Org.X509Crypto 1.1.0

Lets you easily and securely encrypt and recover text expressions and files in your .NET programs using X509 digital certificates and private keys. No prior experience with certificates required!

Install-Package Org.X509Crypto -Version 1.1.0
dotnet add package Org.X509Crypto --version 1.1.0
<PackageReference Include="Org.X509Crypto" Version="1.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Org.X509Crypto --version 1.1.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

X509Crypto allows you to encrypt and recover text expressions and files using X509 digital certificates and key pairs. The latest release eliminates the need to include any secrets (even in an encrypted form) in your source code, configuration files or database tables.

Encrypting a secret using X509Crypto

Use the X509Crypto Commandline Interface (CLI) to generate a new encryption certificate and key pair

Note: Certification Authority-issued certificates are supported as well as long as they include the Key Encipherment key usage extension

> x509crypto.exe
X509Crypto> makecert -context user -keysize medium -alias myvault

Certificate with thumbprint B31FE7E7AE5229F8186782742CF579197FA859FD was added to the user X509Context

X509Crypto>

The context argument can be either user or system depending on the context in which the application which will need to recover the secret runs in.

The keyzise argument can be small, medium, or large. The larger the key pair, the higher the security, but performance will be slower.

Use the AddAlias command in the CLI to bind your newly-created certificate to an X509Alias.

For demonstration purposes, we will create an X509Alias called "myvault".

X509Crypto> addalias -name myvault -context user -thumb B31FE7E7AE5229F8186782742CF579197FA859FD

New X509Alias "myvault" was created in the user X509Context using certificate with thumbprint "B31FE7E7AE5229F8186782742CF579197FA859FD"

X509Crypto>

Use the Encrypt CLI command to add a secret to your new X509Alias

X509Crypto> encrypt -text -alias myvault -context user -secret apikey -in "80EAF03248965AC2B78090"

Secret apikey has been added to X509Alias myvault in the user X509Context

X509Crypto>

The -text argument indicates that we're encrypting a text expression (as opposed to a file)

The -alias and -context arguments point to the X509Alias that we created in step 2.

The -secret argument assigns an identifier to the secret we're about to encrypt so that it can be recovered from the X509Alias later. In this example, we've established a secret named "apikey"

The -in argument indicates the text expression to be encrypted.

Reference the secret in your program

Once you have an X509Alias established with your secret(s) added, it is trivial to retreive them in your program with the Org.X509Crypto nuget package installed:

using Org.X509Crypto;

namespace SampleApp
{
    class Program
    {
        static void Main(string[] args)
        {
            var Alias = new X509Alias(@"myvault", X509Context.UserReadOnly);
            var apiKey = Alias.RecoverSecret(@"apikey");
        }
    }
}

X509Crypto allows you to encrypt and recover text expressions and files using X509 digital certificates and key pairs. The latest release eliminates the need to include any secrets (even in an encrypted form) in your source code, configuration files or database tables.

Encrypting a secret using X509Crypto

Use the X509Crypto Commandline Interface (CLI) to generate a new encryption certificate and key pair

Note: Certification Authority-issued certificates are supported as well as long as they include the Key Encipherment key usage extension

> x509crypto.exe
X509Crypto> makecert -context user -keysize medium -alias myvault

Certificate with thumbprint B31FE7E7AE5229F8186782742CF579197FA859FD was added to the user X509Context

X509Crypto>

The context argument can be either user or system depending on the context in which the application which will need to recover the secret runs in.

The keyzise argument can be small, medium, or large. The larger the key pair, the higher the security, but performance will be slower.

Use the AddAlias command in the CLI to bind your newly-created certificate to an X509Alias.

For demonstration purposes, we will create an X509Alias called "myvault".

X509Crypto> addalias -name myvault -context user -thumb B31FE7E7AE5229F8186782742CF579197FA859FD

New X509Alias "myvault" was created in the user X509Context using certificate with thumbprint "B31FE7E7AE5229F8186782742CF579197FA859FD"

X509Crypto>

Use the Encrypt CLI command to add a secret to your new X509Alias

X509Crypto> encrypt -text -alias myvault -context user -secret apikey -in "80EAF03248965AC2B78090"

Secret apikey has been added to X509Alias myvault in the user X509Context

X509Crypto>

The -text argument indicates that we're encrypting a text expression (as opposed to a file)

The -alias and -context arguments point to the X509Alias that we created in step 2.

The -secret argument assigns an identifier to the secret we're about to encrypt so that it can be recovered from the X509Alias later. In this example, we've established a secret named "apikey"

The -in argument indicates the text expression to be encrypted.

Reference the secret in your program

Once you have an X509Alias established with your secret(s) added, it is trivial to retreive them in your program with the Org.X509Crypto nuget package installed:

using Org.X509Crypto;

namespace SampleApp
{
    class Program
    {
        static void Main(string[] args)
        {
            var Alias = new X509Alias(@"myvault", X509Context.UserReadOnly);
            var apiKey = Alias.RecoverSecret(@"apikey");
        }
    }
}

Release Notes

This version eliminates the need to include ciphertext directly in your source code or configuration files. Refer to the project page for more info

Dependencies

This package has no dependencies.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.1.0 56 6/22/2020
1.1.0-beta 197 6/19/2020
1.0.0 212 2/2/2019