QuantumShield.Identity 1.0.0

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package QuantumShield.Identity --version 1.0.0
                    


                    

                
NuGet\Install-Package QuantumShield.Identity -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="QuantumShield.Identity" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="QuantumShield.Identity" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="QuantumShield.Identity" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add QuantumShield.Identity --version 1.0.0
                    


                    

                
#r "nuget: QuantumShield.Identity, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package QuantumShield.Identity@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=QuantumShield.Identity&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=QuantumShield.Identity&version=1.0.0
                    


                            Install as a Cake Tool

QuantumShield.Identity

<div align="center">

<img src="assets/icon.png" alt="QuantumShield.Identity logo" width="120" height="120" />

Hybrid Post-Quantum Cryptography for .NET Authentication

NuGet NuGet Downloads License .NET C#

</div>

QuantumShield.Identity is a production-ready .NET library that implements hybrid post-quantum cryptography for JWT-based authentication. It seamlessly combines classical ECDSA P-256 signatures with post-quantum ML-DSA-65 (FIPS 204) signatures, ensuring both backward compatibility with existing infrastructure and future-proof security against quantum computing threats.

The library provides a drop-in solution for ASP.NET Core applications, requiring minimal code changes while delivering enterprise-grade quantum-resistant authentication. Built for .NET 10 and leveraging C# 14 features, QuantumShield.Identity offers a clean, modern API that integrates seamlessly with existing authentication pipelines.

🎯 What Problem Does This Solve?

QuantumShield.Identity addresses the critical security challenge of quantum computing threats to classical cryptographic algorithms. As quantum computers become more powerful, traditional cryptographic systems like ECDSA P-256 will become vulnerable to attacks. This library provides a hybrid authentication solution that combines:

  • Classical cryptography (ECDSA P-256) - Ensures compatibility with existing infrastructure
  • Post-quantum cryptography (ML-DSA-65 / FIPS 204) - Provides quantum-resistant security

By requiring both signatures to validate, you get:

  • Backward compatibility with existing JWT infrastructure
  • Future-proof security against quantum computing threats
  • Zero infrastructure changes - works with standard JWTs
  • Production-ready implementation for enterprise deployments

📋 Table of Contents

✨ Features

  • 🔐 Hybrid JWT Signing: Sign tokens with both ECDSA P-256 and ML-DSA-65; validation requires both signatures
  • 🚀 Drop-in Integration: Single extension method (AddQuantumResilience()) for ASP.NET Core
  • 📦 Standard JWT Format: Tokens are standard JWTs with an embedded pq-sig claim - no breaking changes
  • 🔄 Multi-Tenant Ready: Stateless design supports multiple users and tenants without storage changes
  • 🛡️ Platform-Aware: Gracefully handles unsupported platforms with clear error messages
  • 📊 Production Logging: Full ILogger<T> integration for audit trails
  • 🔑 Flexible Key Management: PEM-based key import/export for HSM, Key Vault, or secure storage
  • ⚡ Low-Level Primitives: HybridToken class for non-JWT hybrid signatures
  • 💻 Modern C#: Built with C# 14 features (primary constructors, field keyword)

🔧 How It Works

Architecture Overview

QuantumShield.Identity implements a hybrid signature scheme where each JWT is signed twice:

  1. ML-DSA-65 signature is created on the original payload (without pq-sig)
  2. The ML-DSA signature is embedded as a pq-sig claim in the payload
  3. ECDSA P-256 signature is created on the enriched payload (with pq-sig)

During validation:

  1. ECDSA signature is verified against the full token (header + enriched payload)
  2. The pq-sig claim is extracted and removed to reconstruct the original payload
  3. ML-DSA signature is verified against the original payload (without pq-sig)

Both signatures must validate for the token to be considered authentic.

