PostQuantum.SecureChannel.AspNetCore
0.3.0-preview.2
This is a prerelease version of PostQuantum.SecureChannel.AspNetCore.
dotnet add package PostQuantum.SecureChannel.AspNetCore --version 0.3.0-preview.2
NuGet\Install-Package PostQuantum.SecureChannel.AspNetCore -Version 0.3.0-preview.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="PostQuantum.SecureChannel.AspNetCore" Version="0.3.0-preview.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="PostQuantum.SecureChannel.AspNetCore" Version="0.3.0-preview.2" />
<PackageReference Include="PostQuantum.SecureChannel.AspNetCore" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add PostQuantum.SecureChannel.AspNetCore --version 0.3.0-preview.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: PostQuantum.SecureChannel.AspNetCore, 0.3.0-preview.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package PostQuantum.SecureChannel.AspNetCore@0.3.0-preview.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=PostQuantum.SecureChannel.AspNetCore&version=0.3.0-preview.2&prerelease
#tool nuget:?package=PostQuantum.SecureChannel.AspNetCore&version=0.3.0-preview.2&prerelease
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
PostQuantum.SecureChannel.AspNetCore
ASP.NET Core integration for
PostQuantum.SecureChannel. DI
registration, configuration binding for pinned identities, and a WebSocket adapter that turns any
incoming or outgoing WebSocket into a PqSecureChannelStream.
dotnet add package PostQuantum.SecureChannel.AspNetCore --version 0.3.0-preview.1
Server (Kestrel + WebSockets)
var builder = WebApplication.CreateBuilder(args);
builder.Services
.AddPostQuantumSecureChannel() // base options
.AddServerIdentityFromConfiguration("PqSecureChannel"); // reads identity from IConfiguration
var app = builder.Build();
app.UseWebSockets();
app.MapPqWebSocket("/pqsc", async (channel, ctx) =>
{
// channel is a PqSecureChannelStream; ctx is the HttpContext.
var buffer = new byte[1024];
int read = await channel.ReadAsync(buffer);
await channel.WriteAsync(buffer.AsMemory(0, read));
});
app.Run();
// appsettings.json
{
"PqSecureChannel": {
"ServerIdentitySeedBase64": "…32 bytes base64…",
"RequireClientAuthentication": false
}
}
Client (HttpClient + WebSockets)
using var ws = new ClientWebSocket();
await ws.ConnectAsync(new Uri("wss://server/pqsc"), CancellationToken.None);
await using var channel = await ws.AcceptPqClientAsync(new PqClientOptions
{
ServerIdentity = PqIdentityPublicKey.FromBase64(config["PqSecureChannel:PinnedServerKey"]!),
});
await channel.WriteAsync(Encoding.UTF8.GetBytes("hello server"));
Identity loading
- From IConfiguration: bind
ServerIdentitySeedBase64/PinnedServerKeyBase64from JSON, environment variables, Azure Key Vault, AWS Secrets Manager, or any provider you already use. - From a file:
services.AddServerIdentityFromSeedFile(path). - From memory:
services.AddServerIdentity(identity).
Mixing providers is fine — the last one wins, matching the standard .NET IOptions<T> semantics.
What this package is not
- It is not application-layer encryption over arbitrary HTTP request/response. The WebSocket adapter is the supported path; full request-encrypting middleware needs careful design and is deferred. For most service-to-service traffic, WebSockets + a tiny RPC layer (gRPC, SignalR, hand-rolled JSON-over-frames) is enough.
- It is not a replacement for TLS at the edge. Run it inside TLS; it adds an authenticated, forward-secret, PQ-safe envelope around your application messages.
See the parent project's KNOWN-GAPS.md
for honest limitations of the underlying library.
To God be the glory. — 1 Corinthians 10:31
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net10.0
- PostQuantum.SecureChannel (>= 0.3.0-preview.2)
-
net8.0
- PostQuantum.SecureChannel (>= 0.3.0-preview.2)
-
net9.0
- PostQuantum.SecureChannel (>= 0.3.0-preview.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 0.3.0-preview.2 | 49 | 6/2/2026 |
| 0.3.0-preview.1 | 48 | 6/1/2026 |
0.3.0-preview.2: Lockstep release with PostQuantum.SecureChannel 0.3.0-preview.2 (external-review remediation of the protocol glue: protocol-version bump 1 -> 2; HKDF + transcript-framing wire-format break). This package has no behavior changes of its own; it ProjectReferences PostQuantum.SecureChannel and therefore inherits the wire-format change. AspNetCore endpoints established with a 0.3.0-preview.2 server require 0.3.0-preview.2 clients (and vice versa); v1 peers fail cleanly at version negotiation.