SecureGrpc 1.0.0

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package SecureGrpc --version 1.0.0
                    


                    

                
NuGet\Install-Package SecureGrpc -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SecureGrpc" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="SecureGrpc" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="SecureGrpc" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add SecureGrpc --version 1.0.0
                    


                    

                
#r "nuget: SecureGrpc, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package SecureGrpc@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=SecureGrpc&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=SecureGrpc&version=1.0.0
                    


                            Install as a Cake Tool

SecureGrpc 🔐

NuGet Build Status License: MIT

SECURITY UPDATE: This library has been migrated from the vulnerable Grpc.Core to the secure Grpc.Net.Client 2.65.0. All known vulnerabilities (CVE-2023-32731, CVE-2023-33953) have been fixed!

Post-quantum secure gRPC communication made ridiculously easy!

SecureGrpc provides transparent end-to-end encryption for gRPC using state-of-the-art cryptography:

  • 🛡️ ML-KEM (Kyber-768) - Post-quantum secure key encapsulation
  • 🔑 Diffie-Hellman - Classic perfect forward secrecy
  • 🔒 AES-256-GCM - Authenticated encryption

Installation

dotnet add package SecureGrpc

Quick Start

Server

using SecureGrpc;

// One line to create a secure server!
using var server = Secure.Server(5001)
    .OnMessage(data => {
        Console.WriteLine($"Received: {Encoding.UTF8.GetString(data)}");
        return Encoding.UTF8.GetBytes("Hello from server!");
    })
    .Start();

Client

using SecureGrpc;

// One line to create a secure client!
using var client = Secure.Client("localhost", 5001);

// Send messages - automatically encrypted!
var response = await client.SendAsync("Hello server!");
Console.WriteLine($"Server said: {response}");

Middleware Integration

Add encryption to existing gRPC services

// Server-side (using ASP.NET Core)
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddGrpc()
    .AddSecureGrpc();  // Add this line!
builder.Services.AddSingleton<YourServiceImpl>();

var app = builder.Build();
app.MapGrpcService<YourServiceImpl>();
app.Run();

// Client-side  
var channel = GrpcChannel.ForAddress("https://localhost:5001")
    .WithEncryption();  // Add this line!
var client = new YourService.YourServiceClient(channel);

Fluent API

var channel = "localhost".CreateSecureChannel(5001)
    .WithHttpClient()
    .Build();

Features

No Security Vulnerabilities - Using secure Grpc.Net.Client 2.65.0
Zero Configuration - Works out of the box
Post-Quantum Secure - Resistant to quantum computer attacks
Perfect Forward Secrecy - Past sessions remain secure
Automatic Key Management - No manual key handling
Session Management - Automatic session creation and reuse
Cross-Language Compatible - Implement the protocol in any language

How It Works

  1. Automatic Key Exchange: Client and server automatically perform a hybrid key exchange using both ML-KEM and Diffie-Hellman
  2. Session Establishment: A secure session is created with a unique shared secret
  3. Transparent Encryption: All messages are automatically encrypted with AES-256-GCM
  4. Zero Trust: Each session uses unique keys derived from the shared secret

Performance

  • Key Exchange: ~50ms (one-time per session)
  • Encryption/Decryption: <1ms per message
  • Memory Overhead: ~10KB per session

Security Details

Cryptographic Algorithms

  • Key Exchange: ML-KEM-768 (Kyber) + DH-2048
  • Encryption: AES-256-GCM with 128-bit tags
  • Key Derivation: HMAC-SHA256
  • Random: Cryptographically secure RNG

Threat Model

SecureGrpc protects against:

  • 🔍 Eavesdropping (including by quantum computers)
  • 🔄 Man-in-the-middle attacks (with proper certificate validation)
  • 📝 Message tampering
  • 🔙 Replay attacks

Advanced Usage

Custom Message Handlers

var server = Secure.Server(5001)
    .OnMessage(async data => {
        // Async processing
        await ProcessDataAsync(data);
        return responseData;
    })
    .Start();

Multiple Clients

var client1 = Secure.Client("server1", 5001);
var client2 = Secure.Client("server2", 5002);

// Each client maintains its own secure session
await Task.WhenAll(
    client1.SendAsync("Hello server 1"),
    client2.SendAsync("Hello server 2")
);

Testing

# Run all tests
dotnet test

# Run with coverage
dotnet test --collect:"XPlat Code Coverage"

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

MIT License - see LICENSE for details.

Acknowledgments

  • BouncyCastle for cryptographic implementations
  • gRPC for the RPC framework
  • NIST for standardizing ML-KEM

Made with ❤️ for developers who care about security

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 78 8/3/2025