====== Verschlüsselung ======

Kompakte Beispiele für Verschlüsselung. → **Details:** [[de:int:pqcrypt:szenarien:verschluesselung:start|Verschlüsselung-Szenarien]]

----

===== ML-KEM Key Encapsulation =====

<code csharp>
// Empfänger: Schlüsselpaar generieren
using var mlKem = MlKem.Create(MlKemParameterSet.MlKem768);
byte[] publicKey = mlKem.ExportPublicKey();

// Sender: Shared Secret kapseln
var encap = MlKem.Encapsulate(publicKey);
byte[] ciphertext = encap.Ciphertext;
byte[] senderSecret = encap.SharedSecret;

// Empfänger: Shared Secret dekapseln
byte[] receiverSecret = mlKem.Decapsulate(ciphertext);
// senderSecret == receiverSecret
</code>

→ **Details:** [[de:int:pqcrypt:szenarien:verschluesselung:key_encapsulation|Key Encapsulation]]

----

===== Hybrid Key Exchange =====

<code csharp>
// ECDH + ML-KEM kombiniert
using var hybrid = HybridKeyExchange.Create(
    ECCurve.NamedCurves.nistP384,
    MlKemParameterSet.MlKem768);

byte[] publicKey = hybrid.ExportPublicKey();

// Sender
var encap = HybridKeyExchange.Encapsulate(publicKey);
byte[] sharedSecret = encap.SharedSecret; // 64 Bytes (32 ECDH + 32 ML-KEM)
</code>

→ **Details:** [[de:int:pqcrypt:szenarien:verschluesselung:hybrid_encryption|Hybrid-Verschlüsselung]]

----

===== AES-256-GCM =====

<code csharp>
// Key aus Shared Secret ableiten
byte[] aesKey = KeyDerivationExtensions.DeriveKey(
    sharedSecret, outputLength: 32,
    info: Encoding.UTF8.GetBytes("AES-256-GCM"));

// Verschlüsseln
using var aes = new OpenSslAesGcm(aesKey);
byte[] nonce = RandomNumberGenerator.GetBytes(12);
byte[] ciphertext = new byte[plaintext.Length];
byte[] tag = new byte[16];

aes.Encrypt(nonce, plaintext, ciphertext, tag);

// Entschlüsseln
byte[] decrypted = new byte[ciphertext.Length];
aes.Decrypt(nonce, ciphertext, tag, decrypted);
</code>

→ **Details:** [[de:int:pqcrypt:szenarien:verschluesselung:file_encryption|Dateiverschlüsselung]]

----

===== Kompletter Workflow =====

<code csharp>
// 1. Key Exchange
using var mlKem = MlKem.Create(MlKemParameterSet.MlKem768);
var encap = MlKem.Encapsulate(mlKem.ExportPublicKey());

// 2. Key Derivation
byte[] key = KeyDerivationExtensions.DeriveKey(
    encap.SharedSecret, 32, info: "encryption"u8.ToArray());

// 3. Encryption
using var aes = new OpenSslAesGcm(key);
// ... encrypt
</code>

----

===== Algorithmen =====

^  Algorithmus  ^  Schlüssel  ^  Sicherheit  ^
| ML-KEM-512 | 800 B pub / 1632 B priv | Level 1 |
| ML-KEM-768 | 1184 B pub / 2400 B priv | Level 3 |
| ML-KEM-1024 | 1568 B pub / 3168 B priv | Level 5 |
| AES-256-GCM | 256 Bit | 256 Bit |

----

<< [[.:start|← Kurzreferenz]] | [[de:int:pqcrypt:szenarien:verschluesselung:start|→ Verschlüsselung-Szenarien (Details)]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>kurzreferenz verschluesselung ml-kem aes-gcm hybrid}}