nseal 1.3.0

Content encryption library

Install-Package nseal -Version 1.3.0
dotnet add package nseal --version 1.3.0
<PackageReference Include="nseal" Version="1.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add nseal --version 1.3.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: nseal, 1.3.0"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install nseal as a Cake Addin
#addin nuget:?package=nseal&version=1.3.0

// Install nseal as a Cake Tool
#tool nuget:?package=nseal&version=1.3.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

NSeal

The library focuses on the problem of storing content in insecure storage locations, or transporting content across insecure transport.

Storage Encryption

Storing content in insecure locations makes it vulnerable to abuse from malicious actors.Nseal provides the KeyEnvelope to generate a master data encryption key (DEK) and generate a key encryption key (KEK) to encrypt the DEK. The KEK is derived from the user's password and a salt, so is not accessible to an attacker.

This is intended for systems protecting user data with their own keys. It is not a solution for end to end encryption. Never provide private data or password information to a system you do not trust.

The following example shows how to create a key envelope and get the DEK to perform symmetric key encryption:

var envelope = await KeyEnvelope.Create("your password");
var dek = await envelope.GetDek("your password");
// perform your own encryption operations

The following example shows how to create a key envelope and use it to create encrypted streams to write private data to:

var envelope = await KeyEnvelope.Create("your password");
await using var contentStream = new MemoryStream();
var encryption = await envelope.CreateEncryptionStream("your password", contentStream);
await encryption.WriteAsync(content);
await encryption.FlushAsync();

The provided stream will flush the final block when the stream is closed or disposed.

Transport Encryption

Transporting content over insecure transports exposes the content to eavesdropping or manipulation. To prevent this, the data should at least be encrypted (content security), but should also signed to show it has not been altered (integrity check).

Nseal provides the CryptoSealer class to generate a zip file for encrypted content. When building the encrypted content, the CryptoSealer uses the public key of the intended recipient to generate (DEK) and protect (KEK) symmetric keys used for content encryption. There is a corresponding CryptoUnsealer for performing the unpacking of the encrypted content. To decrypt the content, the recipient's private key is required.

The CryptoSealer and CryptoUnsealer use asymmetric keys to protect the generated encryption keys to make it easier to perform key exchanges across systems.

The following example shows how to create an encrypted package:

var sealer = new CryptoSealer([Recipient RSA]);
await using (var output = File.Create("output.zip"))
{
    var content = new EncryptionContent(
        "item.txt",
        new MemoryStream(Encoding.UTF8.GetBytes("Hello, World")));
    await sealer.Encrypt(new[] { content }, output);
}

// File is now ready for reading or transport.
var readableStream = File.OpenRead("output.zip");

See tests for further running examples.

NSeal

The library focuses on the problem of storing content in insecure storage locations, or transporting content across insecure transport.

Storage Encryption

Storing content in insecure locations makes it vulnerable to abuse from malicious actors.Nseal provides the KeyEnvelope to generate a master data encryption key (DEK) and generate a key encryption key (KEK) to encrypt the DEK. The KEK is derived from the user's password and a salt, so is not accessible to an attacker.

This is intended for systems protecting user data with their own keys. It is not a solution for end to end encryption. Never provide private data or password information to a system you do not trust.

The following example shows how to create a key envelope and get the DEK to perform symmetric key encryption:

var envelope = await KeyEnvelope.Create("your password");
var dek = await envelope.GetDek("your password");
// perform your own encryption operations

The following example shows how to create a key envelope and use it to create encrypted streams to write private data to:

var envelope = await KeyEnvelope.Create("your password");
await using var contentStream = new MemoryStream();
var encryption = await envelope.CreateEncryptionStream("your password", contentStream);
await encryption.WriteAsync(content);
await encryption.FlushAsync();

The provided stream will flush the final block when the stream is closed or disposed.

Transport Encryption

Transporting content over insecure transports exposes the content to eavesdropping or manipulation. To prevent this, the data should at least be encrypted (content security), but should also signed to show it has not been altered (integrity check).

Nseal provides the CryptoSealer class to generate a zip file for encrypted content. When building the encrypted content, the CryptoSealer uses the public key of the intended recipient to generate (DEK) and protect (KEK) symmetric keys used for content encryption. There is a corresponding CryptoUnsealer for performing the unpacking of the encrypted content. To decrypt the content, the recipient's private key is required.

The CryptoSealer and CryptoUnsealer use asymmetric keys to protect the generated encryption keys to make it easier to perform key exchanges across systems.

The following example shows how to create an encrypted package:

var sealer = new CryptoSealer([Recipient RSA]);
await using (var output = File.Create("output.zip"))
{
    var content = new EncryptionContent(
        "item.txt",
        new MemoryStream(Encoding.UTF8.GetBytes("Hello, World")));
    await sealer.Encrypt(new[] { content }, output);
}

// File is now ready for reading or transport.
var readableStream = File.OpenRead("output.zip");

See tests for further running examples.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.3.0 76 2/13/2021
1.2.0 118 11/11/2020
1.0.0 153 5/10/2020