SecurityHelperLibrary 2.0.3
.NET 8.0
This package targets .NET 8.0. The package is compatible with this framework or higher.
.NET Framework 4.8.1
This package targets .NET Framework 4.8.1. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet add package SecurityHelperLibrary --version 2.0.3
NuGet\Install-Package SecurityHelperLibrary -Version 2.0.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="SecurityHelperLibrary" Version="2.0.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="SecurityHelperLibrary" Version="2.0.3" />
<PackageReference Include="SecurityHelperLibrary" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add SecurityHelperLibrary --version 2.0.3
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: SecurityHelperLibrary, 2.0.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package SecurityHelperLibrary@2.0.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=SecurityHelperLibrary&version=2.0.3
#tool nuget:?package=SecurityHelperLibrary&version=2.0.3
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
SecurityHelperLibrary v2.0.0
A comprehensive C# library for secure password hashing, symmetric encryption, and cryptographic operations.
Multi-targeted for .NET Framework 4.8.1 and .NET 8.0, with modern secure-memory APIs and conditional AES-GCM support.
โจ Key Features (v2.0.0)
- PBKDF2 Hashing: SHA256, SHA384, SHA512 with configurable iterations
- Argon2 Hashing: Modern password hashing using Argon2id (recommended for new projects)
- HMAC Generation: Support for HMAC-SHA256, HMAC-SHA384, HMAC-SHA512
- AES-GCM Encryption (.NET 6+): Authenticated encryption with Galois/Counter Mode
- Span-based Secure APIs: Low-alloc password handling with
ReadOnlySpan<char>andSpan<char> - Secure Memory Clearing: Zero out sensitive data (passwords, keys) from memory
- Fixed-Time Comparison: Timing-attack resistant hash comparison
- Cross-Framework Support: net481 (with graceful fallbacks) and net8.0
๐ Breaking Changes in v2.0.0
ISecurityHelperinterface now includes new methods (Span APIs, Argon2, etc.)- AES-GCM methods throw
NotSupportedExceptionon .NET Framework 4.8.1 - Added required parameter
iterationCountto PBKDF2 methods (was optional in v1)
๐ฆ Installation
Add from local NuGet or via command line:
dotnet add package SecurityHelperLibrary
Or manually add to .csproj:
<ItemGroup>
<PackageReference Include="SecurityHelperLibrary" Version="2.0.0" />
</ItemGroup>
๐ Usage Examples
1. Password Hashing with PBKDF2
Legacy approach (v1 compatibility):
using SecurityHelperLibrary;
var helper = new SecurityHelper();
// Hash a password
byte[] salt = helper.GenerateSalt(16);
string passwordHash = helper.HashPasswordWithPBKDF2("MyPassword123", salt, 10000);
// Later, verify the password
bool isValid = helper.VerifyPasswordWithPBKDF2("MyPassword123", passwordHash);
Modern Span-based approach (v2, recommended):
using SecurityHelperLibrary;
var helper = new SecurityHelper();
// Secure handling with Span<char>
ReadOnlySpan<char> password = "MyPassword123".AsSpan();
byte[] salt = helper.GenerateSalt(16);
// Hash password without full string allocation
string passwordHash = helper.HashPasswordWithPBKDF2Span(password, salt, 10000);
// Verify and automatically clear the span
bool isValid = helper.VerifyPasswordWithPBKDF2Span(password, passwordHash);
// Optional: explicitly clear sensitive data
Span<char> sensitiveBuffer = new char[100];
// ... use sensitiveBuffer ...
helper.ClearSensitiveData(sensitiveBuffer); // Securely zero out
2. Argon2 Hashing (Recommended for New Applications)
using SecurityHelperLibrary;
var helper = new SecurityHelper();
// Hash password with Argon2id (modern, resistant to GPU attacks)
string argonHash = helper.HashPasswordWithArgon2("MyPassword123");
// Verify
bool isValid = helper.VerifyPasswordWithArgon2("MyPassword123", argonHash);
Argon2 vs PBKDF2:
- Argon2: Modern, memory-hard, GPU-resistant (use for new projects)
- PBKDF2: Simpler, standardized, suitable for strict security policies
3. AES-GCM Symmetric Encryption (.NET 6+)
using SecurityHelperLibrary;
var helper = new SecurityHelper();
// Generate a symmetric key
byte[] key = helper.GenerateSymmetricKey(32); // 256-bit key
// Encrypt a string
string plaintext = "Sensitive data to encrypt";
string encrypted = helper.EncryptStringGCM(plaintext, key);
Console.WriteLine($"Encrypted: {encrypted}");
// Decrypt
string decrypted = helper.DecryptStringGCM(encrypted, key);
Console.WriteLine($"Decrypted: {decrypted}");
Note: AES-GCM is only available on .NET 6+. Using on .NET Framework 4.8.1 throws
NotSupportedException.
