PostQuantum.SecureChannel.AspNetCore
1.0.0
dotnet add package PostQuantum.SecureChannel.AspNetCore --version 1.0.0
NuGet\Install-Package PostQuantum.SecureChannel.AspNetCore -Version 1.0.0
<PackageReference Include="PostQuantum.SecureChannel.AspNetCore" Version="1.0.0" />
<PackageVersion Include="PostQuantum.SecureChannel.AspNetCore" Version="1.0.0" />
<PackageReference Include="PostQuantum.SecureChannel.AspNetCore" />
paket add PostQuantum.SecureChannel.AspNetCore --version 1.0.0
#r "nuget: PostQuantum.SecureChannel.AspNetCore, 1.0.0"
#:package PostQuantum.SecureChannel.AspNetCore@1.0.0
#addin nuget:?package=PostQuantum.SecureChannel.AspNetCore&version=1.0.0
#tool nuget:?package=PostQuantum.SecureChannel.AspNetCore&version=1.0.0
PostQuantum.SecureChannel.AspNetCore
ASP.NET Core integration for
PostQuantum.SecureChannel. DI
registration, configuration binding for pinned identities, and a WebSocket adapter that turns any
incoming or outgoing WebSocket into a PqSecureChannelStream.
dotnet add package PostQuantum.SecureChannel.AspNetCore --version 1.0.0
Server (Kestrel + WebSockets)
var builder = WebApplication.CreateBuilder(args);
builder.Services
.AddPostQuantumSecureChannel() // base options
.AddServerIdentityFromConfiguration("PqSecureChannel"); // reads identity from IConfiguration
var app = builder.Build();
app.UseWebSockets();
app.MapPqWebSocket("/pqsc", async (channel, ctx) =>
{
// channel is a PqSecureChannelStream; ctx is the HttpContext.
var buffer = new byte[1024];
int read = await channel.ReadAsync(buffer);
await channel.WriteAsync(buffer.AsMemory(0, read));
});
app.Run();
// appsettings.json
{
"PqSecureChannel": {
"ServerIdentitySeedBase64": "…32 bytes base64…",
"RequireClientAuthentication": false
}
}
Client (HttpClient + WebSockets)
using var ws = new ClientWebSocket();
await ws.ConnectAsync(new Uri("wss://server/pqsc"), CancellationToken.None);
await using var channel = await ws.AcceptPqClientAsync(new PqClientOptions
{
ServerIdentity = PqIdentityPublicKey.FromBase64(config["PqSecureChannel:PinnedServerKey"]!),
});
await channel.WriteAsync(Encoding.UTF8.GetBytes("hello server"));
Identity loading
- From IConfiguration: bind
ServerIdentitySeedBase64/PinnedServerKeyBase64from JSON, environment variables, Azure Key Vault, AWS Secrets Manager, or any provider you already use. - From a file:
services.AddServerIdentityFromSeedFile(path). - From memory:
services.AddServerIdentity(identity).
Mixing providers is fine — the last one wins, matching the standard .NET IOptions<T> semantics.
What this package is not
- It is not application-layer encryption over arbitrary HTTP request/response. The WebSocket adapter is the supported path; full request-encrypting middleware needs careful design and is deferred. For most service-to-service traffic, WebSockets + a tiny RPC layer (gRPC, SignalR, hand-rolled JSON-over-frames) is enough.
- It is not a replacement for TLS at the edge. Run it inside TLS; it adds an authenticated, forward-secret, PQ-safe envelope around your application messages.
See the parent project's KNOWN-GAPS.md
for honest limitations of the underlying library.
To God be the glory. — 1 Corinthians 10:31
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- PostQuantum.SecureChannel (>= 1.0.0)
-
net8.0
- PostQuantum.SecureChannel (>= 1.0.0)
-
net9.0
- PostQuantum.SecureChannel (>= 1.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0 | 43 | 7/2/2026 |
| 0.3.0-preview.2 | 64 | 6/2/2026 |
| 0.3.0-preview.1 | 54 | 6/1/2026 |
1.0.0: Lockstep first stable release with PostQuantum.SecureChannel 1.0.0. No behavior changes of its own; it ProjectReferences PostQuantum.SecureChannel and inherits its wire format (protocol version 2). See the core package's release notes and KNOWN-GAPS.md — note the core is not independently audited.