SpawnDev.BlazorJS.Cryptography 2.0.2

There is a newer version of this package available.
See the version list below for details.
dotnet add package SpawnDev.BlazorJS.Cryptography --version 2.0.2                
NuGet\Install-Package SpawnDev.BlazorJS.Cryptography -Version 2.0.2                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="SpawnDev.BlazorJS.Cryptography" Version="2.0.2" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add SpawnDev.BlazorJS.Cryptography --version 2.0.2                
#r "nuget: SpawnDev.BlazorJS.Cryptography, 2.0.2"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install SpawnDev.BlazorJS.Cryptography as a Cake Addin
#addin nuget:?package=SpawnDev.BlazorJS.Cryptography&version=2.0.2

// Install SpawnDev.BlazorJS.Cryptography as a Cake Tool
#tool nuget:?package=SpawnDev.BlazorJS.Cryptography&version=2.0.2                

SpawnDev.BlazorJS.Cryptography

NuGet

.Net cryptography library for Blazor, .Net Web APIs, and .Net apps. Supports browser and non-browser platforms.

The problem this library solves

Most of Microsoft's System.Security.Cryptography library is marked [UnsupportedOSPlatform("browser")]. To work around this limitation, the browser's built in SubtleCrypto API is used when running in the browser and Microsoft's System.Security.Cryptography libraries are used when running on non-browser platforms.

Features

  • AES-GCM - symmetric encryption and decryption
  • ECDH - shared secret generation (enables asymmetric encryption)
  • ECDSA - data signing and verification
  • SHA - data hashing

PortableCrypto Classes

The classes DotNetCrypto, BrowserCrypto, and BrowserWASMCrypto all inherit from PortableCrypto to provide a shared interface to common cryptography methods regardless of the platform the app is being executed on.

DotNetCrypto

  • Uses .Net System.Security.Cryptography on the executing platform
  • Browser platform not supported
  • Supports non-browser platforms (windows, linux, etc)
  • Targets Blazor server, .Net Web APIs, any non-browser platform .Net Apps

BrowserCrypto

  • Uses IJSRuntime to access the browser's SubtleCrypto API
  • Supports both server rendering and WebAssembly rendering modes
  • Targets the browser platform via Blazor server or Blazor WebAssembly

BrowserWASMCrypto

  • Uses IJInProcessSRuntime to access the browser's SubtleCrypto API
  • Supports only WebAssembly rendering
  • Targets the browser via Blazor WebAssembly

Getting started

Add the Nuget package

dotnet add package SpawnDev.BlazorJS.Cryptography
Web API Server Project

Web API Server Program.cs

// Crypto for the server. Uses System.Security.Cryptography.
builder.Services.AddSingleton<DotNetCrypto>();
Blazor Server Project

Blazor Server Program.cs

// Add BlazorJSRuntime service (pre-req)
builder.Services.AddBlazorJSRuntime();

// Crypto for the server. Uses System.Security.Cryptography.
builder.Services.AddSingleton<DotNetCrypto>();

// Crypto for the browser. Uses the browser's SubtleCrypto API via IJSRuntime.
// Used on server for server side rendering
builder.Services.AddScoped<BrowserCrypto>();
Blazor WebAssembly

WebAssembly Program.cs

// Add BlazorJSRuntime service (pre-req)
builder.Services.AddBlazorJSRuntime();

// Crypto for the browser. Uses the browser's SubtleCrypto API.
// Used in Blazor WebAssembly for WebAssembly rendering
builder.Services.AddScoped<BrowserCrypto>();

SHA Example

  • The below example, taken from the demo project, runs in Blazor server side rendering to test SHA hashing using the DotNetCrypto on the server and BrowserCrypto using IJSRuntime to run on the client browser.
var data = new byte[] { 0, 1, 2 };
// - Server
// DotNetCrypto indicated by the appended D, executes on the server using Microsoft.Security.Cryptography
var hashD = await DotNetCrypto.Digest("SHA-512", data);

// - Browser
// BrowserCrypto indicated by the appended B, executes on the browser using Javascript's SubtleCrypto APIs
var hashB = await BrowserCrypto.Digest("SHA-512", data);

// verify the hashes match
if (!hashB.SequenceEqual(hashD))
{
    throw new Exception("Hash mismatch");
}

ECDH Example

  • The below example, taken from the demo project, runs in Blazor server side rendering to test ECDH using the DotNetCrypto on the server and BrowserCrypto using IJSRuntime to run on the client browser.
// - Server
// generate server ECDH key
var ecdhD = await DotNetCrypto.GenerateECDHKey();
// export ecdhD public key for browser to use
var ecdhDPublicKeyBytes = await DotNetCrypto.ExportPublicKeySpki(ecdhD);