┌─────────────────────────────────────────────────────────────┐
│                    Token Creation Flow                       │
└─────────────────────────────────────────────────────────────┘

   Identity Claims
        │
        ▼
   JWT Payload (sub, name, role, iat, ...)
        │
        ├─────────────────────────────────────┐
        │                                     │
        ▼                                     ▼
   ML-DSA Sign                              ECDSA Sign
   (Original Payload)                       (Enriched Payload)
        │                                     │
        │                                     │
        └──────────┬──────────────────────────┘
                   │
                   ▼
        Add pq-sig claim to payload
                   │
                   ▼
        Sign with ECDSA (includes pq-sig)
                   │
                   ▼
        ┌──────────────────────────┐
        │   Hybrid JWT Token        │
        │  header.payload.signature │
        └──────────────────────────┘

┌─────────────────────────────────────────────────────────────┐
│                  Token Validation Flow                       │
└─────────────────────────────────────────────────────────────┘

   Hybrid JWT Token
        │
        ├──────────────────────┐
        │                      │
        ▼                      ▼
   Verify ECDSA          Extract pq-sig
   (Full Token)          Remove pq-sig
        │                      │
        │                      ▼
        │              Reconstruct Original
        │                      │
        │                      ▼
        │              Verify ML-DSA
        │              (Original Payload)
        │                      │
        └──────────┬───────────┘
                   │
                   ▼
        ✅ Both Valid = Token Authentic
        ❌ Either Invalid = Token Rejected

Token Structure

A hybrid JWT has the standard three-part structure:

eyJhbGciOiJFUzI1NitNTERTQTY1IiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwicGctc2lnIjoiLi4uIn0.signature
│                                    │                                                                  │
│                                    │                                                                 └─ ECDSA Signature (Base64URL)
│                                    └─ Payload (includes pq-sig claim) (Base64URL)
└─ Header (alg: ES256+MLDSA65) (Base64URL)

The pq-sig claim contains the Base64URL-encoded ML-DSA signature.

📦 Installation

Download from NuGet

The package is available on NuGet.org. You can download and install it using any of the following methods:

dotnet add package QuantumShield.Identity

Or specify a version:

dotnet add package QuantumShield.Identity --version 1.0.0
Option 2: Package Manager Console
Install-Package QuantumShield.Identity

Or specify a version:

Install-Package QuantumShield.Identity -Version 1.0.0
Option 3: PackageReference (in .csproj)

Add the following to your .csproj file:

<ItemGroup>
  <PackageReference Include="QuantumShield.Identity" Version="1.0.0" />
</ItemGroup>
Option 4: Visual Studio
  1. Right-click on your project in Solution Explorer
  2. Select Manage NuGet Packages
  3. Search for QuantumShield.Identity
  4. Click Install
Verify Installation

After installation, verify the package is referenced:

dotnet list package

You should see QuantumShield.Identity in the list.

Requirements

  • .NET 10.0 or later
  • C# 14.0 compiler
  • Platform Support (for ML-DSA):
    • Windows 11 / Windows Server 2025 (with PQC-enabled CNG)
    • Linux with OpenSSL 3.5+ (or newer)

Note: On unsupported platforms, ML-DSA operations will throw PlatformNotSupportedException. You can still use the library for ECDSA-only operations and add ML-DSA support later.

🚀 Quick Start

1. Register Services

using QuantumShield.Identity;

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddQuantumResilience(); // Registers HybridSignatureProvider, MLDsaKeyManager, and Logging

Note: AddQuantumResilience() automatically registers logging services, so you don't need to call .AddLogging() separately. In ASP.NET Core, logging is also typically already configured by WebApplication.CreateBuilder(args).

2. Generate Keys

using System.Security.Cryptography;
using QuantumShield.Identity;

// Generate ECDSA key pair
using var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
var ecdsaPrivateKey = ecdsa.ExportECPrivateKey();
var ecdsaPublicKey = ecdsa.ExportSubjectPublicKeyInfo();

// Generate ML-DSA key pair
var keyManager = serviceProvider.GetRequiredService<MLDsaKeyManager>();
var (mldsaPrivatePem, mldsaPublicPem) = keyManager.GenerateKeyPair();

// Store keys securely (HSM, Key Vault, etc.)

3. Issue a Hybrid Token

var hybrid = serviceProvider.GetRequiredService<HybridSignatureProvider>();

var payload = new
{
    sub = "user123",
    name = "John Doe",
    role = "admin",
    iat = DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
    exp = DateTimeOffset.UtcNow.AddHours(1).ToUnixTimeSeconds()
};

using var ecdsa = ECDsa.Create();
ecdsa.ImportECPrivateKey(ecdsaPrivateKey, out _);

var token = hybrid.CreateHybridToken(payload, ecdsa, mldsaPrivatePem);
// Returns: "eyJhbGciOiJFUzI1NitNTERTQTY1IiwidHlwIjoiSldUIn0..."

