PostQuantum.FileEncryption.Hybrid 1.0.0-rc.1

This is a prerelease version of PostQuantum.FileEncryption.Hybrid.

There is a newer version of this package available.
See the version list below for details.

Requires NuGet 6.0.0 or higher.

dotnet add package PostQuantum.FileEncryption.Hybrid --version 1.0.0-rc.1

NuGet\Install-Package PostQuantum.FileEncryption.Hybrid -Version 1.0.0-rc.1

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="PostQuantum.FileEncryption.Hybrid" Version="1.0.0-rc.1" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="PostQuantum.FileEncryption.Hybrid" Version="1.0.0-rc.1" />
                    

                            Directory.Packages.props

<PackageReference Include="PostQuantum.FileEncryption.Hybrid" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add PostQuantum.FileEncryption.Hybrid --version 1.0.0-rc.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: PostQuantum.FileEncryption.Hybrid, 1.0.0-rc.1"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package PostQuantum.FileEncryption.Hybrid@1.0.0-rc.1

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=PostQuantum.FileEncryption.Hybrid&version=1.0.0-rc.1&prerelease
                    

                            Install as a Cake Addin

#tool nuget:?package=PostQuantum.FileEncryption.Hybrid&version=1.0.0-rc.1&prerelease
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

PostQuantum.FileEncryption.Hybrid

Post-quantum hybrid public-key encryption for PostQuantum.FileEncryption: encrypt files to a recipient's public key so that only their private key can open them — protected by X25519 + ML-KEM-768 together, so your data stays safe even if either primitive is later broken.

Fully managed (BouncyCastle) — no native ML-KEM / OpenSSL 3.5 requirement, so it runs anywhere .NET 10 runs. Produces standard .pqfe containers.

dotnet add package PostQuantum.FileEncryption.Hybrid --version 0.1.0

Usage

using PostQuantum.FileEncryption.Hybrid;

// Recipient: generate once, publish the public key, keep the private key safe.
using var keyPair = PqHybridKeyPair.Generate();
byte[] publish = keyPair.PublicKey.Export();

// Sender: encrypt to the public key.
var recipient = PqHybridPublicKey.Import(publish);
byte[] container = await new PqHybridEncryptor().EncryptBytesAsync(secretBytes, recipient);

// Recipient: decrypt with the private key.
byte[] plaintext = await new PqHybridDecryptor().DecryptBytesAsync(container, keyPair.PrivateKey);

Multiple recipients

var recipients = new[] { alice, bob, carol }; // PqHybridPublicKey[]
await new PqHybridEncryptor().EncryptFileToAsync("report.pdf", "report.pqfe", recipients);
// Any one of alice/bob/carol can decrypt with their own private key.

File and stream APIs (EncryptFileAsync, EncryptAsync, DecryptFileAsync, DecryptAsync) are also available, with atomic file output and progress reporting.

How it works

X25519 ECDH and ML-KEM-768 encapsulation each produce a shared secret; HKDF-SHA256 combines them (ss_pq ‖ ss_classical) into a key-wrapping key that AES-256-GCM uses to wrap a random content key. See the format spec (KeySource = 3 and 4) and docs/ROADMAP-v3.md.

To God be the glory — 1 Corinthians 10:31.

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- BouncyCastle.Cryptography (>= 2.5.1)
- PostQuantum.FileEncryption (>= 1.0.0-rc.1)

NuGet packages (1)

Showing the top 1 NuGet packages that depend on PostQuantum.FileEncryption.Hybrid:

Package	Downloads
PostQuantum.FileEncryption.Extensions.DependencyInjection Microsoft.Extensions.DependencyInjection integration for PostQuantum.FileEncryption, for .NET 8 and .NET 10. Adds AddPqFileEncryption(), AddPqHybridFileEncryption(), and AddPqSigning() extension methods that register PqFileEncryptor/PqFileDecryptor, PqHybridEncryptor/PqHybridDecryptor, and PqSigner/PqVerifier as singletons, with optional PqEncryptionOptions. Brings the core library (constant-memory streaming AES-256-GCM over the FROZEN .pqfe v2 container, PBKDF2-HMAC-SHA256 or Argon2id), the production X25519 + ML-KEM-768 hybrid package, and detached Ed25519 + ML-DSA-65 signatures into any host using the standard .NET service container — ASP.NET Core, Worker Services, console hosts. Public API surface locked by Microsoft.CodeAnalysis.PublicApiAnalyzers; CycloneDX SBOM and SLSA-style build-provenance attestation on every release.	5.8K

Package

Downloads

PostQuantum.FileEncryption.Extensions.DependencyInjection

Microsoft.Extensions.DependencyInjection integration for PostQuantum.FileEncryption, for .NET 8 and .NET 10. Adds AddPqFileEncryption(), AddPqHybridFileEncryption(), and AddPqSigning() extension methods that register PqFileEncryptor/PqFileDecryptor, PqHybridEncryptor/PqHybridDecryptor, and PqSigner/PqVerifier as singletons, with optional PqEncryptionOptions. Brings the core library (constant-memory streaming AES-256-GCM over the FROZEN .pqfe v2 container, PBKDF2-HMAC-SHA256 or Argon2id), the production X25519 + ML-KEM-768 hybrid package, and detached Ed25519 + ML-DSA-65 signatures into any host using the standard .NET service container — ASP.NET Core, Worker Services, console hosts. Public API surface locked by Microsoft.CodeAnalysis.PublicApiAnalyzers; CycloneDX SBOM and SLSA-style build-provenance attestation on every release.

5.8K

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.4.1	537	6/13/2026
1.4.0	502	6/13/2026
1.3.0	612	6/13/2026
1.2.1	538	6/12/2026
1.2.0	539	6/12/2026
1.1.0	573	6/10/2026
1.0.1	686	6/6/2026
1.0.0	818	6/6/2026
1.0.0-rc.3	65	6/4/2026
1.0.0-rc.2	60	6/2/2026
1.0.0-rc.1	67	5/31/2026
0.2.0	756	5/31/2026

1.0.0-rc.1 — release candidate, tracking PostQuantum.FileEncryption 1.0.0-rc.1. The .pqfe container format (v2) is FROZEN for 1.x. PublicAPI analyzer + locked baseline, package icon, EnablePackageValidation against 0.2.0.