====== WvdS.System.Security.Cryptography.Encryption Namespace ======

Contains classes for symmetric encryption with PQ key derivation.

----

===== Classes =====

^  Class  ^  Description  ^
| [[.:symmetricencryptionextensions|SymmetricEncryptionExtensions]] | AES-GCM encryption with PQ keys |
| [[.:hybridencrypteddata|HybridEncryptedData]] | Container for hybrid-encrypted data |
| [[.:pqcrypto|PqCrypto]] | Convenience API for PQ encryption |

----

===== Encryption Methods =====

^  Method  ^  Description  ^
| EncryptWithPqKey | AES-GCM with PQ-derived key |
| EncryptHybrid | RSA-OAEP + ML-KEM hybrid |
| EncryptEcdhPq | ECDH + ML-KEM hybrid |
| EncryptAesGcm | Standard AES-256-GCM |

----

===== Encryption Format =====

<code>
+------------------------------------------+
| AES-GCM Encrypted Data                   |
+------------------------------------------+
| [12 Bytes] Nonce (IV)                    |
| [n Bytes]  Ciphertext                    |
| [16 Bytes] Authentication Tag            |
+------------------------------------------+
</code>

----

===== Example =====

<code csharp>
using WvdS.System.Security.Cryptography.Encryption;
using WvdS.System.Security.Cryptography.KeyExchange;

// Shared secret from key exchange
byte[] sharedSecret = session.SharedSecret;

// Encrypt
byte[] plaintext = Encoding.UTF8.GetBytes("Secret message");
byte[] encrypted = SymmetricEncryptionExtensions.EncryptWithPqKey(
    plaintext, sharedSecret);

// Decrypt
byte[] decrypted = SymmetricEncryptionExtensions.DecryptWithPqKey(
    encrypted, sharedSecret);
</code>

----

===== See Also =====

  * [[..:keyexchange:start|KeyExchange Namespace]]
  * [[..:keyderivation:start|KeyDerivation Namespace]]
  * [[en:int:pqcrypt:api:start|API Overview]]

{{tag>namespace encryption aes-gcm}}

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//