4. Validate a Hybrid Token

using var ecdsaPublic = ECDsa.Create();
ecdsaPublic.ImportSubjectPublicKeyInfo(ecdsaPublicKey, out _);

var isValid = hybrid.ValidateHybridToken(token, ecdsaPublic, mldsaPublicPem);
// Returns: true if both ECDSA and ML-DSA signatures are valid

🖥️ Platform Requirements

ML-DSA Support

ML-DSA operations require platform-level support for post-quantum cryptography:

Platform Status Requirements
Windows 11 ✅ Supported PQC-enabled CNG provider
Windows Server 2025 ✅ Supported PQC-enabled CNG provider
Windows 10 ❌ Not Supported Upgrade to Windows 11+
Linux ✅ Supported OpenSSL 3.5+
macOS ⚠️ Check Depends on OpenSSL version

Checking Platform Support

if (MLDsa.IsSupported)
{
    // ML-DSA is available
    var keyManager = new MLDsaKeyManager(logger);
    var (privateKey, publicKey) = keyManager.GenerateKeyPair();
}
else
{
    // ML-DSA not available - use ECDSA only or upgrade platform
    throw new PlatformNotSupportedException("ML-DSA requires Windows 11+ or Linux with OpenSSL 3.5+");
}

📚 API Reference

HybridSignatureProvider

High-level service for creating and validating hybrid JWTs.

Methods
CreateHybridToken(object payload, ECDsa ecdsaPrivateKey, string mldsaPrivatePem)

Creates a hybrid-signed JWT token.

Parameters:

  • payload (object): The JWT payload (claims) to sign. Will be serialized to JSON.
  • ecdsaPrivateKey (ECDsa): ECDSA P-256 private key for classical signing.
  • mldsaPrivatePem (string): ML-DSA-65 private key in PEM format.

Returns: string - Base64URL-encoded JWT token.

Example:

var payload = new { sub = "user123", name = "John" };
var token = hybrid.CreateHybridToken(payload, ecdsaPrivateKey, mldsaPrivatePem);
ValidateHybridToken(string token, ECDsa ecdsaPublicKey, string mldsaPublicPem)

Validates both ECDSA and ML-DSA signatures in a hybrid JWT.

Parameters:

  • token (string): The JWT token to validate.
  • ecdsaPublicKey (ECDsa): ECDSA P-256 public key for classical verification.
  • mldsaPublicPem (string): ML-DSA-65 public key in PEM format.

Returns: bool - true if both signatures are valid, false otherwise.

Example:

var isValid = hybrid.ValidateHybridToken(token, ecdsaPublicKey, mldsaPublicPem);
if (!isValid)
{
    // Token is invalid - reject request
}

MLDsaKeyManager

Manages ML-DSA key generation and import operations.

Methods
GenerateKeyPair()

Generates a new ML-DSA-65 key pair.

Returns: (string privateKeyPem, string publicKeyPem) - Tuple containing PEM-encoded keys.

Throws: PlatformNotSupportedException if ML-DSA is not supported on the platform.

Example:

var keyManager = new MLDsaKeyManager(logger);
var (privateKey, publicKey) = keyManager.GenerateKeyPair();
// Store keys securely
ImportPrivateKeyFromPem(string pem)

Imports an ML-DSA private key from PEM format.

Parameters:

  • pem (string): PEM-encoded private key.

Returns: MLDsa - Disposable ML-DSA instance.

Example:

using var mldsa = keyManager.ImportPrivateKeyFromPem(privateKeyPem);
var signature = mldsa.SignData(data);
ImportPublicKeyFromPem(string pem)

Imports an ML-DSA public key from PEM format.

Parameters:

  • pem (string): PEM-encoded public key.

Returns: MLDsa - Disposable ML-DSA instance.

