|
2 | 2 | title: What's new in .NET libraries for .NET 10
|
3 | 3 | description: Learn about the updates to the .NET libraries for .NET 10.
|
4 | 4 | titleSuffix: ""
|
5 |
| -ms.date: 05/15/2025 |
| 5 | +ms.date: 06/09/2025 |
6 | 6 | ms.topic: whats-new
|
7 | 7 | ai-usage: ai-assisted
|
8 | 8 | ---
|
9 | 9 |
|
10 | 10 | # What's new in .NET libraries for .NET 10
|
11 | 11 |
|
12 |
| -This article describes new features in the .NET libraries for .NET 10. It's updated for Preview 4. |
| 12 | +This article describes new features in the .NET libraries for .NET 10. It's updated for Preview 5. |
13 | 13 |
|
14 | 14 | ## Cryptography
|
15 | 15 |
|
16 | 16 | - [Find certificates by thumbprints other than SHA-1](#find-certificates-by-thumbprints-other-than-sha-1)
|
17 | 17 | - [Find PEM-encoded data in ASCII/UTF-8](#find-pem-encoded-data-in-asciiutf-8)
|
18 | 18 | - [Encryption algorithm for PKCS#12/PFX export](#encryption-algorithm-for-pkcs12pfx-export)
|
| 19 | +- [Post-quantum cryptography (PQC)](#post-quantum-cryptography-pqc) |
19 | 20 |
|
20 | 21 | ### Find certificates by thumbprints other than SHA-1
|
21 | 22 |
|
@@ -56,11 +57,50 @@ The new <xref:System.Security.Cryptography.X509Certificates.X509Certificate.Expo
|
56 | 57 |
|
57 | 58 | If you want even more control, you can use [the overload](xref:System.Security.Cryptography.X509Certificates.X509Certificate.ExportPkcs12(System.Security.Cryptography.PbeParameters,System.String)) that accepts a <xref:System.Security.Cryptography.PbeParameters>.
|
58 | 59 |
|
| 60 | +### Post-quantum cryptography (PQC) |
| 61 | + |
| 62 | +.NET 10 includes support for three new asymmetric algorithms: ML-KEM (FIPS 202), ML-DSA (FIPS 203), and SLH-DSA (FIPS 204). The new types are: |
| 63 | + |
| 64 | +- `System.Security.Cryptography.MLKem` <!--xref:System.Security.Cryptography.MLKem--> |
| 65 | +- `System.Security.Cryptography.MLDsa` <!--xref:System.Security.Cryptography.MLDsa--> |
| 66 | +- `System.Security.Cryptography.SlhDsa` <!--xref:System.Security.Cryptography.SlhDsa--> |
| 67 | + |
| 68 | +Because it adds little benefit, these new types don't derive from <xref:System.Security.Cryptography.AsymmetricAlgorithm>. Rather than the `AsymmetricAlgorithm` approach of creating an object and then importing a key into it, or generating a fresh key, the new types all use static methods to generate or import a key: |
| 69 | + |
| 70 | +```csharp |
| 71 | +using System; |
| 72 | +using System.IO; |
| 73 | +using System.Security.Cryptography; |
| 74 | + |
| 75 | +private static bool ValidateMLDsaSignature(ReadOnlySpan<byte> data, ReadOnlySpan<byte> signature, string publicKeyPath) |
| 76 | +{ |
| 77 | + string publicKeyPem = File.ReadAllText(publicKeyPath); |
| 78 | + |
| 79 | + using (MLDsa key = MLDsa.ImportFromPem(publicKeyPem)) |
| 80 | + { |
| 81 | + return key.VerifyData(data, signature); |
| 82 | + } |
| 83 | +} |
| 84 | +``` |
| 85 | + |
| 86 | +And rather than setting object properties and having a key materialize, key generation on these new types takes in all of the options it needs. |
| 87 | + |
| 88 | +```csharp |
| 89 | +using (MLKem key = MLKem.GenerateKey(MLKemAlgorithm.MLKem768)) |
| 90 | +{ |
| 91 | + string publicKeyPem = key.ExportSubjectPublicKeyInfoPem(); |
| 92 | + ... |
| 93 | +} |
| 94 | +``` |
| 95 | + |
| 96 | +These algorithms all continue with the pattern of having a static `IsSupported` property to indicate if the algorithm is supported on the current system. |
| 97 | + |
| 98 | +Currently, the PQC algorithms are only available on systems where the system cryptographic libraries are OpenSSL 3.5 (or newer). Windows CNG support will be added soon. Also, the new classes are all marked as [`[Experimental]`](../../../fundamentals/syslib-diagnostics/experimental-overview.md) under diagnostic `SYSLIB5006` until development is complete. |
| 99 | + |
59 | 100 | ## Globalization and date/time
|
60 | 101 |
|
61 | 102 | - [New method overloads in ISOWeek for DateOnly type](#new-method-overloads-in-isoweek-for-dateonly-type)
|
62 | 103 | - [Numeric ordering for string comparison](#numeric-ordering-for-string-comparison)
|
63 |
| - |
64 | 104 | - [New `TimeSpan.FromMilliseconds` overload with single parameter](#new-timespanfrommilliseconds-overload-with-single-parameter)
|
65 | 105 |
|
66 | 106 | ### New method overloads in ISOWeek for DateOnly type
|
|
0 commit comments