====== CryptoMode Enum ======

Defines the cryptographic mode for all operations.

----

===== Definition =====

<code csharp>
namespace WvdS.System.Security.Cryptography

public enum CryptoMode
</code>

----

===== Fields =====

^  Name  ^  Value  ^  Description  ^
| Classic | 0 | Classic algorithms only (RSA, ECDSA). No PQ extensions. |
| Hybrid | 1 | Classic + PQ combined. RSA/ECDSA signature plus ML-DSA signature. **Recommended.** |
| PostQuantum | 2 | PQ algorithms only (ML-DSA, ML-KEM). No classic algorithms. |

----

===== Remarks =====

==== Classic ====

Uses only standard .NET cryptography. No change to the behavior of extended methods.

==== Hybrid ====

Creates hybrid signatures and certificates:
  * Classic signature (RSA/ECDSA) for backward compatibility
  * PQ signature (ML-DSA) as X.509 extension

Classic clients can validate hybrid certificates (ignoring the PQ extension).

==== PostQuantum ====

Uses exclusively PQ algorithms. Only for environments where all participants are PQ-capable.

----

===== Example =====

<code csharp>
using WvdS.System.Security.Cryptography;

// Set globally
CryptoConfig.DefaultMode = CryptoMode.Hybrid;

// Or per operation
var cert = request.CreateSelfSigned(
    notBefore,
    notAfter,
    CryptoMode.PostQuantum);
</code>

----

===== See Also =====

  * [[.:cryptoconfig|CryptoConfig Class]]
  * [[.:start|API Overview]]

{{tag>enum cryptomode}}

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//