedPaths),含启动期校验

AES 传输加密(Security/AES/

类型 用途
AesTransportCrypto AES-CBC + PKCS7 加解密器(Base64 字符串往返)
AesTransportOptions AES 传输配置(仅支持 CBC,Key 16/24/32 字节,IV 16 字节)

JWT(Security/Tokens/

类型 用途
JwtTokenService 颁发与验证 JWT(HS256),与 AspNetCore 的 AddJwtAuth 字段对齐:iss / aud / sub / name / role / iat / nbf / exp / jti
JwtIssuerOptions 颁发与验证的配置项(Issuer / Audience / SecurityKey / DefaultLifetime / ClockSkew 等)
IConfigJwtIssuerOptionsProvider / OptionsMonitorJwtIssuerOptionsProvider 按受众 / 系统标识从配置中获取颁发选项,支持运行时热更新
JwtAssertionBuilder 服务端断言 JWT 构建器(默认 RS256,兼容 HS256),用于业务服务向授权中心 /token 换取正式访问 JWT;自 4.2.2 起包含 macOS ARM64 BouncyCastle CRT 签名修复

Excel(Excel/

  • ExcelCore:基于 NPOI 的轻量封装(WorkBook / Sheet / Cell / RowCollection),支持 .xls.xlsx、样式、列宽、对齐、字体颜色等。
  • Excel.Attributes[Row] / [Column] 注解驱动的实体 ↔ 工作表映射。
  • NpoiExcelExportHelper:常用导出辅助(创建行 / 单元格 / 样式、设置下拉框等)。

验证码与网络(Utils/

  • CaptchaHelper:基于 ImageSharp 的跨平台图形验证码(Linux 含银河麒麟可用,不依赖 System.Drawing.Common)。
  • NetworkHelper:本机 IPv4 获取(跨 Windows / macOS / Linux),简单的带 Bearer Token 的 HTTP POST / GET 封装。

客户端 IP 解析(含 X-Forwarded-For 等代理头)请使用 GJJ.Keystone.AspNetCore.Utils.NetworkHelper.GetIP()

典型用法

颁发与验证 JWT

using GJJ.Keystone.Toolkit.Security.Tokens;

var jwtSecurityKey = configuration["Jwt:SecurityKey"]
    ?? throw new InvalidOperationException("配置缺失:Jwt:SecurityKey");

var opts = new JwtIssuerOptions
{
    Issuer = "https://auth.gjj.local",
    Audience = "gjj-mgmt-api",
    SecurityKey = jwtSecurityKey,
    DefaultLifetime = TimeSpan.FromHours(1)
};

var svc = new JwtTokenService(opts);
var result = svc.GenerateToken(
    subject: "u-001",
    name: "张三",
    roles: new[] { "admin" },
    extraClaims: new Dictionary<string, object> { ["env"] = "dev" });

Console.WriteLine($"token={result.AccessToken}, expiresAt={result.ExpiresAtUtc:O}");

if (svc.TryValidate(result.AccessToken, out var principal))
    Console.WriteLine($"sub={principal!.FindFirst("sub")?.Value}");

服务断言 JWT(RS256)

JwtAssertionBuilder 用于服务端向授权中心提交短期断言 JWT。接当前授权中心时不要设置 Kid(),因为授权中心侧公钥没有 KeyId,设置后会导致验签失败。

using GJJ.Keystone.Toolkit.Security.Tokens;

var assertion = JwtAssertionBuilder.New()
    .Issuer("GJJ.Member.Api")
    .Audience("gjj-auth-center")
    .Subject("u-001")
    .Name("张三")
    .AddRole("member")
    .ExpiresIn(TimeSpan.FromSeconds(60))
    .UseRsaPrivateKeyPem(privateKeyPem)
    .Build();

在 macOS ARM64 上,标准 RSA 签名路径可能触发 rsa_priv_crypt failed(ccerr=-27)JwtAssertionBuilder 在 Toolkit 4.2.2 起已内置 BouncyCastle CRT 签名分支,业务服务不要再复制本地版本。

SM4-GCM 加解密(v1 传输)

using GJJ.Keystone.Toolkit.Security.SM;
using Microsoft.Extensions.Options;

var opts = Options.Create(new SMTransportOptions
{
    Mode = "GCM",
    Kid = "sm4-2025",
    KeyHex = "00112233445566778899AABBCCDDEEFF",
    GcmTagBits = 128
});

var crypto = new SmTransportCrypto(opts);
var key = crypto.GetKeyBytesFromKid("sm4-2025");
var iv  = SmTransportCrypto.RandomBytes(12);
var aad = System.Text.Encoding.UTF8.GetBytes("POST\nsm4-2025\n1700000000\nnonce\n");

var (cipher, tag) = crypto.Sm4EncryptGcmSplit(plain: "hello"u8.ToArray(), key, iv, aad);
var plain = crypto.Sm4DecryptGcmSplit(cipher, tag, key, iv, aad);

NPOI Excel 导出

using GJJ.Keystone.Toolkit.Excel.ExcelCore;

using var book = new WorkBook(ExcelVersion.Xlsx);
var sheet = book.CreateSheet("用户");
sheet.AppendHeader<UserRow>(rowIndex: 0);
foreach (var u in users) sheet.AppendRow(u);
book.Save("users.xlsx");

设计约束

  • 零 ASP.NET 依赖:所有类型不引用 Microsoft.AspNetCore.*,便于在任何宿主中使用。
  • 启动期校验SmTransportCrypto / AesTransportOptions 在构造时校验 KeyHex / Mode / GcmTagBits 等,避免到运行期才暴露配置错误。
  • 跨平台:图像 / 验证码使用 ImageSharp(不依赖 System.Drawing.Common),在 Linux(含银河麒麟)下行为一致。

已知限制

  • 仅 .NET 8.0;不支持更低版本。
  • SmTransportCrypto 当前仅支持 SM4-GCM v1,CBC 模式仍保留启动期校验占位但已被 v1 协议放弃。
  • JwtTokenService 仅接受 HS256;服务端断言 JWT 的 RS256 场景请使用 JwtAssertionBuilder。若要扩展访问 JWT 到 RS256 / ES256,需要另行设计验签配置和密钥发布策略。
  • NetworkHelper.PostJson / GetJson 为简易封装,生产场景建议改用 IHttpClientFactory + Polly。
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on GJJ.Keystone.Toolkit:

Package Downloads
GJJ.Keystone.AspNetCore

GJJ 微服务 ASP.NET Core 扩展(Nacos/TongNCS/OTel/中间件/过滤器/JWT等)
GJJ.Keystone.AspNetCore.KvStore

GJJ Keystone KvStore:通用 KV / 计数器 / 配置加载抽象的 Redis 实现 + Resilient 降级 + Memory 兜底。兼容 TongRDS(Redis 协议)。替代原 Consul KV 与 .Redis 包的安全态 Store。

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
4.2.2 157 6/15/2026
4.2.0 165 6/5/2026
4.0.0 156 5/22/2026
3.0.10 206 5/13/2026
3.0.9 115 5/11/2026
3.0.8 119 5/11/2026
3.0.7 123 5/8/2026
3.0.6 110 5/6/2026
3.0.5 97 5/6/2026
3.0.4 142 5/6/2026
3.0.3 129 4/30/2026
3.0.2 119 4/30/2026
3.0.0 105 4/29/2026
2.0.3 115 4/13/2026
2.0.2 111 4/9/2026
2.0.1 110 4/8/2026
2.0.0 108 4/8/2026
1.2.1 117 3/31/2026
1.2.0 111 3/31/2026
1.1.9 110 3/18/2026
Loading failed