4. HMAC Generation and Verification
using SecurityHelperLibrary;
var helper = new SecurityHelper();
string data = "Message to authenticate";
byte[] key = helper.GenerateSymmetricKey(32);
// Compute HMAC-SHA256
string hmac = helper.ComputeHMAC(data, key, HmacAlgorithm.SHA256);
// Use for integrity checks
bool isIntact = hmac == helper.ComputeHMAC(data, key, HmacAlgorithm.SHA256);
5. Hash Computation (SHA256, SHA384, SHA512)
using SecurityHelperLibrary;
var helper = new SecurityHelper();
string data = "Data to hash";
// Compute SHA256 hash
string hash256 = helper.ComputeHash(data, HashAlgorithm.SHA256);
string hash384 = helper.ComputeHash(data, HashAlgorithm.SHA384);
string hash512 = helper.ComputeHash(data, HashAlgorithm.SHA512);
// Verify hash (fixed-time comparison to prevent timing attacks)
bool isValid = helper.VerifyHash(data, hash256, HashAlgorithm.SHA256);
6. Secure Memory Management
using SecurityHelperLibrary;
var helper = new SecurityHelper();
// Working with byte arrays
byte[] sensitiveBytes = new byte[128];
// ... use sensitiveBytes ...
helper.ClearSensitiveData(sensitiveBytes); // Securely zeros the array
// Working with character spans
Span<char> password = new char[50];
// ... use password ...
helper.ClearSensitiveData(password); // Securely zeros the span
๐ง API Reference
Core Methods
| Method | Description | Returns |
|---|---|---|
GenerateSalt(int length) |
Generates cryptographically random salt | byte[] |
GenerateSymmetricKey(int length) |
Generates symmetric encryption key | byte[] |
ComputeHash(string data, HashAlgorithm algo) |
Computes hash (SHA256/384/512) | string |
ComputeHMAC(string data, byte[] key, HmacAlgorithm algo) |
Computes HMAC | string |
PBKDF2 Methods
| Method | Description |
|---|---|
HashPasswordWithPBKDF2(string password, byte[] salt, int iterations) |
Hash password with PBKDF2 |
HashPasswordWithPBKDF2Span(ReadOnlySpan<char> password, byte[] salt, int iterations) |
Span-based PBKDF2 hashing (low-alloc) |
VerifyPasswordWithPBKDF2(string password, string hash) |
Verify PBKDF2 hash |
VerifyPasswordWithPBKDF2Span(ReadOnlySpan<char> password, string hash) |
Span-based PBKDF2 verification |
Argon2 Methods
| Method | Description |
|---|---|
HashPasswordWithArgon2(string password) |
Hash password with Argon2id (recommended) |
VerifyPasswordWithArgon2(string password, string hash) |
Verify Argon2 hash |
AES-GCM Methods (.NET 6+)
| Method | Description | Platforms |
|---|---|---|
EncryptStringGCM(string plaintext, byte[] key) |
Encrypt with AES-GCM | .NET 6+ |
DecryptStringGCM(string ciphertext, byte[] key) |
Decrypt AES-GCM ciphertext | .NET 6+ |
Utility Methods
| Method | Description |
|---|---|
ClearSensitiveData(byte[] data) |
Securely zero out byte array |
ClearSensitiveData(Span<char> data) |
Securely zero out character span |
FixedTimeEquals(string a, string b) |
Timing-attack resistant string comparison |
๐งช Testing
Run unit tests for both target frameworks:
dotnet build
dotnet test
Tests are located in SecurityHelperLibrary.Tests project and cover:
- โ All hashing algorithms (SHA256, SHA384, SHA512)
- โ PBKDF2 with multiple iterations
- โ Argon2 hashing and verification
- โ HMAC generation and verification
- โ AES-GCM encryption/decryption (.NET 8 only)
- โ Secure memory operations
- โ Span-based low-alloc APIs
- โ Async password hashing methods
๐๏ธ Building the Package
Build the project and create a NuGet package:
dotnet build -c Release
dotnet pack -c Release
Output: bin/Release/SecurityHelperLibrary.2.0.0.nupkg
๐ Requirements
- .NET Framework 4.8.1 or .NET 8.0
- NuGet Dependencies:
Isopoh.Cryptography.Argon2
๐ License
See LICENSE.txt for details.
๐ Security Notes
- Use Argon2 for new applications (GPU-resistant, memory-hard)
- Use Span-based APIs to minimize string allocations in memory
- Always call
ClearSensitiveData()after using sensitive data - Use AES-GCM for authenticated encryption (requires .NET 6+)
- Use fixed-time comparison (
FixedTimeEquals) to prevent timing attacks - Generate new salts for each password
๐ Support
For issues, questions, or contributions, please visit the repository.
Version: 2.0.0
Last Updated: February 1, 2026
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
| .NET Framework | net481 is compatible. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
.NETFramework 4.8.1
- Isopoh.Cryptography.Argon2 (>= 2.0.0)
-
net8.0
- Isopoh.Cryptography.Argon2 (>= 2.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.