NetCid 1.6.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package NetCid --version 1.6.0
                    


                    

                
NuGet\Install-Package NetCid -Version 1.6.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="NetCid" Version="1.6.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="NetCid" Version="1.6.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="NetCid" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add NetCid --version 1.6.0
                    


                    

                
#r "nuget: NetCid, 1.6.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package NetCid@1.6.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=NetCid&version=1.6.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=NetCid&version=1.6.0
                    


                            Install as a Cake Tool

NetCid

NetCid is a C# (net10.0) implementation of the various specifications.

Features

  • CIDv0 and CIDv1 parsing, encoding, and round-tripping
  • CID conversion (ToV0, ToV1)
  • Binary CID decode/encode
  • Unsigned varint codec (multiformats-compatible, max 9-byte encoding)
  • Multihash model + SHA-256 / SHA-512 hash helpers
  • Multihash.Encode / Decode for spec-compliant multihash wire format (varint(code) || varint(digestLength) || digest)
  • Multibase support for:
    • base58btc (z)
    • base32 lower/upper (b / B)
    • base36 lower/upper (k / K)
    • base64url (u)
  • Multicodec constants for common CID codecs (raw, dag-pb, dag-cbor, etc.)
  • Multicodec key-type constants (ed25519-pub, p256-pub, secp256k1-pub, etc.)
  • Multicodec prefix/decode API for varint-tagged byte buffers
  • Multikey — encode/decode W3C Controlled Identifiers publicKeyMultibase (base58btc(varint(keyCodec) ‖ rawKey)) with per-codec key-length validation; one call replaces the manual Multicodec.Prefix + Multibase.Encode dance for did:key construction
  • JcsCanonicalizer — RFC 8785 JSON Canonicalization Scheme for stable content-addressing of JSON values, and Cid.FromCanonicalJson convenience

For the full list of specifications this library implements, the version/reference each targets, the governing body, and that specification's standardization status, see SPECIFICATIONS.md.

Install

dotnet add package NetCid

Quick Start

using NetCid;
using System.Text;

// Parse existing CIDs
var v0 = Cid.Parse("QmdfTbBqBPQ7VNxZEYEj14VmRuZBkqFbiwReogJgS1zR1n");
var v1 = Cid.Parse("bafkreidon73zkcrwdb5iafqtijxildoonbwnpv7dyd6ef3qdgads2jc4su");

// Convert versions
var v0AsV1 = v0.ToV1();
var v1AsV0 = v0AsV1.ToV0();

// Build from content bytes
var content = Encoding.UTF8.GetBytes("hello world");
var cid = Cid.FromContent(content, codec: Multicodec.Raw, hashCode: MultihashCode.Sha2_256);

// Serialize
string text = cid.ToString(); // CIDv1 defaults to base32 lower
byte[] bytes = cid.ToByteArray();

// Content-address a JSON value with stable bytes (JCS / RFC 8785)
var entry = new System.Text.Json.Nodes.JsonObject
{
    ["seq"] = 1,
    ["op"]  = "wallet.mint_identity",
};
var jsonCid = Cid.FromCanonicalJson(entry);

Specification Notes

Implementation follows the CID spec behavior, including:

  • CIDv0 is always dag-pb + sha2-256(32)
  • CIDv1 binary layout: <cidv1-varint><codec-varint><multihash>
  • CIDv0 string form has no multibase prefix
  • CID versions 2 and 3 are treated as reserved/invalid

Input Limits

Parsing APIs enforce default size limits to reduce memory-pressure risk from untrusted input:

  • Cid.DefaultMaxInputStringLength
  • Cid.DefaultMaxInputByteLength
  • Multibase.DefaultMaxInputLength
  • JcsCanonicalizer.DefaultMaxOutputByteLength

Overloads on parse/decode methods let callers provide custom limits when needed.

JcsCanonicalizer additionally caps JSON nesting depth at 64 levels, throwing JcsFormatException on deeper input rather than overflowing the stack on hostile, deeply nested JSON, and caps the canonical output at DefaultMaxOutputByteLength (1 MiB) — raise it per call via the maxOutputBytes overloads. It also rejects JSON objects with duplicate member names (RFC 8785 builds on I-JSON / RFC 7493, which forbids them), throwing JcsFormatException rather than emitting ambiguous, non-canonical output. Strings and member names must be well-formed UTF-16: an unpaired surrogate throws JcsFormatException rather than being silently replaced with U+FFFD (which would let two distinct malformed inputs collapse to the same canonical bytes).

References:

Development

dotnet restore NetCid.sln
dotnet build NetCid.sln -c Release
dotnet test NetCid.Tests/NetCid.Tests.csproj -c Release
dotnet test NetCid.IntegrationTests/NetCid.IntegrationTests.csproj -c Release

Examples

Reference examples are available under examples/ and mirror the js-multiformats example set:

  • examples/cid-interface
  • examples/multicodec-interface
  • examples/multihash-interface
  • examples/block-interface
  • examples/multibase-interface
  • examples/did-key-interface
  • examples/jcs-interface

See examples/README.md for run commands.

Contributing

See contributors.md for contributor workflow, quality checklist, and PR expectations.

CI / Release

  • CI workflow: .github/workflows/ci.yml
  • Security workflows: .github/workflows/security.yml, .github/workflows/codeql.yml
  • NuGet publish workflow: .github/workflows/release.yml

release.yml pushes packages when a tag like v1.2.3 is pushed (or manual dispatch) and requires NUGET_API_KEY repository secret.

Security

  • Responsible disclosure: see SECURITY.md
  • Security review and findings: see SECURITY_AUDIT.md
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (5)

Showing the top 5 NuGet packages that depend on NetCid:

Package Downloads
NetDid.Core

Core abstractions, DID document model, and DID-method logic for the NetDid multi-method DID library. Cryptographic primitives are provided by NetCrypto.
NetDid.Method.Peer

did:peer method implementation for the NetDid multi-method DID library.
NetCrypto

Unified cryptographic primitives for the NetCid/NetDid library stack: EdDSA, ECDSA (NIST + secp256k1, incl. recoverable), BLS12-381, BBS selective-disclosure signatures, X25519/ECDH, KDFs, AEADs, hashing (incl. Keccak-256), key model, signing and key-store abstractions, and JWK conversion.
DataProofsDotnet.Core

Embedded-proof core for W3C VC Data Integrity 1.0: proof model, add/verify proof pipeline, cryptosuite registry, JCS cryptosuites (eddsa-jcs-2022, ecdsa-jcs-2019), and the verification-method resolver abstraction. All cryptography via NetCrypto; multiformats and JCS via NetCid.
DataProofsDotnet.Legacy

Legacy Linked-Data-Signature cryptosuites for W3C Data Integrity: Ed25519Signature2020 and EcdsaSecp256r1Signature2019, JCS (default) and RDFC-1.0 variants, byte-compatible with zcap-dotnet's 2020-era JCS-nested wire convention. All cryptography via NetCrypto; multiformats/JCS via NetCid; RDFC via DataProofsDotnet.Rdfc.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.6.0 1,080 6/10/2026
1.5.0 596 5/22/2026
1.4.0 113 5/22/2026
1.3.0 731 3/15/2026
1.2.1 181 3/8/2026
1.2.0 105 3/8/2026
1.1.0 689 2/20/2026
1.0.0 115 2/20/2026