SecureShield.Encryption 1.0.0

.NET 8.0

dotnet add package SecureShield.Encryption --version 1.0.0

NuGet\Install-Package SecureShield.Encryption -Version 1.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="SecureShield.Encryption" Version="1.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="SecureShield.Encryption" Version="1.0.0" />
                    

                            Directory.Packages.props

<PackageReference Include="SecureShield.Encryption" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add SecureShield.Encryption --version 1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: SecureShield.Encryption, 1.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package SecureShield.Encryption@1.0.0

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=SecureShield.Encryption&version=1.0.0
                    

                            Install as a Cake Addin

#tool nuget:?package=SecureShield.Encryption&version=1.0.0
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

SecureShield

SecureShield is a modular ASP.NET Core security framework for .NET 8. It is split into small packages so teams can enable only the features they need, or use SecureShield.Extensions as an aggregate package for one-line setup.

Projects

SecureShield.Core: builder contracts, feature flags, shared response models, correlation helpers
SecureShield.Headers: configurable security headers middleware
SecureShield.ExceptionHandling: standardized JSON exception responses with structured logging
SecureShield.Masking: compiled-regex masking provider for logs and diagnostics
SecureShield.ThreatDetection: configurable SQL injection, XSS, and script detection rules
SecureShield.Validation: payload size, header, and content-type validation
SecureShield.RateLimiting: per-client and per-endpoint sliding-window rate limiting
SecureShield.Encryption: application-layer request decryption and response encryption
SecureShield.Logging: logging constants and integration hooks
SecureShield.Configuration: appsettings model
SecureShield.Extensions: aggregate registration and middleware forwarding
SecureShield.SampleApi: minimal API sample
SecureShield.Tests: xUnit and FluentAssertions coverage

Installation

Reference the aggregate package:

dotnet add package SecureShield.Extensions

Or reference individual modules, for example:

dotnet add package SecureShield.Headers
dotnet add package SecureShield.RateLimiting

Usage

using SecureShield.Encryption.Options;
using SecureShield.Extensions;
using SecureShield.RateLimiting.Options;

builder.Services.AddSecureShield(options =>
{
    options.AddSecurityHeaders();
    options.AddExceptionHandling();
    options.AddThreatDetection();
    options.AddRequestValidation();
    options.AddSensitiveDataMasking();
    options.AddPayloadEncryption(encryption =>
    {
        encryption.Algorithm = EncryptionAlgorithm.AES256;
        encryption.KeyEnvironmentVariable = "SECURESHIELD_ENCRYPTION_KEY";
    });
    options.AddRateLimiting(rateLimit =>
    {
        rateLimit.Strategy = RateLimitStrategy.ClientId;
        rateLimit.ClientIdHeader = "X-Client-Id";
        rateLimit.RequestsPerSecond = 10;
    });
});

app.UseSecureShield();

Selective middleware usage is also supported:

app.UseSecurityHeaders();
app.UseRateLimiting();
app.UsePayloadEncryption();

Configuration

{
  "SecureShield": {
    "Headers": {
      "Enabled": true,
      "OverwriteExistingHeaders": false
    },
    "ThreatDetection": {
      "Enabled": true,
      "BlockRequests": true
    },
    "Validation": {
      "Enabled": true,
      "MaxPayloadBytes": 1048576
    },
    "Encryption": {
      "Enabled": true,
      "Algorithm": "AES256",
      "KeyEnvironmentVariable": "SECURESHIELD_ENCRYPTION_KEY"
    },
    "RateLimiting": {
      "Enabled": true,
      "Strategy": "ClientId",
      "ClientIdHeader": "X-Client-Id",
      "RequestsPerSecond": 10
    }
  }
}

Future per-client settings are modeled through dictionaries:

{
  "SecureShield": {
    "RateLimiting": {
      "Clients": {
        "APP_A": { "RequestsPerSecond": 10 },
        "APP_B": { "RequestsPerSecond": 50 }
      }
    },
    "Encryption": {
      "Clients": {
        "APP_A": { "KeyId": "key-a", "KeyEnvironmentVariable": "APP_A_KEY" },
        "APP_B": { "KeyId": "key-b", "KeyEnvironmentVariable": "APP_B_KEY" }
      }
    }
  }
}

Middleware Order

UseSecureShield() applies:

Exception Handling
Payload Decryption
Rate Limiting
Threat Detection
Request Validation
Sensitive Data Masking
Controllers / Endpoints
Response Encryption
Security Headers

Rate Limiting

The implemented strategy is ClientId. The rate-limit key is:

{ClientId}:{Endpoint}

Example: APP_A:/api/payment

The sliding-window limiter stores active windows in IMemoryCache and protects each key with a per-key semaphore for concurrent request safety. Storage is abstracted with IRateLimitStore for later Redis, distributed cache, or database-backed implementations.

When the limit is exceeded:

{
  "success": false,
  "message": "Rate limit exceeded",
  "retryAfter": 1
}

Payload Encryption

SecureShield performs application-layer encryption in addition to HTTPS. AES-256 is implemented with random IVs and HMAC authentication. Keys are resolved from environment variables or per-client key configuration; no keys are hardcoded.

Request:

{
  "payload": "ENCRYPTED_BASE64_STRING",
  "keyId": "optional-key-id"
}

Response:

{
  "payload": "ENCRYPTED_RESPONSE",
  "keyId": "optional-key-id"
}

Architecture is prepared for AES256GCM and RSAHybrid through EncryptionAlgorithm and IEncryptionProvider.

Sensitive Data Masking

Masking is intentionally limited to logs, monitoring, audit trails, diagnostics, and exception handling. It does not modify business request or response payloads. Default compiled regex rules cover PAN, Aadhaar, mobile numbers, emails, JWTs, and authorization headers.

NuGet Publishing

Build and test:

dotnet test SecureShield.sln

Create packages:

dotnet pack SecureShield.sln -c Release

Publish one package:

dotnet nuget push SecureShield.Extensions/bin/Release/SecureShield.Extensions.1.0.0.nupkg --api-key <NUGET_API_KEY> --source https://api.nuget.org/v3/index.json

Package metadata is centralized in Directory.Build.props with semantic versioning, XML documentation, tags, license metadata, and README packaging.

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- SecureShield.Core (>= 1.0.0)

NuGet packages (2)

Showing the top 2 NuGet packages that depend on SecureShield.Encryption:

Package	Downloads
SecureShield.Configuration Modular ASP.NET Core security middleware framework for .NET 8.	100
SecureShield.Extensions Modular ASP.NET Core security middleware framework for .NET 8.	95

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.0	122	5/17/2026