Example:

using var mldsa = keyManager.ImportPublicKeyFromPem(publicKeyPem);
var isValid = mldsa.VerifyData(data, signature);
RotateKeyPair()

Convenience method that generates a new key pair (alias for GenerateKeyPair()).

HybridToken

Low-level primitive for hybrid signatures over arbitrary binary data (non-JWT use cases).

Methods
Sign(byte[] data)

Signs data with both ECDSA and ML-DSA.

Parameters:

  • data (byte[]): The data to sign.

Returns: byte[] - Hybrid signature format: [4-byte PQ length] || [PQ signature] || [ECDSA signature].

Verify(byte[] data, byte[] hybridSignature)

Verifies a hybrid signature.

Parameters:

  • data (byte[]): The original data.
  • hybridSignature (byte[]): The hybrid signature to verify.

Returns: bool - true if both signatures are valid.

🔌 Integration Guide

ASP.NET Core Authentication Server

Complete example for issuing hybrid tokens:

using System.Security.Cryptography;
using Microsoft.AspNetCore.Identity;
using QuantumShield.Identity;

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddQuantumResilience()
    .AddIdentityCore<ApplicationUser>()
    .AddEntityFrameworkStores<ApplicationDbContext>();

var app = builder.Build();

// Load keys from secure storage (HSM, Key Vault, etc.)
ECDsa LoadEcdsaPrivateKey()
{
    var keyBytes = /* Load from secure storage */;
    var ecdsa = ECDsa.Create();
    ecdsa.ImportECPrivateKey(keyBytes, out _);
    return ecdsa;
}

string LoadMldsaPrivateKey()
{
    return /* Load from secure storage */;
}

app.MapPost("/connect/token", async (
    HttpContext context,
    HybridSignatureProvider hybrid,
    UserManager<ApplicationUser> userManager) =>
{
    // 1. Authenticate user
    var username = context.Request.Form["username"];
    var password = context.Request.Form["password"];
    
    var user = await userManager.FindByNameAsync(username!);
    if (user is null || !await userManager.CheckPasswordAsync(user, password!))
    {
        return Results.Unauthorized();
    }

    // 2. Load signing keys
    using var ecdsa = LoadEcdsaPrivateKey();
    var mldsaPrivatePem = LoadMldsaPrivateKey();

    // 3. Build JWT payload
    var payload = new
    {
        sub = user.Id,
        name = user.UserName,
        email = user.Email,
        role = await userManager.GetRolesAsync(user),
        iat = DateTimeOffset.UtcNow.ToUnixTimeSeconds(),
        exp = DateTimeOffset.UtcNow.AddHours(1).ToUnixTimeSeconds()
    };

    // 4. Issue hybrid token
    var token = hybrid.CreateHybridToken(payload, ecdsa, mldsaPrivatePem);

    return Results.Ok(new
    {
        access_token = token,
        token_type = "Bearer",
        expires_in = 3600
    });
});

app.Run();

ASP.NET Core Resource API

Complete example for validating hybrid tokens:

using System.Security.Cryptography;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using QuantumShield.Identity;

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddQuantumResilience()
    .AddAuthentication("Bearer")
    .AddJwtBearer("Bearer", options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            ValidateIssuerSigningKey = false, // We verify manually below
            ValidIssuer = "https://your-auth-server.com",
            ValidAudience = "https://your-api.com"
        };

        options.Events = new JwtBearerEvents
        {
            OnTokenValidated = async context =>
            {
                var hybrid = context.HttpContext.RequestServices
                    .GetRequiredService<HybridSignatureProvider>();

                // Load public keys (must match issuer's private keys)
                using var ecdsaPublic = LoadEcdsaPublicKey();
                var mldsaPublicPem = await LoadMldsaPublicKeyAsync();

                var token = context.SecurityToken.RawData;

                // Validate hybrid signatures
                if (!hybrid.ValidateHybridToken(token, ecdsaPublic, mldsaPublicPem))
                {
                    context.Fail("Hybrid signature validation failed.");
                    return;
                }

                // Token is valid - continue with normal JWT processing
            }
        };
    });

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapGet("/api/me", (ClaimsPrincipal user) => new
{
    user.Identity!.Name,
    Claims = user.Claims.Select(c => new { c.Type, c.Value })
})
.RequireAuthorization();

app.Run();