// - Browser
// generate browser ECDH key
var ecdhB = await BrowserCrypto.GenerateECDHKey();
// export ecdhB public key for server to use
var ecdhBPublicKeyBytes = await BrowserCrypto.ExportPublicKeySpki(ecdhB);

// - Server
// import the browser's ECDH public key using DotNetCrypto so DotNetCrypto can work with it
var ecdhBPublicKeyD = await DotNetCrypto.ImportECDHKey(ecdhBPublicKeyBytes);
// create shared secret
var sharedSecretD = await DotNetCrypto.DeriveBits(ecdhD, ecdhBPublicKeyD);

// - Browser
// import the server's ECDH public key using BrowserCrypto so BrowserCrypto can work with it
var ecdhDPublicKeyB = await BrowserCrypto.ImportECDHKey(ecdhDPublicKeyBytes);
// create shared secret
var sharedSecretB = await BrowserCrypto.DeriveBits(ecdhB, ecdhDPublicKeyB);

// verify the shared secrets match
if (!sharedSecretB.SequenceEqual(sharedSecretD))
{
    throw new Exception("Shared secret mismatch");
}

PortableCrypto Abstract Class

SHA - Data Hashing

Task<byte[]> Digest(string hashName, byte[] data)
  • Hash the specified data using the specified hash algorithm

ECDH - Shared secret generation

Task<PortableECDHKey> GenerateECDHKey(string namedCurve = NamedCurve.P521, bool extractable = true)
  • Generate a new ECDH crypto key
Task<byte[]> ExportPublicKeySpki(PortableECDHKey key)
  • Export the ECDH public key in Spki format
Task<byte[]> ExportPrivateKeyPkcs8(PortableECDHKey key)
  • Export the ECDH private key in Pkcs8 format
Task<PortableECDHKey> ImportECDHKey(byte[] publicKeySpki, string namedCurve = NamedCurve.P521, bool extractable = true)
  • Import the ECDH public key
Task<PortableECDHKey> ImportECDHKey(byte[] publicKeySpki, byte[] privateKeyPkcs8, string namedCurve = NamedCurve.P521, bool extractable = true)
  • Import the ECDH private key
Task<byte[]> DeriveBits(PortableECDHKey localPartyKey, PortableECDHKey otherPartyKey, int bitLength)
  • Create a shared secret that is cross-platform compatible
Task<byte[]> DeriveBits(PortableECDHKey localPartyKey, PortableECDHKey otherPartyKey)
  • Create a shared secret that is cross-platform compatible

ECDSA - Data Signing

Task<PortableECDSAKey> GenerateECDSAKey(string namedCurve = NamedCurve.P521, bool extractable = true)
  • Generate a new ECDSA key
Task<byte[]> ExportPublicKeySpki(PortableECDSAKey key)
  • Exports the ECDSA public key in Spki format
Task<byte[]> ExportPrivateKeyPkcs8(PortableECDSAKey key)
  • Exports the ECDSA private key in Pkcs8 format
Task<PortableECDSAKey> ImportECDSAKey(byte[] publicKeySpkiData, string namedCurve = NamedCurve.P521, bool extractable = true)
  • Import an ECDSA public key
Task<PortableECDSAKey> ImportECDSAKey(byte[] publicKeySpkiData, byte[] privateKeyPkcs8Data, string namedCurve = NamedCurve.P521, bool extractable = true)
  • Import an ECDSA public and private key
Task<bool> Verify(PortableECDSAKey key, byte[] data, byte[] signature, string hashName = HashName.SHA512)
  • Verify a data signature
Task<byte[]> Sign(PortableECDSAKey key, byte[] data, string hashName = HashName.SHA512)
  • Sign data using an ECDSA key

AES-GCM - Data Encryption

Task<PortableAESGCMKey> GenerateAESGCMKey(byte[] secret, int iterations = 25000, string hashName = HashName.SHA256, int keySizeBytes = 32, int tagSizeBytes = 16, int nonceSizeBytes = 12, bool extractable = true)
  • Generate an AES-GCM key using a secret byte array
Task<PortableAESGCMKey> GenerateAESGCMKey(byte[] secret, byte[] salt, int iterations = 25000, string hashName = HashName.SHA256, int keySizeBytes = 32, int tagSizeBytes = 16, int nonceSizeBytes = 12, bool extractable = true)
  • Generate an AES-GCM key using a secret byte array and a salt
Task<byte[]> Encrypt(PortableAESGCMKey key, byte[] plainBytes)
  • Encrypt data using an AES-GCM key
Task<byte[]> Decrypt(PortableAESGCMKey key, byte[] encryptedData)
  • Decrypt data using an AES-GCM key
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.5 36 11/22/2024
2.0.3 72 11/16/2024
2.0.2 72 11/15/2024
2.0.0 70 11/14/2024
1.0.0 75 11/12/2024