SecurePasswordCrypt 1.0.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package SecurePasswordCrypt --version 1.0.0
                    


                    

                
NuGet\Install-Package SecurePasswordCrypt -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SecurePasswordCrypt" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="SecurePasswordCrypt" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="SecurePasswordCrypt" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add SecurePasswordCrypt --version 1.0.0
                    


                    

                
#r "nuget: SecurePasswordCrypt, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package SecurePasswordCrypt@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=SecurePasswordCrypt&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=SecurePasswordCrypt&version=1.0.0
                    


                            Install as a Cake Tool

SecurePasswordCrypt

A secure and reusable C# library that provides password hashing, AES-GCM encryption, and password verification. Useful for scenarios where storing or using plaintext passwords (e.g., in connection strings) is a risk.

Features

  • AES-GCM encryption with authentication tag
  • PBKDF2 (Rfc2898) key derivation
  • SHA-256-based password hashing
  • Secure password verification (constant time)
  • Easy-to-integrate as a class library or NuGet package
  • Fully self-contained, no external dependencies

Installation

Option 1: Add as Project Reference (only if you have access to source code)

dotnet add reference ../SecurePasswordCrypt/SecurePasswordCrypt.csproj

Option 2: Use as NuGet Package

dotnet add package SecurePasswordCrypt

How It Works

AES-GCM Encryption

AES-GCM is used for encrypting plaintext securely using:

  • Random 128-bit salt
  • Random 96-bit nonce
  • 100,000 PBKDF2 iterations for key derivation
  • Authentication tag for tamper protection

The result is encoded as Base64, containing:

[salt | nonce | tag | ciphertext]

Password Hashing

Passwords are hashed using PBKDF2 (HMAC-SHA256) and stored in the format:

[salt + derived key] as Base64

This can be verified later using constant-time comparison.

Example Usage

Encrypt / Decrypt a password or connection string

string plainText = "MySecretPassword!";
string password = "SuperSecureKey123";

string encrypted = CryptoService.Encrypt(plainText, password);
string decrypted = CryptoService.Decrypt(encrypted, password);

Hash a password (for storage)

string password = "user_password";
string hashed = CryptoService.HashPassword(password);

// Save to DB

Verify a user login

bool isValid = CryptoService.VerifyPassword("user_input", storedHash);

API Overview

public static class CryptoService
{
    string Encrypt(string plaintext, string password)
    string Decrypt(string base64CipherText, string password)
    string HashPassword(string password)
    bool   VerifyPassword(string password, string storedHash)
}

Use Cases

  • Secure connection strings for background jobs or CI/CD
  • Encrypted configuration values
  • Custom authentication flows
  • Secrets stored in local config (securely)

Security Notes

  • Never hard-code encryption keys or passwords
  • Store secrets using secure mechanisms (e.g., environment variables, vaults)
  • Always use a unique salt per password
  • Don't use this library for token signing (use asymmetric keys instead)

Author

Developed by Alwil17 � feel free to fork, improve, and share!

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 145 4/6/2025