Implmemented in C# to match up with the Java/Python/C++ Keyczar standard features and will interoperate with them by default, however also has stronger crypto and more flexable features when compatiblity is not necessary. Uses BouncyCastle as backend for most encryption.
- Keyczar-dotnet: http://jbtule.github.io/keyczar-dotnet
- Official keyczar site: http://keyczar.org
KeyczarTool.exe
provides the primary mechanism for creating and managing keysets.
Calling KeyczarTool.exe
from the commandline without flags will display usage.
See Wiki for more info.
- .NET 4 and .NET Standard 2.0
Source code can be obtained with
git clone --recursive https://github.com/jbtule/keyczar-dotnet.git
Source can be built with msbuild, Rider, or Visual Studio. .
Windows | Linux |
---|---|
- Should interoperate with java/python/c++ with offical api how ever the offical versions of keyczar are very behind in crypto algorithms. If you don't need compatiblity I recommend using the unofficial key types.
- Unofficial/incompatible api changes are under the unofficial names space to be clear what is provided that won't interoperate with java/python/c++.
- MutableKeySet is only backward compatible with official keysets stores when reading keys. While it will store the keys differently than official keyczar, it still can produce and decrypt ciphertext compatible with official keyczar.
- Unofficial algorithms included are AES-GCM (
KeyType=C#_AES_AEAD
), RSA-PSS (KeyType=C#_RSA_SIGN_PRIV
),HMAC-SHA2 (KeyType=C#_HMAC_SHA2
), and AES-HMAC-SHA2 (KeyType=C#_HMAC_SHA2
). To use them use unofficial flag on the KeyczarTool. - If you have an existing keyset and you didn't create with the --unofficial flag,
--force
will be required to add an unofficial key type. VanillaSigner
andVanillaVerifier
are feature identical to java/python/c++UnversionedSigner
andUnversionVerifer
- The Functionality of java/python/c++
SessionEncrypter
,SessionDecrypter
,SignedSessionEncrypter
, andSignedSessionDecrypter
are provided by the C#SessionCrypter
via constructor arguments. - You can use the AppSetting
keyczar.strict_dsa_verification
if you don't need java Keyczar compatiblity and need stricter verification of dsa sigs.