PostQuantum.Hybrid.AspNetCore 1.1.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package PostQuantum.Hybrid.AspNetCore --version 1.1.1
                    


                    

                
NuGet\Install-Package PostQuantum.Hybrid.AspNetCore -Version 1.1.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="PostQuantum.Hybrid.AspNetCore" Version="1.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="PostQuantum.Hybrid.AspNetCore" Version="1.1.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="PostQuantum.Hybrid.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add PostQuantum.Hybrid.AspNetCore --version 1.1.1
                    


                    

                
#r "nuget: PostQuantum.Hybrid.AspNetCore, 1.1.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package PostQuantum.Hybrid.AspNetCore@1.1.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=PostQuantum.Hybrid.AspNetCore&version=1.1.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=PostQuantum.Hybrid.AspNetCore&version=1.1.1
                    


                            Install as a Cake Tool

PostQuantum.Hybrid.AspNetCore

ASP.NET Core dependency-injection extensions for PostQuantum.Hybrid.

Lets you load hybrid KEM and signature keys from configuration and inject them into your controllers and services without writing boilerplate.

▶ Live demo — https://demo.pqhybrid.systemslibrarian.dev — the WebApiDemo sample built on this package, deployed to Azure Container Apps with Swagger UI at the root. Hit /seal, /sign, and the public-key endpoints in your browser, no install. First request after idle cold-starts in ~1 min (scale-to-zero).

Install

dotnet add package PostQuantum.Hybrid.AspNetCore

Quick start

using PostQuantum.Hybrid.AspNetCore;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddPostQuantumHybrid(builder.Configuration.GetSection("Crypto"));

var app = builder.Build();

app.MapGet("/sign", (IHybridSignatureKeyProvider keys, string message) =>
{
    var bytes = System.Text.Encoding.UTF8.GetBytes(message);
    var sig = PostQuantum.Hybrid.HybridSignature.Sign(keys.PrivateKey, bytes);
    return Convert.ToBase64String(sig);
});

app.Run();

appsettings.json

{
  "Crypto": {
    // KEM key pair — both halves required.
    "KemPublicKeyPath":  "/run/secrets/hybrid-kem.pub.pem",
    "KemPrivateKeyPath": "/run/secrets/hybrid-kem.priv.pem",

    // Signature key pair — both halves required.
    "SignaturePublicKeyPath":  "/run/secrets/hybrid-sig.pub.pem",
    "SignaturePrivateKeyPath": "/run/secrets/hybrid-sig.priv.pem"
  }
}

Each key half accepts either inline PEM (*KeyPem) or a file path (*KeyPath); if both are supplied, the inline PEM wins.

You can omit a family entirely if your app doesn't need it (e.g. only-sign apps don't need KEM keys); the corresponding provider will throw on first use rather than at startup.

What you get

Service Purpose
IHybridKemKeyProvider Long-lived recipient KEM key for decapsulation.
IHybridSignatureKeyProvider Long-lived signing key + public key.
HybridCryptoOptions Strongly-typed configuration.

Both providers are registered as singletons. The underlying private keys are disposed when the host shuts down.

Security guidance

  • Never commit KemPrivateKeyPem / SignaturePrivateKeyPem to source control. Use KemPrivateKeyPath / SignaturePrivateKeyPath pointing at a secret-managed file, or load from a real secret store (Azure Key Vault, AWS Secrets Manager, HashiCorp Vault).
  • Use file permissions on the key file (chmod 600 on Linux; a restricted NTFS ACL on Windows).
  • Rotate keys. Loading the key is one-shot; rotation requires restarting the host. For zero-downtime rotation, implement a custom IHybridKeyProvider that watches its source.

For more, see the parent library's SECURITY.md and HARDENING-CHECKLIST.md.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.1 76 6/10/2026
1.1.0 71 6/10/2026
1.0.1 97 6/8/2026
1.0.0 86 6/7/2026