BlazorPRF.Wasm.Crypto 0.3.0-pre

Prefix Reserved
.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
This is a prerelease version of BlazorPRF.Wasm.Crypto. 
dotnet add package BlazorPRF.Wasm.Crypto --version 0.3.0-pre
                    


                    

                
NuGet\Install-Package BlazorPRF.Wasm.Crypto -Version 0.3.0-pre
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="BlazorPRF.Wasm.Crypto" Version="0.3.0-pre" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="BlazorPRF.Wasm.Crypto" Version="0.3.0-pre" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="BlazorPRF.Wasm.Crypto" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add BlazorPRF.Wasm.Crypto --version 0.3.0-pre
                    


                    

                
#r "nuget: BlazorPRF.Wasm.Crypto, 0.3.0-pre"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package BlazorPRF.Wasm.Crypto@0.3.0-pre
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=BlazorPRF.Wasm.Crypto&version=0.3.0-pre&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=BlazorPRF.Wasm.Crypto&version=0.3.0-pre&prerelease
                    


                            Install as a Cake Tool

BlazorPRF.Wasm.Crypto

Simple WebAuthn PRF-based encryption library for Blazor WebAssembly.

Features

  • Secure by Design: Private keys never leave JavaScript - stored as non-extractable CryptoKey objects
  • Salt-Based Key Lookup: All crypto operations use salt identifiers, not raw keys
  • AES-256-GCM Encryption: Hardware-accelerated symmetric encryption via SubtleCrypto
  • Ed25519 Signing: Digital signatures for message authentication
  • Key Caching: Automatic TTL-based key expiration with event notifications
  • Discoverable Credentials: Support for passkey autofill UI

Installation

dotnet add package BlazorPRF.Wasm.Crypto

Usage

Register Services

builder.Services.AddBasePrf();

Register a Passkey

@inject IBasePrfService PrfService

var result = await PrfService.RegisterAsync("My Passkey");
if (result.Success)
{
    var credentialId = result.Value; // Store this for later authentication
}

Authenticate and Cache Keys

// Keys are derived from PRF output and cached in JS by salt
var authResult = await PrfService.AuthenticateAsync(
    credentialId,
    saltBase64,
    cacheTtl: TimeSpan.FromMinutes(15));

if (authResult.Success)
{
    // authResult.Value.PublicKey - Ed25519 public key (safe to share)
    // Private keys stay in JS, referenced by salt
}

Encrypt/Decrypt

// Encrypt - uses cached key identified by salt
var encrypted = await PrfService.EncryptAsync("Hello, World!", saltBase64);

// Decrypt
var decrypted = await PrfService.DecryptAsync(encrypted.Value, saltBase64);

Sign/Verify

// Sign - uses cached Ed25519 key
var signature = await PrfService.SignAsync("message to sign", saltBase64);

// Verify - can use any public key
var isValid = await PrfService.VerifyAsync("message to sign", signature.Value, publicKeyBase64);

Key Expiration

PrfService.KeyExpired += salt =>
{
    Console.WriteLine($"Keys expired for salt: {salt}");
    // Re-authenticate if needed
};

Architecture

C# (.NET WASM)                    JavaScript (WebCrypto)
    |                                    |
    |-- Authenticate(salt) ------------>|
    |                                    |-- WebAuthn PRF
    |                                    |-- Derive keys (HKDF)
    |                                    |-- Cache as CryptoKey (non-extractable)
    |<-- PublicKey only -----------------|
    |                                    |
    |-- Encrypt(plaintext, salt) ------>|
    |                                    |-- Lookup key by salt
    |                                    |-- AES-GCM encrypt
    |<-- Ciphertext + Nonce ------------|

Security Model

  • PRF output from WebAuthn is used as key material
  • Keys are derived using HKDF with domain separation
  • Private keys are stored as non-extractable CryptoKey objects in JavaScript
  • C# only receives public keys and references keys by salt
  • All encryption uses authenticated encryption (AES-GCM)

Browser Requirements

  • WebAuthn Level 2 with PRF extension support
  • SubtleCrypto API
  • Modern browsers: Chrome 109+, Edge 109+, Safari 16.4+
  • BlazorPRF.Noble.Crypto - Full crypto provider using Noble.js (X25519, Ed25519, ChaCha20-Poly1305)
  • BlazorPRF.BC.Crypto - BouncyCastle-based crypto for server-side scenarios

License

MIT

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.