Org.X509Crypto
1.1.0
See the version list below for details.
dotnet add package Org.X509Crypto --version 1.1.0
NuGet\Install-Package Org.X509Crypto -Version 1.1.0
<PackageReference Include="Org.X509Crypto" Version="1.1.0" />
paket add Org.X509Crypto --version 1.1.0
#r "nuget: Org.X509Crypto, 1.1.0"
// Install Org.X509Crypto as a Cake Addin
#addin nuget:?package=Org.X509Crypto&version=1.1.0
// Install Org.X509Crypto as a Cake Tool
#tool nuget:?package=Org.X509Crypto&version=1.1.0
X509Crypto allows you to encrypt and recover text expressions and files using X509 digital certificates and key pairs. The latest release eliminates the need to include any secrets (even in an encrypted form) in your source code, configuration files or database tables.
Encrypting a secret using X509Crypto
Use the X509Crypto Commandline Interface (CLI) to generate a new encryption certificate and key pair
Note: Certification Authority-issued certificates are supported as well as long as they include the Key Encipherment key usage extension
>x509crypto.exe
X509Crypto> makecert -context user -keysize medium -alias myvault
Certificate with thumbprint B31FE7E7AE5229F8186782742CF579197FA859FD was added to the user X509Context
X509Crypto>
The context argument can be either user or system depending on the context in which the application which will need to recover the secret runs in.
The keyzise argument can be small, medium, or large. The larger the key pair, the higher the security, but performance will be slower.
Use the AddAlias command in the CLI to bind your newly-created certificate to an X509Alias.
For demonstration purposes, we will create an X509Alias called "myvault".
X509Crypto> addalias -name myvault -context user -thumb B31FE7E7AE5229F8186782742CF579197FA859FD
New X509Alias "myvault" was created in the user X509Context using certificate with thumbprint "B31FE7E7AE5229F8186782742CF579197FA859FD"
X509Crypto>
Use the Encrypt CLI command to add a secret to your new X509Alias
X509Crypto> encrypt -text -alias myvault -context user -secret apikey -in "80EAF03248965AC2B78090"
Secret apikey has been added to X509Alias myvault in the user X509Context
X509Crypto>
The -text argument indicates that we're encrypting a text expression (as opposed to a file)
The -alias and -context arguments point to the X509Alias that we created in step 2.
The -secret argument assigns an identifier to the secret we're about to encrypt so that it can be recovered from the X509Alias later. In this example, we've established a secret named "apikey"
The -in argument indicates the text expression to be encrypted.
Reference the secret in your program
Once you have an X509Alias established with your secret(s) added, it is trivial to retreive them in your program with the Org.X509Crypto nuget package installed:
using Org.X509Crypto;
namespace SampleApp
{
class Program
{
static void Main(string[] args)
{
var Alias = new X509Alias(@"myvault", X509Context.UserReadOnly);
var apiKey = Alias.RecoverSecret(@"apikey");
}
}
}
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET Framework | net46 is compatible. net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
This package has no dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 1.3.0 | 456 | 12/4/2020 |
| 1.1.0 | 387 | 6/22/2020 |
| 1.1.0-beta | 451 | 6/19/2020 |
| 1.0.0 | 615 | 2/2/2019 |
This version eliminates the need to include ciphertext directly in your source code or configuration files. Refer to the project page for more info