// Helper methods
ECDsa LoadEcdsaPublicKey()
{
    var keyBytes = /* Load from secure storage or configuration */;
    var ecdsa = ECDsa.Create();
    ecdsa.ImportSubjectPublicKeyInfo(keyBytes, out _);
    return ecdsa;
}

async Task<string> LoadMldsaPublicKeyAsync()
{
    return /* Load from secure storage or configuration */;
}

Multi-Tenant Support

For multi-tenant scenarios, maintain separate key pairs per tenant:

public class TenantKeyStore
{
    private readonly Dictionary<string, (ECDsa ecdsa, string mldsa)> _keys = new();

    public (ECDsa ecdsa, string mldsa) GetKeysForTenant(string tenantId)
    {
        if (!_keys.TryGetValue(tenantId, out var keys))
        {
            // Load or generate keys for tenant
            keys = LoadOrGenerateTenantKeys(tenantId);
            _keys[tenantId] = keys;
        }
        return keys;
    }
}

// In your token endpoint
app.MapPost("/connect/token", async (
    HttpContext context,
    HybridSignatureProvider hybrid,
    TenantKeyStore keyStore) =>
{
    var tenantId = context.Request.Headers["X-Tenant-Id"];
    var (ecdsa, mldsa) = keyStore.GetKeysForTenant(tenantId);

    var payload = new { sub = "user123", tenant = tenantId };
    var token = hybrid.CreateHybridToken(payload, ecdsa, mldsa);

    return Results.Ok(new { access_token = token });
});

Key Management Best Practices

  1. Use Hardware Security Modules (HSM) or cloud Key Management Services (KMS)
  2. Implement key rotation policies (rotate keys periodically)
  3. Store keys separately from application code (never commit to source control)
  4. Use environment-specific keys (dev, staging, production)
  5. Monitor key usage and implement alerting for suspicious activity
  6. Backup keys securely with proper access controls

Example with Azure Key Vault:

using Azure.Security.KeyVault.Keys;
using Azure.Security.KeyVault.Keys.Cryptography;

public class AzureKeyVaultKeyStore
{
    private readonly KeyClient _keyClient;

    public async Task<ECDsa> LoadEcdsaKeyAsync(string keyName)
    {
        var key = await _keyClient.GetKeyAsync(keyName);
        // Convert to ECDsa instance
    }

    public async Task<string> LoadMldsaKeyAsync(string keyName)
    {
        var secret = await _secretClient.GetSecretAsync(keyName);
        return secret.Value.Value; // PEM string
    }
}

🔒 Security Considerations

Hybrid Signature Requirement

The library requires both ECDSA and ML-DSA signatures to validate. This provides:

  • Backward compatibility: Classical systems can still verify ECDSA signatures
  • Forward security: Post-quantum protection via ML-DSA
  • Defense in depth: Both algorithms must be compromised for an attack

Key Security

  • Never hard-code keys in source code
  • Use secure key storage (HSM, KMS, Key Vault)
  • Implement key rotation policies
  • Monitor key access and usage
  • Use separate keys for different environments

Token Security

  • Set appropriate expiration times (exp claim)
  • Validate token lifetime on every request
  • Use HTTPS for all token transmission
  • Implement token revocation if needed
  • Monitor for suspicious activity

Platform Security

  • Keep OS updated for latest PQC support
  • Verify ML-DSA availability before deployment
  • Test on target platforms before production
  • Have fallback plans for unsupported platforms

Evolving Standards

ML-DSA (FIPS 204) is a NIST-selected standard, but the ecosystem is still maturing:

  • Monitor NIST guidance and updates
  • Stay informed about algorithm changes
  • Plan for potential migration paths
  • Test interoperability with other systems

⚡ Performance

Signature Sizes

Component Signature Size Notes
ECDSA P-256 ~64 bytes Compact, widely supported
ML-DSA-65 ~3,300 bytes Larger but quantum-resistant
Hybrid JWT ~3,364 bytes ECDSA signature + pq-sig claim

Performance Characteristics

Typical performance on modern hardware:

  • ECDSA Signing: ~0.1ms per operation
  • ML-DSA Signing: ~1-5ms per operation (varies by platform)
  • Hybrid Token Creation: ~1-6ms total
  • Hybrid Token Validation: ~1-6ms total

Note: Performance varies significantly based on:

  • Platform (Windows vs Linux)
  • Hardware (CPU capabilities)
  • OS crypto provider version
  • System load

Use the included CLI tool to benchmark on your specific hardware:

dotnet run --project QuantumShield.Identity.CLI
# Select option 4: Benchmark

Optimization Tips

  1. Cache public keys - Don't reload keys on every request
  2. Use async operations - Don't block threads during key operations
  3. Consider key caching - Cache MLDsa instances when possible
  4. Monitor performance - Track token creation/validation times
  5. Scale horizontally - Stateless design supports load balancing

🐛 Troubleshooting

Common Issues

"ML-DSA is not supported on this platform"

Cause: Your OS doesn't have PQC support enabled.

Solutions:

  • Upgrade to Windows 11+ or Windows Server 2025
  • On Linux, ensure OpenSSL 3.5+ is installed
  • Check MLDsa.IsSupported before using ML-DSA operations
"ML-DSA signature validation failed"

Cause: The ML-DSA signature doesn't match the payload.

Solutions:

  • Ensure you're using the correct public key (matches the private key used for signing)
  • Verify the token hasn't been tampered with
  • Check that you're validating against the original payload (without pq-sig)
"Token payload does not contain pq-sig claim"

Cause: The token wasn't created with CreateHybridToken or the pq-sig claim was removed.

Solutions:

  • Ensure tokens are created using HybridSignatureProvider.CreateHybridToken
  • Don't manually modify tokens after creation
  • Verify token format is correct (3 dot-separated parts)
"Failed to Base64URL-decode"

Cause: Invalid Base64URL encoding in the token.

Solutions:

  • Verify token format is correct
  • Check for token corruption during transmission
  • Ensure proper encoding/decoding of token parts

Debugging

Enable detailed logging to troubleshoot issues:

builder.Services.AddLogging(builder =>
{
    builder.AddConsole();
    builder.SetMinimumLevel(LogLevel.Debug); // Enable debug logs
});

The library logs:

  • Key generation operations
  • Token creation events
  • Validation results (success/failure)
  • Error details with stack traces

Getting Help

If you encounter issues:

  1. Check the logs - Enable debug logging to see detailed information
  2. Verify platform support - Ensure MLDsa.IsSupported is true
  3. Test with CLI - Use the included CLI tool to isolate the issue
  4. Open an issue - Provide:
    • OS version and .NET version
    • Full error message and stack trace
    • Minimal reproduction code
    • Log output (with sensitive data redacted)

🤝 Contributing

Contributions are welcome! Here's how you can help:

Reporting Issues

  • Bug reports: Open an issue with:

    • Clear description of the problem
    • Steps to reproduce
    • Expected vs actual behavior
    • Environment details (OS, .NET version, etc.)

  • Feature requests: Describe the use case and proposed solution

  • Security issues: Do not open public issues. Contact maintainers privately.

Submitting Pull Requests

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Make your changes with clear, focused commits
  4. Add tests for new functionality
  5. Update documentation as needed
  6. Ensure code builds on .NET 10 SDK
  7. Submit the PR with a clear description

Code Standards

  • Follow C# coding conventions
  • Use XML comments for public APIs
  • Write unit tests for new features
  • Keep commits small and focused
  • Update README for user-facing changes

Development Setup

# Clone the repository
git clone https://github.com/FarhanLodi/QuantumShield.Identity.git
cd QuantumShield.Identity

# Restore dependencies
dotnet restore

# Build the solution
dotnet build

# Run tests (if available)
dotnet test

# Run the CLI tool
dotnet run --project QuantumShield.Identity.CLI

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

  • Built on .NET 10 post-quantum cryptography support
  • Uses ML-DSA-65 (FIPS 204) - NIST-selected post-quantum algorithm
  • Inspired by hybrid cryptography best practices

📞 Support & Feedback

<div align="center">

Made with ❤️ for the .NET community

⭐ Star us on GitHub | 📦 NuGet Package | 🐛 Report Bug

</div>

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 99 1/17/2026