OpenSLLWrapper 1.0.2
dotnet add package OpenSLLWrapper --version 1.0.2
NuGet\Install-Package OpenSLLWrapper -Version 1.0.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="OpenSLLWrapper" Version="1.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="OpenSLLWrapper" Version="1.0.2" />
<PackageReference Include="OpenSLLWrapper" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add OpenSLLWrapper --version 1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: OpenSLLWrapper, 1.0.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package OpenSLLWrapper@1.0.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=OpenSLLWrapper&version=1.0.2
#tool nuget:?package=OpenSLLWrapper&version=1.0.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
OpenSLLWrapper
Version: 1.0.2
Release: v1.0.2
This release includes a small version bump and packaging metadata updates (nuspec, README and icon included in package).
Managed .NET wrapper for RSA key operations, PEM conversions and signing/verification using BouncyCastle.
Features
- Generate RSA private keys (PKCS#1 PEM) and export as bytes/streams/files.
- Create Certificate Signing Requests (CSR) from private key PEMs.
- Sign raw data and base64-encoded challenges using SHA256withRSA (PKCS#1 v1.5) and optional RSASSA-PSS (SHA-256).
- Verify signatures (file/stream/byte[] overloads) for both PKCS#1-v1_5 and PSS.
- Convert between PKCS#1 and PKCS#8 PEM formats (file/stream/byte[]).
- Export public key PEM derived from a private key PEM.
- Export/import encrypted PKCS#8 (password-protected) PEM.
- All operations provide stream and byte[] overloads to avoid filesystem I/O.
- Async Task wrappers for file-based operations.
Requirements
- .NET Framework 4.7.2
- BouncyCastle (package referenced in project: BouncyCastle.Cryptography 2.6.2)
- (Optional) OpenSSL on PATH for interoperability tests
Projects
OpenSLLWrapper- library with all helpers (uses BouncyCastle)OpenSLLWrapper.Tests- console test runner that exercises generation, CSR, signing, conversion and OpenSSL interoperability checks (if OpenSSL is available)
Quick start
- Restore NuGet packages (restore
packages.configinOpenSLLWrapper). - Build solution (Visual Studio or MSBuild).
- Use the
OpenSslFacadeclass as the public API entry point, for example:
// generate key
OpenSslFacade.GenerateRsaPrivateKey("private_key.pem", 2048);
// export public key
OpenSslFacade.ExportPublicKeyPemFromPrivateKey("private_key.pem", "public_key.pem");
// sign challenge (base64->signature-base64)
string challengeB64 = Convert.ToBase64String(Encoding.UTF8.GetBytes("hello"));
string sigB64 = OpenSslFacade.SignBase64Challenge(challengeB64, "private_key.pem");
// verify signature
bool ok = OpenSLLWrapper.VerifyBase64Signature(challengeB64, sigB64, "public_key.pem");
Running tests / examples
- The console test runner is
OpenSLLWrapper.Tests� build and run the executable. It will generate temporary files and run interoperability checks with OpenSSL if available.
OpenSSL interoperability
- The library defaults to PKCS#1 v1.5 signatures (
SHA256withRSA) to match OpenSSLdgst -sha256 -signanddgst -sha256 -verifybehavior. - Use
usePss=trueon signing/verification methods to enable RSASSA-PSS (both sides must agree on PSS params).
Security notes
- Keep private keys and passwords secure. The library writes PEM files as ASCII and does not manage OS-level protection.
- Encrypted PKCS#8 uses PBE-SHA1-3DES for compatibility; change to PBES2/AES if stronger protection is required.
Contributing
- Build/test with Visual Studio 2019/2022 targeting .NET Framework 4.7.2.
- Add unit tests under a test framework (xUnit/NUnit/MSTest) for CI integration.
License
- Check repository root for license information.
Secure PEM storage examples
- Save a PEM file and restrict filesystem ACLs (Windows):
// Generate private key bytes
var pkPem = OpenSLLWrapper.GenerateRsaPrivateKeyBytes(2048);
// Save to file and restrict ACLs so only current user can access
OpenSLLWrapper.SavePemFileSecure("C:\\keys\\private_key.pem", pkPem);
- Password-protect PEM file (portable):
var pkPem = OpenSLLWrapper.GenerateRsaPrivateKeyBytes(2048);
string password = "s3cureP@ssw0rd";
OpenSLLWrapper.SavePemFileEncrypted("C:\\keys\\private_key.enc", pkPem, password);
// Later: read and decrypt
byte[] decrypted = OpenSLLWrapper.LoadPemFileEncrypted("C:\\keys\\private_key.enc", password);
// Use the decrypted bytes (PEM) with existing helpers
var pubPem = OpenSLLWrapper.ExportPublicKeyPemFromPrivateKeyBytes(decrypted);
Notes
SavePemFileSecureattempts to restrict filesystem ACLs on Windows only; on non-Windows platforms it will write the file without ACL modifications.SavePemFileEncrypteduses a password-based scheme (PBKDF2 with HMAC-SHA256, AES-256-CBC and HMAC-SHA256 for integrity). Keep your password secure and consider using a stronger iteration count for high-security scenarios.
There are no supported framework assets in this package.
Learn more about Target Frameworks and .NET Standard.
This package has no dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.