Secure by default encryption for .NET
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


An opinionated, secure-by-default, does-the-right-thing modern cryptography library.


Experimental. As this library is still in development, it shouldn't be used for production systems. A design and implementation audit is being planned.


Symmetric Encryption -

AES-GCM, 256-bit key, 96-bit nonce, 128-bit tag. Performed via CLR Security, as .NET doesn't currently have a native wrapper for this functionality. Data will be returned in the following format:

version[1] || nonce[12] || tag[16] || data[length - 29]

Asymmetric Encryption - SmartEncryption.Asymmetric.Encrypt()

Curve25519/XSalsa20/Poly1305 based public-key encryption. Random keys can be generated via the SmartEncryption.Asymmetric.GenerateKeyPair() method.

Output format:

version[1] || nonce[24] || data[length - 25]

Fast Hashing - SmartEncryption.Hashing.FastHash()

High-speed hashing via BLAKE2b.

Password Hashing SmartEncryption.Hashing.PasswordHash()

Safe password hashing using scrypt. Hashes are returned as a string that can be safely stored in a database, and can be verified via the SmartEncryption.Hashing.ValidatePasswordHash() function.

Key Derivation - SmartEncryption.KeyDerivation.DeriveKey()

In addition to password hashing, scrypt is exposed for use as a secure key derivation function.


This library depends on:


This project is licensed under the MIT license, see the LICENSE file for more details.