Secure by default encryption for .NET
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
SmartEncryption.Tests
SmartEncryption
.editorconfig
.gitattributes
.gitignore
LICENSE
README.md
SmartEncryption.sln

README.md

SmartEncryption

An opinionated, secure-by-default, does-the-right-thing modern cryptography library.

Status

Experimental. As this library is still in development, it shouldn't be used for production systems. A design and implementation audit is being planned.

Design

Symmetric Encryption -

AES-GCM, 256-bit key, 96-bit nonce, 128-bit tag. Performed via CLR Security, as .NET doesn't currently have a native wrapper for this functionality. Data will be returned in the following format:

version[1] || nonce[12] || tag[16] || data[length - 29]

Asymmetric Encryption - SmartEncryption.Asymmetric.Encrypt()

Curve25519/XSalsa20/Poly1305 based public-key encryption. Random keys can be generated via the SmartEncryption.Asymmetric.GenerateKeyPair() method.

Output format:

version[1] || nonce[24] || data[length - 25]

Fast Hashing - SmartEncryption.Hashing.FastHash()

High-speed hashing via BLAKE2b.

Password Hashing SmartEncryption.Hashing.PasswordHash()

Safe password hashing using scrypt. Hashes are returned as a string that can be safely stored in a database, and can be verified via the SmartEncryption.Hashing.ValidatePasswordHash() function.

Key Derivation - SmartEncryption.KeyDerivation.DeriveKey()

In addition to password hashing, scrypt is exposed for use as a secure key derivation function.

Libraries

This library depends on:

License

This project is licensed under the MIT license, see the LICENSE file for more details.